function photos_post(&$a)
{
logger('mod-photos: photos_post: begin', LOGGER_DEBUG);
logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA);
logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA);
$ph = photo_factory('');
$phototypes = $ph->supportedTypes();
$can_post = false;
$page_owner_uid = $a->data['channel']['channel_id'];
if (perm_is_allowed($page_owner_uid, get_observer_hash(), 'write_storage')) {
$can_post = true;
}
if (!$can_post) {
notice(t('Permission denied.') . EOL);
if (is_ajax()) {
killme();
}
return;
}
$s = abook_self($page_owner_uid);
if (!$s) {
notice(t('Page owner information could not be retrieved.') . EOL);
logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid);
if (is_ajax()) {
killme();
}
return;
}
$owner_record = $s[0];
$acl = new AccessList($a->data['channel']);
if (argc() > 3 && argv(2) === 'album') {
$album = hex2bin(argv(3));
if ($album === t('Profile Photos')) {
// not allowed
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
if (!photos_album_exists($page_owner_uid, $album)) {
notice(t('Album not found.') . EOL);
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
/*
* RENAME photo album
*/
$newalbum = notags(trim($_REQUEST['albumname']));
if ($newalbum != $album) {
// @fixme - syncronise with DAV or disallow completely
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
// $x = photos_album_rename($page_owner_uid,$album,$newalbum);
// if($x) {
// $newurl = str_replace(bin2hex($album),bin2hex($newalbum),$_SESSION['photo_return']);
// goaway($a->get_baseurl() . '/' . $newurl);
// }
}
/*
* DELETE photo album and all its photos
*/
if ($_REQUEST['dropalbum'] == t('Delete Album')) {
$res = array();
// get the list of photos we are about to delete
if (remote_channel() && !local_channel()) {
$str = photos_album_get_db_idstr($page_owner_uid, $album, remote_channel());
} elseif (local_channel()) {
$str = photos_album_get_db_idstr(local_channel(), $album);
} else {
$str = null;
}
if (!$str) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
$r = q("select id from item where resource_id in ( {$str} ) and resource_type = 'photo' and uid = %d " . item_normal(), intval($page_owner_uid));
if ($r) {
foreach ($r as $i) {
attach_delete($page_owner_uid, $i['resource_id'], 1);
// This is now being done in attach_delete()
// drop_item($i['id'],false,DROPITEM_PHASE1,true /* force removal of linked items */);
// proc_run('php','include/notifier.php','drop',$i['id']);
}
}
// remove the associated photos in case they weren't attached to an item
q("delete from photo where resource_id in ( {$str} ) and uid = %d", intval($page_owner_uid));
// @FIXME do the same for the linked attach
}
goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address']);
}
if (argc() > 2 && x($_REQUEST, 'delete') && $_REQUEST['delete'] === t('Delete Photo')) {
// same as above but remove single photo
$ob_hash = get_observer_hash();
if (!$ob_hash) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
$r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1", dbesc($ob_hash), intval(local_channel()), dbesc($a->argv[2]));
if ($r) {
/* this happens in attach_delete
q("DELETE FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s'",
intval($page_owner_uid),
dbesc($r[0]['resource_id'])
);
*/
attach_delete($page_owner_uid, $r[0]['resource_id'], 1);
/* this happens in attach_delete
$i = q("SELECT * FROM `item` WHERE `resource_id` = '%s' AND resource_type = 'photo' and `uid` = %d LIMIT 1",
dbesc($r[0]['resource_id']),
intval($page_owner_uid)
);
if(count($i)) {
drop_item($i[0]['id'],true,DROPITEM_PHASE1);
$url = $a->get_baseurl();
}
*/
}
goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']);
}
if ($a->argc > 2 && (x($_POST, 'desc') !== false || x($_POST, 'newtag') !== false) || x($_POST, 'albname') !== false) {
$desc = x($_POST, 'desc') ? notags(trim($_POST['desc'])) : '';
$rawtags = x($_POST, 'newtag') ? notags(trim($_POST['newtag'])) : '';
$item_id = x($_POST, 'item_id') ? intval($_POST['item_id']) : 0;
$albname = x($_POST, 'albname') ? notags(trim($_POST['albname'])) : '';
$is_nsfw = x($_POST, 'adult') ? intval($_POST['adult']) : 0;
$acl->set_from_array($_POST);
$perm = $acl->get();
$resource_id = $a->argv[2];
if (!strlen($albname)) {
$albname = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y');
}
if (x($_POST, 'rotate') !== false && (intval($_POST['rotate']) == 1 || intval($_POST['rotate']) == 2)) {
logger('rotate');
$r = q("select * from photo where `resource_id` = '%s' and uid = %d and scale = 0 limit 1", dbesc($resource_id), intval($page_owner_uid));
if (count($r)) {
$d = $r[0]['os_storage'] ? @file_get_contents($r[0]['data']) : dbunescbin($r[0]['data']);
$ph = photo_factory($d, $r[0]['type']);
if ($ph->is_valid()) {
$rotate_deg = intval($_POST['rotate']) == 1 ? 270 : 90;
$ph->rotate($rotate_deg);
$width = $ph->getWidth();
$height = $ph->getHeight();
if (intval($r[0]['os_storage'])) {
@file_put_contents($r[0]['data'], $ph->imageString());
$data = $r[0]['data'];
$fsize = @filesize($r[0]['data']);
q("update attach set filesize = %d where hash = '%s' and uid = %d limit 1", intval($fsize), dbesc($resource_id), intval($page_owner_uid));
} else {
$data = $ph->imageString();
$fsize = strlen($data);
}
$x = q("update photo set data = '%s', `size` = %d, height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 0", dbescbin($data), intval($fsize), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 1024 || $height > 1024) {
$ph->scaleImage(1024);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 1", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 640 || $height > 640) {
$ph->scaleImage(640);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 2", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 320 || $height > 320) {
$ph->scaleImage(320);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 3", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
}
}
}
$p = q("SELECT type, is_nsfw, description, resource_id, scale, allow_cid, allow_gid, deny_cid, deny_gid FROM photo WHERE resource_id = '%s' AND uid = %d ORDER BY scale DESC", dbesc($resource_id), intval($page_owner_uid));
if ($p) {
$ext = $phototypes[$p[0]['type']];
$r = q("UPDATE `photo` SET `description` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", dbesc($desc), dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid));
}
$item_private = $str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny ? true : false;
$old_is_nsfw = $p[0]['is_nsfw'];
if ($old_is_nsfw != $is_nsfw) {
$r = q("update photo set is_nsfw = %d where resource_id = '%s' and uid = %d", intval($is_nsfw), dbesc($resource_id), intval($page_owner_uid));
}
/* Don't make the item visible if the only change was the album name */
$visibility = 0;
if ($p[0]['description'] !== $desc || strlen($rawtags)) {
$visibility = 1;
}
if (!$item_id) {
$item_id = photos_create_item($a->data['channel'], get_observer_hash(), $p[0], $visibility);
}
if ($item_id) {
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item_id), intval($page_owner_uid));
if ($r) {
$old_tag = $r[0]['tag'];
$old_inform = $r[0]['inform'];
}
}
// make sure the linked item has the same permissions as the photo regardless of any other changes
$x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d\n\t\t\twhere id = %d", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), intval($acl->is_private()), intval($item_id));
// make sure the attach has the same permissions as the photo regardless of any other changes
$x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d and is_photo = 1", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid));
if (strlen($rawtags)) {
$str_tags = '';
$inform = '';
// if the new tag doesn't have a namespace specifier (@foo or #foo) give it a mention
$x = substr($rawtags, 0, 1);
if ($x !== '@' && $x !== '#') {
$rawtags = '@' . $rawtags;
}
require_once 'include/text.php';
$profile_uid = $a->profile['profile_uid'];
$results = linkify_tags($a, $rawtags, local_channel() ? local_channel() : $profile_uid);
$success = $results['success'];
$post_tags = array();
foreach ($results as $result) {
$success = $result['success'];
if ($success['replaced']) {
$post_tags[] = array('uid' => $profile_uid, 'type' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url']);
}
}
$r = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval($page_owner_uid));
if ($r) {
$r = fetch_post_tags($r, true);
$datarray = $r[0];
if ($post_tags) {
if (!array_key_exists('term', $datarray) || !is_array($datarray['term'])) {
$datarray['term'] = $post_tags;
} else {
$datarray['term'] = array_merge($datarray['term'], $post_tags);
}
}
item_store_update($datarray, $execflag);
}
}
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
return;
// NOTREACHED
}
/**
* default post action - upload a photo
*/
$channel = $a->data['channel'];
$observer = $a->data['observer'];
$_REQUEST['source'] = 'photos';
require_once 'include/attach.php';
if (!local_channel()) {
$_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']);
$_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']);
$_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']);
$_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']);
}
$r = attach_store($a->channel, get_observer_hash(), '', $_REQUEST);
if (!$r['success']) {
notice($r['message'] . EOL);
}
if ($_REQUEST['newalbum']) {
goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($_REQUEST['newalbum']));
} else {
goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex(datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y')));
}
}
/**
* @brief Delete a file/directory from a channel.
*
* If the provided resource hash is from a directory it will delete everything
* recursively under this directory.
*
* @param int $channel_id
* The id of the channel
* @param string $resource
* The hash to delete
* @return void
*/
function attach_delete($channel_id, $resource, $is_photo = 0)
{
$c = q("SELECT channel_address FROM channel WHERE channel_id = %d LIMIT 1", intval($channel_id));
$channel_address = $c ? $c[0]['channel_address'] : 'notfound';
$photo_sql = $is_photo ? " and is_photo = 1 " : '';
$r = q("SELECT hash, flags, is_dir, is_photo, folder FROM attach WHERE hash = '%s' AND uid = %d {$photo_sql} limit 1", dbesc($resource), intval($channel_id));
if (!$r) {
return;
}
$cloudpath = get_parent_cloudpath($channel_id, $channel_address, $resource);
$object = get_file_activity_object($channel_id, $resource, $cloudpath);
// If resource is a directory delete everything in the directory recursive
if (intval($r[0]['is_dir'])) {
$x = q("SELECT hash, os_storage, is_dir, flags FROM attach WHERE folder = '%s' AND uid = %d", dbesc($resource), intval($channel_id));
if ($x) {
foreach ($x as $xx) {
attach_delete($channel_id, $xx['hash']);
}
}
}
// delete a file from filesystem
if (intval($r[0]['os_storage'])) {
$y = q("SELECT data FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($resource), intval($channel_id));
if ($y) {
$f = 'store/' . $channel_address . '/' . $y[0]['data'];
if (is_dir($y[0]['data'])) {
@rmdir($y[0]['data']);
} elseif (file_exists($f)) {
unlink($f);
}
}
}
// delete from database
$z = q("DELETE FROM attach WHERE hash = '%s' AND uid = %d", dbesc($resource), intval($channel_id));
if ($r[0]['is_photo']) {
$x = q("select id, item_hidden from item where resource_id = '%s' and resource_type = 'photo' and uid = %d", dbesc($resource), intval($channel_id));
if ($x) {
drop_item($x[0]['id'], false, $x[0]['item_hidden'] ? DROPITEM_NORMAL : DROPITEM_PHASE1, true);
q("DELETE FROM photo WHERE uid = %d AND resource_id = '%s'", intval($channel_id), dbesc($resource));
}
}
// update the parent folder's lastmodified timestamp
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc(datetime_convert()), dbesc($r[0]['folder']), intval($channel_id));
file_activity($channel_id, $object, $object['allow_cid'], $object['allow_gid'], $object['deny_cid'], $object['deny_gid'], 'update', $notify = 0);
}
function filestorage_content(&$a)
{
if (argc() > 1) {
$which = argv(1);
} else {
notice(t('Requested profile is not available.') . EOL);
$a->error = 404;
return;
}
$r = q("select * from channel where channel_address = '%s'", dbesc($which));
if ($r) {
$channel = $r[0];
$owner = intval($r[0]['channel_id']);
}
$observer = $a->get_observer();
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($owner, $ob_hash);
if (!$perms['view_storage']) {
notice(t('Permission denied.') . EOL);
return;
}
// Since we have ACL'd files in the wild, but don't have ACL here yet, we
// need to return for anyone other than the owner, despite the perms check for now.
$is_owner = local_channel() && $owner == local_channel() ? true : false;
if (!$is_owner) {
info(t('Permission Denied.') . EOL);
return;
}
if (argc() > 3 && argv(3) === 'delete') {
if (!$perms['write_storage']) {
notice(t('Permission denied.') . EOL);
return;
}
$file = intval(argv(2));
$r = q("SELECT hash FROM attach WHERE id = %d AND uid = %d LIMIT 1", dbesc($file), intval($owner));
if (!$r) {
notice(t('File not found.') . EOL);
goaway(z_root() . '/cloud/' . $which);
}
$f = $r[0];
$channel = $a->get_channel();
$parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']);
attach_delete($owner, $f['hash']);
goaway($parentpath);
}
if (argc() > 3 && argv(3) === 'edit') {
require_once 'include/acl_selectors.php';
if (!$perms['write_storage']) {
notice(t('Permission denied.') . EOL);
return;
}
$file = intval(argv(2));
$r = q("select id, uid, folder, filename, revision, flags, hash, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and uid = %d limit 1", intval($file), intval($owner));
$f = $r[0];
$channel = $a->get_channel();
$cloudpath = get_cloudpath($f) . ($f['flags'] & ATTACH_FLAG_DIR ? '?f=&davguest=1' : '');
$parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']);
$aclselect_e = populate_acl($f, false);
$is_a_dir = $f['flags'] & ATTACH_FLAG_DIR ? true : false;
$lockstate = $f['allow_cid'] || $f['allow_gid'] || $f['deny_cid'] || $f['deny_gid'] ? 'lock' : 'unlock';
// Encode path that is used for link so it's a valid URL
// Keep slashes as slashes, otherwise mod_rewrite doesn't work correctly
$encoded_path = str_replace('%2F', '/', rawurlencode($cloudpath));
$o = replace_macros(get_markup_template('attach_edit.tpl'), array('$header' => t('Edit file permissions'), '$file' => $f, '$cloudpath' => z_root() . '/' . $encoded_path, '$parentpath' => $parentpath, '$uid' => $channel['channel_id'], '$channelnick' => $channel['channel_address'], '$permissions' => t('Permissions'), '$aclselect' => $aclselect_e, '$lockstate' => $lockstate, '$permset' => t('Set/edit permissions'), '$recurse' => array('recurse', t('Include all files and sub folders'), 0, '', array(t('No'), t('Yes'))), '$backlink' => t('Return to file list'), '$isadir' => $is_a_dir, '$cpdesc' => t('Copy/paste this code to attach file to a post'), '$cpldesc' => t('Copy/paste this URL to link file from a web page'), '$submit' => t('Submit'), '$attach_btn_title' => t('Share this file'), '$link_btn_title' => t('Show URL to this file'), '$notify' => array('notify', t('Notify your contacts about this file'), 0, '', array(t('No'), t('Yes')))));
echo $o;
killme();
}
goaway(z_root() . '/cloud/' . $which);
}
/**
* @brief delete directory
*/
public function delete()
{
logger('delete file ' . basename($this->red_path), LOGGER_DEBUG);
if (!$this->auth->owner_id || !perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage')) {
throw new DAV\Exception\Forbidden('Permission denied.');
}
if ($this->auth->owner_id !== $this->auth->channel_id) {
if ($this->auth->observer !== $this->data['creator'] || intval($this->data['is_dir'])) {
throw new DAV\Exception\Forbidden('Permission denied.');
}
}
attach_delete($this->auth->owner_id, $this->folder_hash);
$ch = channelx_by_n($this->auth->owner_id);
if ($ch) {
$sync = attach_export_data($ch, $this->folder_hash, true);
if ($sync) {
build_sync_packet($ch['channel_id'], array('file' => array($sync)));
}
}
}
function plugin_attach_action()
{
global $vars, $_attach_messages;
// Backward compatible
if (isset($vars['openfile'])) {
$vars['file'] = $vars['openfile'];
$vars['pcmd'] = 'open';
}
if (isset($vars['delfile'])) {
$vars['file'] = $vars['delfile'];
$vars['pcmd'] = 'delete';
}
$pcmd = isset($vars['pcmd']) ? $vars['pcmd'] : '';
$refer = isset($vars['refer']) ? $vars['refer'] : '';
$pass = isset($vars['pass']) ? $vars['pass'] : NULL;
$page = isset($vars['page']) ? $vars['page'] : '';
if ($refer != '' && is_pagename($refer)) {
if (in_array($pcmd, array('info', 'open', 'list'))) {
check_readable($refer);
} else {
check_editable($refer);
}
}
// Dispatch
if (isset($_FILES['attach_file'])) {
// Upload
return attach_upload($_FILES['attach_file'], $refer, $pass);
} else {
switch ($pcmd) {
case 'delete':
/*FALLTHROUGH*/
/*FALLTHROUGH*/
case 'freeze':
case 'unfreeze':
if (PKWK_READONLY) {
die_message('PKWK_READONLY prohibits editing');
}
}
switch ($pcmd) {
case 'info':
return attach_info();
case 'delete':
return attach_delete();
case 'open':
return attach_open();
case 'list':
return attach_list();
case 'freeze':
return attach_freeze(TRUE);
case 'unfreeze':
return attach_freeze(FALSE);
case 'rename':
return attach_rename();
case 'upload':
return attach_showform();
}
if ($page == '' || !is_page($page)) {
return attach_list();
} else {
return attach_showform();
}
}
}
function sync_files($channel, $files)
{
require_once 'include/attach.php';
if ($channel && $files) {
foreach ($files as $f) {
if (!$f) {
continue;
}
$fetch_url = $f['fetch_url'];
$oldbase = dirname($fetch_url);
$original_channel = $f['original_channel'];
if (!($fetch_url && $original_channel)) {
continue;
}
if ($f['attach']) {
$attachment_stored = false;
foreach ($f['attach'] as $att) {
convert_oldfields($att, 'data', 'content');
if ($att['deleted']) {
attach_delete($channel, $att['hash']);
continue;
}
$attach_exists = false;
$x = attach_by_hash($att['hash']);
logger('sync_files duplicate check: attach_exists=' . $attach_exists, LOGGER_DEBUG);
logger('sync_files duplicate check: att=' . print_r($att, true), LOGGER_DEBUG);
logger('sync_files duplicate check: attach_by_hash() returned ' . print_r($x, true), LOGGER_DEBUG);
if ($x['success']) {
$attach_exists = true;
$attach_id = $x[0]['id'];
}
$newfname = 'store/' . $channel['channel_address'] . '/' . get_attach_binname($att['content']);
unset($att['id']);
$att['aid'] = $channel['channel_account_id'];
$att['uid'] = $channel['channel_id'];
// check for duplicate folder names with the same parent.
// If we have a duplicate that doesn't match this hash value
// change the name so that the contents won't be "covered over"
// by the existing directory. Use the same logic we use for
// duplicate files.
if (strpos($att['filename'], '.') !== false) {
$basename = substr($att['filename'], 0, strrpos($att['filename'], '.'));
$ext = substr($att['filename'], strrpos($att['filename'], '.'));
} else {
$basename = $att['filename'];
$ext = '';
}
$r = q("select filename from attach where ( filename = '%s' OR filename like '%s' ) and folder = '%s' and hash != '%s' ", dbesc($basename . $ext), dbesc($basename . '(%)' . $ext), dbesc($att['folder']), dbesc($att['hash']));
if ($r) {
$x = 1;
do {
$found = false;
foreach ($r as $rr) {
if ($rr['filename'] === $basename . '(' . $x . ')' . $ext) {
$found = true;
break;
}
}
if ($found) {
$x++;
}
} while ($found);
$att['filename'] = $basename . '(' . $x . ')' . $ext;
} else {
$att['filename'] = $basename . $ext;
}
// end duplicate detection
// @fixme - update attachment structures if they are modified rather than created
$att['content'] = $newfname;
// Note: we use $att['hash'] below after it has been escaped to
// fetch the file contents.
// If the hash ever contains any escapable chars this could cause
// problems. Currently it does not.
dbesc_array($att);
if ($attach_exists) {
logger('sync_files attach exists: ' . print_r($att, true), LOGGER_DEBUG);
$str = '';
foreach ($att as $k => $v) {
if ($str) {
$str .= ",";
}
$str .= " `" . $k . "` = '" . $v . "' ";
}
$r = dbq("update `attach` set " . $str . " where id = " . intval($attach_id));
} else {
logger('sync_files attach does not exists: ' . print_r($att, true), LOGGER_DEBUG);
$r = dbq("INSERT INTO attach (`" . implode("`, `", array_keys($att)) . "`) VALUES ('" . implode("', '", array_values($att)) . "')");
}
// is this a directory?
if ($att['filetype'] === 'multipart/mixed' && $att['is_dir']) {
os_mkdir($newfname, STORAGE_DEFAULT_PERMISSIONS, true);
$attachment_stored = true;
continue;
} else {
// it's a file
// for the sync version of this algorithm (as opposed to 'offline import')
// we will fetch the actual file from the source server so it can be
// streamed directly to disk and avoid consuming PHP memory if it's a huge
// audio/video file or something.
$time = datetime_convert();
$parr = array('hash' => $channel['channel_hash'], 'time' => $time, 'resource' => $att['hash'], 'revision' => 0, 'signature' => base64url_encode(rsa_sign($channel['channel_hash'] . '.' . $time, $channel['channel_prvkey'])));
$store_path = $newfname;
$fp = fopen($newfname, 'w');
if (!$fp) {
logger('failed to open storage file.', LOGGER_NORMAL, LOG_ERR);
continue;
}
$redirects = 0;
$x = z_post_url($fetch_url, $parr, $redirects, array('filep' => $fp));
fclose($fp);
if ($x['success']) {
$attachment_stored = true;
}
continue;
}
}
}
if (!$attachment_stored) {
// @TODO should we queue this and retry or delete everything or what?
logger('attachment store failed', LOGGER_NORMAL, LOG_ERR);
}
if ($f['photo']) {
foreach ($f['photo'] as $p) {
unset($p['id']);
$p['aid'] = $channel['channel_account_id'];
$p['uid'] = $channel['channel_id'];
convert_oldfields($p, 'data', 'content');
convert_oldfields($p, 'scale', 'imgscale');
convert_oldfields($p, 'size', 'filesize');
convert_oldfields($p, 'type', 'mimetype');
// if this is a profile photo, undo the profile photo bit
// for any other photo which previously held it.
if ($p['photo_usage'] == PHOTO_PROFILE) {
$e = q("update photo set photo_usage = %d where photo_usage = %d\n\t\t\t\t\t\t\tand resource_id != '%s' and uid = %d ", intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), dbesc($p['resource_id']), intval($channel['channel_id']));
}
// same for cover photos
if ($p['photo_usage'] == PHOTO_COVER) {
$e = q("update photo set photo_usage = %d where photo_usage = %d\n\t\t\t\t\t\t\tand resource_id != '%s' and uid = %d ", intval(PHOTO_NORMAL), intval(PHOTO_COVER), dbesc($p['resource_id']), intval($channel['channel_id']));
}
if ($p['imgscale'] === 0 && $p['os_storage']) {
$p['content'] = $store_path;
} else {
$p['content'] = base64_decode($p['content']);
}
$exists = q("select * from photo where resource_id = '%s' and imgscale = %d and uid = %d limit 1", dbesc($p['resource_id']), intval($p['imgscale']), intval($channel['channel_id']));
dbesc_array($p);
if ($exists) {
$str = '';
foreach ($p as $k => $v) {
if ($str) {
$str .= ",";
}
$str .= " `" . $k . "` = '" . $v . "' ";
}
$r = dbq("update `photo` set " . $str . " where id = " . intval($exists[0]['id']));
} else {
$r = dbq("INSERT INTO photo (`" . implode("`, `", array_keys($p)) . "`) VALUES ('" . implode("', '", array_values($p)) . "')");
}
}
}
if ($f['item']) {
sync_items($channel, $f['item'], ['channel_address' => $original_channel, 'url' => $oldbase]);
}
}
}
}
/**
* @brief Delete the file.
*
* This method checks the permissions and then calls attach_delete() function
* to actually remove the file.
*
* @throw \Sabre\DAV\Exception\Forbidden
*/
public function delete()
{
logger('delete file ' . basename($this->name), LOGGER_DEBUG);
if (!$this->auth->owner_id || !perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage')) {
throw new DAV\Exception\Forbidden('Permission denied.');
}
if ($this->auth->owner_id !== $this->auth->channel_id) {
if ($this->auth->observer !== $this->data['creator'] || intval($this->data['is_dir'])) {
throw new DAV\Exception\Forbidden('Permission denied.');
}
}
attach_delete($this->auth->owner_id, $this->data['hash']);
}
function post()
{
logger('mod-photos: photos_post: begin', LOGGER_DEBUG);
logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA);
logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA);
$ph = photo_factory('');
$phototypes = $ph->supportedTypes();
$can_post = false;
$page_owner_uid = \App::$data['channel']['channel_id'];
if (perm_is_allowed($page_owner_uid, get_observer_hash(), 'write_storage')) {
$can_post = true;
}
if (!$can_post) {
notice(t('Permission denied.') . EOL);
if (is_ajax()) {
killme();
}
return;
}
$s = abook_self($page_owner_uid);
if (!$s) {
notice(t('Page owner information could not be retrieved.') . EOL);
logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid);
if (is_ajax()) {
killme();
}
return;
}
$owner_record = $s[0];
$acl = new \Zotlabs\Access\AccessList(\App::$data['channel']);
if (argc() > 3 && argv(2) === 'album') {
$album = hex2bin(argv(3));
if ($album === t('Profile Photos')) {
// not allowed
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
if (!photos_album_exists($page_owner_uid, $album)) {
notice(t('Album not found.') . EOL);
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
/*
* DELETE photo album and all its photos
*/
if ($_REQUEST['dropalbum'] == t('Delete Album')) {
// This is dangerous because we combined file storage and photos into one interface
// This function will remove all photos from any directory with the same name since
// we have not passed the path value.
// The correct solution would be to use a full pathname from your storage root for 'album'
// We also need to prevent/block removing the storage root folder.
$folder_hash = '';
$r = q("select * from attach where is_dir = 1 and uid = %d and filename = '%s'", intval($page_owner_uid), dbesc($album));
if (!$r) {
notice(t('Album not found.') . EOL);
return;
}
if (count($r) > 1) {
notice(t('Multiple storage folders exist with this album name, but within different directories. Please remove the desired folder or folders using the Files manager') . EOL);
return;
} else {
$folder_hash = $r[0]['hash'];
}
$res = array();
// get the list of photos we are about to delete
if (remote_channel() && !local_channel()) {
$str = photos_album_get_db_idstr($page_owner_uid, $album, remote_channel());
} elseif (local_channel()) {
$str = photos_album_get_db_idstr(local_channel(), $album);
} else {
$str = null;
}
if (!$str) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
$r = q("select id from item where resource_id in ( {$str} ) and resource_type = 'photo' and uid = %d " . item_normal(), intval($page_owner_uid));
if ($r) {
foreach ($r as $i) {
attach_delete($page_owner_uid, $i['resource_id'], 1);
}
}
// remove the associated photos in case they weren't attached to an item
q("delete from photo where resource_id in ( {$str} ) and uid = %d", intval($page_owner_uid));
// @FIXME do the same for the linked attach
if ($folder_hash) {
attach_delete($page_owner_uid, $folder_hash, 1);
$sync = attach_export_data(\App::$data['channel'], $folder_hash, true);
if ($sync) {
build_sync_packet($page_owner_uid, array('file' => array($sync)));
}
}
}
goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address']);
}
if (argc() > 2 && x($_REQUEST, 'delete') && $_REQUEST['delete'] === t('Delete Photo')) {
// same as above but remove single photo
$ob_hash = get_observer_hash();
if (!$ob_hash) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
$r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1", dbesc($ob_hash), intval(local_channel()), dbesc(\App::$argv[2]));
if ($r) {
attach_delete($page_owner_uid, $r[0]['resource_id'], 1);
$sync = attach_export_data(\App::$data['channel'], $r[0]['resource_id'], true);
if ($sync) {
build_sync_packet($page_owner_uid, array('file' => array($sync)));
}
}
goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']);
}
if (argc() > 2 && array_key_exists('move_to_album', $_POST)) {
$m = q("select folder from attach where hash = '%s' and uid = %d limit 1", dbesc(argv(2)), intval($page_owner_uid));
if ($m && $m[0]['folder'] != $_POST['move_to_album']) {
attach_move($page_owner_uid, argv(2), $_POST['move_to_album']);
if (!($_POST['desc'] && $_POST['newtag'])) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
}
}
if (argc() > 2 && (x($_POST, 'desc') !== false || x($_POST, 'newtag') !== false)) {
$desc = x($_POST, 'desc') ? notags(trim($_POST['desc'])) : '';
$rawtags = x($_POST, 'newtag') ? notags(trim($_POST['newtag'])) : '';
$item_id = x($_POST, 'item_id') ? intval($_POST['item_id']) : 0;
$is_nsfw = x($_POST, 'adult') ? intval($_POST['adult']) : 0;
$acl->set_from_array($_POST);
$perm = $acl->get();
$resource_id = argv(2);
if (x($_POST, 'rotate') !== false && (intval($_POST['rotate']) == 1 || intval($_POST['rotate']) == 2)) {
logger('rotate');
$r = q("select * from photo where `resource_id` = '%s' and uid = %d and imgscale = 0 limit 1", dbesc($resource_id), intval($page_owner_uid));
if (count($r)) {
$d = $r[0]['os_storage'] ? @file_get_contents($r[0]['content']) : dbunescbin($r[0]['content']);
$ph = photo_factory($d, $r[0]['mimetype']);
if ($ph->is_valid()) {
$rotate_deg = intval($_POST['rotate']) == 1 ? 270 : 90;
$ph->rotate($rotate_deg);
$width = $ph->getWidth();
$height = $ph->getHeight();
if (intval($r[0]['os_storage'])) {
@file_put_contents($r[0]['content'], $ph->imageString());
$data = $r[0]['content'];
$fsize = @filesize($r[0]['content']);
q("update attach set filesize = %d where hash = '%s' and uid = %d limit 1", intval($fsize), dbesc($resource_id), intval($page_owner_uid));
} else {
$data = $ph->imageString();
$fsize = strlen($data);
}
$x = q("update photo set content = '%s', filesize = %d, height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 0", dbescbin($data), intval($fsize), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 1024 || $height > 1024) {
$ph->scaleImage(1024);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 1", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 640 || $height > 640) {
$ph->scaleImage(640);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 2", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 320 || $height > 320) {
$ph->scaleImage(320);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 3", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
}
}
}
$p = q("SELECT mimetype, is_nsfw, description, resource_id, imgscale, allow_cid, allow_gid, deny_cid, deny_gid FROM photo WHERE resource_id = '%s' AND uid = %d ORDER BY imgscale DESC", dbesc($resource_id), intval($page_owner_uid));
if ($p) {
$ext = $phototypes[$p[0]['mimetype']];
$r = q("UPDATE `photo` SET `description` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", dbesc($desc), dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid));
}
$item_private = $str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny ? true : false;
$old_is_nsfw = $p[0]['is_nsfw'];
if ($old_is_nsfw != $is_nsfw) {
$r = q("update photo set is_nsfw = %d where resource_id = '%s' and uid = %d", intval($is_nsfw), dbesc($resource_id), intval($page_owner_uid));
}
/* Don't make the item visible if the only change was the album name */
$visibility = 0;
if ($p[0]['description'] !== $desc || strlen($rawtags)) {
$visibility = 1;
}
if (!$item_id) {
$item_id = photos_create_item(\App::$data['channel'], get_observer_hash(), $p[0], $visibility);
}
if ($item_id) {
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item_id), intval($page_owner_uid));
if ($r) {
$old_tag = $r[0]['tag'];
$old_inform = $r[0]['inform'];
}
}
// make sure the linked item has the same permissions as the photo regardless of any other changes
$x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d\n\t\t\t\twhere id = %d", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), intval($acl->is_private()), intval($item_id));
// make sure the attach has the same permissions as the photo regardless of any other changes
$x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d and is_photo = 1", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid));
if (strlen($rawtags)) {
$str_tags = '';
$inform = '';
// if the new tag doesn't have a namespace specifier (@foo or #foo) give it a mention
$x = substr($rawtags, 0, 1);
if ($x !== '@' && $x !== '#') {
$rawtags = '@' . $rawtags;
}
require_once 'include/text.php';
$profile_uid = \App::$profile['profile_uid'];
$results = linkify_tags($a, $rawtags, local_channel() ? local_channel() : $profile_uid);
$success = $results['success'];
$post_tags = array();
foreach ($results as $result) {
$success = $result['success'];
if ($success['replaced']) {
$post_tags[] = array('uid' => $profile_uid, 'ttype' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url']);
}
}
$r = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval($page_owner_uid));
if ($r) {
$r = fetch_post_tags($r, true);
$datarray = $r[0];
if ($post_tags) {
if (!array_key_exists('term', $datarray) || !is_array($datarray['term'])) {
$datarray['term'] = $post_tags;
} else {
$datarray['term'] = array_merge($datarray['term'], $post_tags);
}
}
item_store_update($datarray, $execflag);
}
}
$sync = attach_export_data(\App::$data['channel'], $resource_id);
if ($sync) {
build_sync_packet($page_owner_uid, array('file' => array($sync)));
}
goaway(z_root() . '/' . $_SESSION['photo_return']);
return;
// NOTREACHED
}
/**
* default post action - upload a photo
*/
$channel = \App::$data['channel'];
$observer = \App::$data['observer'];
$_REQUEST['source'] = 'photos';
require_once 'include/attach.php';
if (!local_channel()) {
$_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']);
$_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']);
$_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']);
$_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']);
}
$r = attach_store($channel, get_observer_hash(), '', $_REQUEST);
if (!$r['success']) {
notice($r['message'] . EOL);
}
if ($_REQUEST['newalbum']) {
goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex($_REQUEST['newalbum']));
} else {
goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex(datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y')));
}
}
function plugin_attach_action()
{
global $vars, $_attach_messages, $_string;
// Backward compatible
if (isset($vars['openfile'])) {
$vars['file'] = $vars['openfile'];
$vars['pcmd'] = 'open';
}
if (isset($vars['delfile'])) {
$vars['file'] = $vars['delfile'];
$vars['pcmd'] = 'delete';
}
$pcmd = isset($vars['pcmd']) ? $vars['pcmd'] : NULL;
$refer = isset($vars['refer']) ? $vars['refer'] : NULL;
$pass = isset($vars['pass']) ? $vars['pass'] : NULL;
$page = isset($vars['page']) ? $vars['page'] : $refer;
if (!empty($page)) {
$wiki = Factory::Wiki($page);
if ($wiki->isValied()) {
// メソッドによってパーミッションを分ける
if (in_array($pcmd, array('info', 'open', 'list'))) {
// 読み込み許可
$wiki->checkReadable();
} else {
// 書き込み許可があるか
$wiki->checkEditable();
}
}
}
if (in_array($pcmd, array('delete', 'freeze', 'unfreeze'))) {
if (Auth::check_role('readonly')) {
Utility::dieMessage($_string['error_prohibit']);
}
}
switch ($pcmd) {
case 'info':
return attach_info();
case 'delete':
return attach_delete();
case 'open':
return attach_open();
case 'list':
return attach_list($page);
case 'freeze':
return attach_freeze(TRUE);
case 'unfreeze':
return attach_freeze(FALSE);
case 'rename':
return attach_rename();
default:
case 'upload':
return attach_showform();
case 'form':
return array('msg' => str_replace('$1', $refer, $_attach_messages['msg_upload']), 'body' => attach_form($refer));
case 'post':
return attach_upload($page, $pass);
case 'progress':
return PluginRenderer::getUploadProgress();
}
return empty($page) || !$wiki->isValied() ? attach_list() : attach_showform();
}
/**
* @brief Delete a file/directory.
*
* @param int $channel_id
* @param string $resource a hash to delete
*/
function attach_delete($channel_id, $resource)
{
$c = q("SELECT channel_address FROM channel WHERE channel_id = %d LIMIT 1", intval($channel_id));
$channel_address = $c ? $c[0]['channel_address'] : 'notfound';
$r = q("SELECT hash, flags, folder FROM attach WHERE hash = '%s' AND uid = %d limit 1", dbesc($resource), intval($channel_id));
if (!$r) {
return;
}
// If resource is a directory delete everything in the directory recursive
if ($r[0]['flags'] & ATTACH_FLAG_DIR) {
$x = q("select hash, flags from attach where folder = '%s' and uid = %d", dbesc($resource), intval($channel_id));
if ($x) {
foreach ($x as $xx) {
attach_delete($channel_id, $xx['hash']);
}
}
}
// delete a file from filesystem
if ($r[0]['flags'] & ATTACH_FLAG_OS) {
$y = q("SELECT data FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($resource), intval($channel_id));
if ($y) {
$f = 'store/' . $channel_address . '/' . $y[0]['data'];
if (is_dir($f)) {
@rmdir($f);
} elseif (file_exists($f)) {
unlink($f);
}
}
}
// delete from database
$z = q("DELETE FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($resource), intval($channel_id));
// update the parent folder's lastmodified timestamp
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc(datetime_convert()), dbesc($r[0]['folder']), intval($channel_id));
return;
}
/**
* @brief Creates a new file in the directory.
*
* Data will either be supplied as a stream resource, or in certain cases
* as a string. Keep in mind that you may have to support either.
*
* After successful creation of the file, you may choose to return the ETag
* of the new file here.
*
* @throw \Sabre\DAV\Exception\Forbidden
* @param string $name Name of the file
* @param resource|string $data Initial payload
* @return null|string ETag
*/
public function createFile($name, $data = null)
{
logger($name, LOGGER_DEBUG);
if (!$this->auth->owner_id) {
logger('permission denied ' . $name);
throw new DAV\Exception\Forbidden('Permission denied.');
}
if (!perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage')) {
logger('permission denied ' . $name);
throw new DAV\Exception\Forbidden('Permission denied.');
}
$mimetype = z_mime_content_type($name);
$c = q("SELECT * FROM channel WHERE channel_id = %d AND channel_removed = 0 LIMIT 1", intval($this->auth->owner_id));
if (!$c) {
logger('no channel');
throw new DAV\Exception\Forbidden('Permission denied.');
}
$filesize = 0;
$hash = random_string();
$f = 'store/' . $this->auth->owner_nick . '/' . ($this->os_path ? $this->os_path . '/' : '') . $hash;
$direct = null;
if ($this->folder_hash) {
$r = q("select * from attach where hash = '%s' and is_dir = 1 and uid = %d limit 1", dbesc($this->folder_hash), intval($c[0]['channel_id']));
if ($r) {
$direct = $r[0];
}
}
if ($direct && ($direct['allow_cid'] || $direct['allow_gid'] || $direct['deny_cid'] || $direct['deny_gid'])) {
$allow_cid = $direct['allow_cid'];
$allow_gid = $direct['allow_gid'];
$deny_cid = $direct['deny_cid'];
$deny_gid = $direct['deny_gid'];
} else {
$allow_cid = $c[0]['channel_allow_cid'];
$allow_gid = $c[0]['channel_allow_gid'];
$deny_cid = $c[0]['channel_deny_cid'];
$deny_gid = $c[0]['channel_deny_gid'];
}
$r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, folder, os_storage, filetype, filesize, revision, is_photo, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($c[0]['channel_account_id']), intval($c[0]['channel_id']), dbesc($hash), dbesc($this->auth->observer), dbesc($name), dbesc($this->folder_hash), intval(1), dbesc($mimetype), intval($filesize), intval(0), intval($is_photo), dbesc($this->os_path . '/' . $hash), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($allow_cid), dbesc($allow_gid), dbesc($deny_cid), dbesc($deny_gid));
// returns the number of bytes that were written to the file, or FALSE on failure
$size = file_put_contents($f, $data);
// delete attach entry if file_put_contents() failed
if ($size === false) {
logger('file_put_contents() failed to ' . $f);
attach_delete($c[0]['channel_id'], $hash);
return;
}
// returns now
$edited = datetime_convert();
$is_photo = 0;
$x = @getimagesize($f);
logger('getimagesize: ' . print_r($x, true), LOGGER_DATA);
if ($x && ($x[2] === IMAGETYPE_GIF || $x[2] === IMAGETYPE_JPEG || $x[2] === IMAGETYPE_PNG)) {
$is_photo = 1;
}
// updates entry with filesize and timestamp
$d = q("UPDATE attach SET filesize = '%s', is_photo = %d, edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($size), intval($is_photo), dbesc($edited), dbesc($hash), intval($c[0]['channel_id']));
// update the folder's lastmodified timestamp
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($edited), dbesc($this->folder_hash), intval($c[0]['channel_id']));
$maxfilesize = get_config('system', 'maxfilesize');
if ($maxfilesize && $size > $maxfilesize) {
attach_delete($c[0]['channel_id'], $hash);
return;
}
// check against service class quota
$limit = service_class_fetch($c[0]['channel_id'], 'attach_upload_limit');
if ($limit !== false) {
$x = q("SELECT SUM(filesize) AS total FROM attach WHERE aid = %d ", intval($c[0]['channel_account_id']));
if ($x && $x[0]['total'] + $size > $limit) {
logger('service class limit exceeded for ' . $c[0]['channel_name'] . ' total usage is ' . $x[0]['total'] . ' limit is ' . $limit);
attach_delete($c[0]['channel_id'], $hash);
return;
}
}
if ($is_photo) {
$album = '';
if ($this->folder_hash) {
$f1 = q("select filename from attach WHERE hash = '%s' AND uid = %d", dbesc($this->folder_hash), intval($c[0]['channel_id']));
if ($f1) {
$album = $f1[0]['filename'];
}
}
require_once 'include/photos.php';
$args = array('resource_id' => $hash, 'album' => $album, 'os_path' => $f, 'filename' => $name, 'getimagesize' => $x, 'directory' => $direct);
$p = photo_upload($c[0], get_app()->get_observer(), $args);
}
}
/**
* @brief Creates a new file in the directory.
*
* Data will either be supplied as a stream resource, or in certain cases
* as a string. Keep in mind that you may have to support either.
*
* After successful creation of the file, you may choose to return the ETag
* of the new file here.
*
* @throw \Sabre\DAV\Exception\Forbidden
* @param string $name Name of the file
* @param resource|string $data Initial payload
* @return null|string ETag
*/
public function createFile($name, $data = null)
{
logger($name, LOGGER_DEBUG);
if (!$this->auth->owner_id) {
logger('permission denied ' . $name);
throw new DAV\Exception\Forbidden('Permission denied.');
}
if (!perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage')) {
logger('permission denied ' . $name);
throw new DAV\Exception\Forbidden('Permission denied.');
}
$mimetype = z_mime_content_type($name);
$c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d)>0 LIMIT 1", intval($this->auth->owner_id), intval(PAGE_REMOVED));
if (!$c) {
logger('no channel');
throw new DAV\Exception\Forbidden('Permission denied.');
}
$filesize = 0;
$hash = random_string();
$r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, folder, flags, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($c[0]['channel_account_id']), intval($c[0]['channel_id']), dbesc($hash), dbesc($this->auth->observer), dbesc($name), dbesc($this->folder_hash), dbesc(ATTACH_FLAG_OS), dbesc($mimetype), intval($filesize), intval(0), dbesc($this->os_path . '/' . $hash), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($c[0]['channel_allow_cid']), dbesc($c[0]['channel_allow_gid']), dbesc($c[0]['channel_deny_cid']), dbesc($c[0]['channel_deny_gid']));
$f = 'store/' . $this->auth->owner_nick . '/' . ($this->os_path ? $this->os_path . '/' : '') . $hash;
// returns the number of bytes that were written to the file, or FALSE on failure
$size = file_put_contents($f, $data);
// delete attach entry if file_put_contents() failed
if ($size === false) {
logger('file_put_contents() failed to ' . $f);
attach_delete($c[0]['channel_id'], $hash);
return;
}
// returns now
$edited = datetime_convert();
// updates entry with filesize and timestamp
$d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($size), dbesc($edited), dbesc($hash), intval($c[0]['channel_id']));
// update the folder's lastmodified timestamp
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($edited), dbesc($this->folder_hash), intval($c[0]['channel_id']));
$maxfilesize = get_config('system', 'maxfilesize');
if ($maxfilesize && $size > $maxfilesize) {
attach_delete($c[0]['channel_id'], $hash);
return;
}
// check against service class quota
$limit = service_class_fetch($c[0]['channel_id'], 'attach_upload_limit');
if ($limit !== false) {
$x = q("SELECT SUM(filesize) AS total FROM attach WHERE aid = %d ", intval($c[0]['channel_account_id']));
if ($x && $x[0]['total'] + $size > $limit) {
logger('service class limit exceeded for ' . $c[0]['channel_name'] . ' total usage is ' . $x[0]['total'] . ' limit is ' . $limit);
attach_delete($c[0]['channel_id'], $hash);
return;
}
}
}
/**
* @brief Delete the file.
*
* This method checks the permissions and then calls attach_delete() function
* to actually remove the file.
*
* @throw \Sabre\DAV\Exception\Forbidden
*/
public function delete()
{
logger('delete file ' . basename($this->name), LOGGER_DEBUG);
if (!$this->auth->owner_id || !perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage')) {
throw new DAV\Exception\Forbidden('Permission denied.');
}
if ($this->auth->owner_id !== $this->auth->channel_id) {
if ($this->auth->observer !== $this->data['creator'] || intval($this->data['is_dir'])) {
throw new DAV\Exception\Forbidden('Permission denied.');
}
}
if (get_pconfig($this->auth->owner_id, 'system', 'os_delete_prohibit') && \App::$module == 'dav') {
throw new DAV\Exception\Forbidden('Permission denied.');
}
attach_delete($this->auth->owner_id, $this->data['hash']);
$ch = channelx_by_n($this->auth->owner_id);
if ($ch) {
$sync = attach_export_data($ch, $this->data['hash'], true);
if ($sync) {
build_sync_packet($ch['channel_id'], array('file' => array($sync)));
}
}
}
/**
* @brief Delete the file.
*
* @throw DAV\Exception\Forbidden
* @return void
*/
public function delete()
{
logger('RedFile::delete(): ' . basename($this->name), LOGGER_DEBUG);
if (!$this->auth->owner_id || !perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage')) {
throw new DAV\Exception\Forbidden('Permission denied.');
}
if ($this->auth->owner_id !== $this->auth->channel_id) {
if ($this->auth->observer !== $this->data['creator'] || $this->data['flags'] & ATTACH_FLAG_DIR) {
throw new DAV\Exception\Forbidden('Permission denied.');
}
}
attach_delete($this->auth->owner_id, $this->data['hash']);
}
