function privacy_image_cache_init()
{
$urlhash = 'pic:' . sha1($_REQUEST['url']);
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' LIMIT 1", $urlhash);
if (count($r)) {
$img_str = $r[0]['data'];
$mime = $r[0]["desc"];
if ($mime == "") {
$mime = "image/jpeg";
}
} else {
require_once "Photo.php";
$img_str = fetch_url($_REQUEST['url'], true);
if (substr($img_str, 0, 6) == "GIF89a") {
$mime = "image/gif";
$image = @imagecreatefromstring($img_str);
if ($image === FALSE) {
die;
}
q("INSERT INTO `photo`\n\t\t\t( `uid`, `contact-id`, `guid`, `resource-id`, `created`, `edited`, `filename`, `album`, `height`, `width`, `desc`, `data`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, %d, '%s', '%s', '%s', '%s' )", 0, 0, get_guid(), dbesc($urlhash), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(basename(dbesc($_REQUEST["url"]))), dbesc(''), intval(imagesy($image)), intval(imagesx($image)), 'image/gif', dbesc($img_str), 100, intval(0), dbesc(''), dbesc(''), dbesc(''), dbesc(''));
} else {
$img = new Photo($img_str);
if ($img->is_valid()) {
$img->store(0, 0, $urlhash, $_REQUEST['url'], '', 100);
$img_str = $img->imageString();
}
$mime = "image/jpeg";
}
}
header("Content-type: {$mime}");
header("Expires: " . gmdate("D, d M Y H:i:s", time() + 3600 * 24) . " GMT");
header("Cache-Control: max-age=" . 3600 * 24);
echo $img_str;
killme();
}
function photo_init(&$a)
{
global $_SERVER;
$prvcachecontrol = false;
$file = "";
switch ($a->argc) {
case 4:
$person = $a->argv[3];
$customres = intval($a->argv[2]);
$type = $a->argv[1];
break;
case 3:
$person = $a->argv[2];
$type = $a->argv[1];
break;
case 2:
$photo = $a->argv[1];
$file = $photo;
break;
case 1:
default:
killme();
// NOTREACHED
}
// strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= filemtime($localFileName)) {
if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
header('HTTP/1.1 304 Not Modified');
header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
header('Etag: ' . $_SERVER['HTTP_IF_NONE_MATCH']);
header("Expires: " . gmdate("D, d M Y H:i:s", time() + 31536000) . " GMT");
header("Cache-Control: max-age=31536000");
if (function_exists('header_remove')) {
header_remove('Last-Modified');
header_remove('Expires');
header_remove('Cache-Control');
}
exit;
}
$default = 'images/person-175.jpg';
if (isset($type)) {
/**
* Profile photos
*/
switch ($type) {
case 'profile':
case 'custom':
$resolution = 4;
break;
case 'micro':
$resolution = 6;
$default = 'images/person-48.jpg';
break;
case 'avatar':
default:
$resolution = 5;
$default = 'images/person-80.jpg';
break;
}
$uid = str_replace(array('.jpg', '.png'), array('', ''), $person);
$r = q("SELECT * FROM `photo` WHERE `scale` = %d AND `uid` = %d AND `profile` = 1 LIMIT 1", intval($resolution), intval($uid));
if (count($r)) {
$data = $r[0]['data'];
$mimetype = $r[0]['type'];
}
if (!isset($data)) {
$data = file_get_contents($default);
$mimetype = 'image/jpeg';
}
} else {
/**
* Other photos
*/
$resolution = 0;
foreach (Photo::supportedTypes() as $m => $e) {
$photo = str_replace(".{$e}", '', $photo);
}
if (substr($photo, -2, 1) == '-') {
$resolution = intval(substr($photo, -1, 1));
$photo = substr($photo, 0, -2);
}
// check if the photo exists and get the owner of the photo
$r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' LIMIT 1", dbesc($photo), intval($resolution));
if (count($r)) {
$sql_extra = permissions_sql($r[0]['uid']);
// Now we'll see if we can access the photo
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` <= %d {$sql_extra} ORDER BY scale DESC LIMIT 1", dbesc($photo), intval($resolution));
$public = $r[0]['allow_cid'] == '' and $r[0]['allow_gid'] == '' and $r[0]['deny_cid'] == '' and $r[0]['deny_gid'] == '';
if (count($r)) {
$resolution = $r[0]['scale'];
$data = $r[0]['data'];
$mimetype = $r[0]['type'];
} else {
// The picure exists. We already checked with the first query.
// obviously, this is not an authorized viev!
$data = file_get_contents('images/nosign.jpg');
$mimetype = 'image/jpeg';
$prvcachecontrol = true;
$public = false;
}
}
}
if (!isset($data)) {
if (isset($resolution)) {
switch ($resolution) {
case 4:
$data = file_get_contents('images/person-175.jpg');
$mimetype = 'image/jpeg';
break;
case 5:
$data = file_get_contents('images/person-80.jpg');
$mimetype = 'image/jpeg';
break;
case 6:
$data = file_get_contents('images/person-48.jpg');
$mimetype = 'image/jpeg';
break;
default:
killme();
// NOTREACHED
break;
}
}
}
// Resize only if its not a GIF
if ($mime != "image/gif") {
$ph = new Photo($data, $mimetype);
if ($ph->is_valid()) {
if (isset($customres) && $customres > 0 && $customres < 500) {
$ph->scaleImageSquare($customres);
}
$data = $ph->imageString();
$mimetype = $ph->getType();
}
}
if (function_exists('header_remove')) {
header_remove('Pragma');
header_remove('pragma');
}
header("Content-type: " . $mimetype);
if ($prvcachecontrol) {
// it is a private photo that they have no permission to view.
// tell the browser not to cache it, in case they authenticate
// and subsequently have permission to see it
header("Cache-Control: no-store, no-cache, must-revalidate");
} else {
header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
header('Etag: "' . md5($data) . '"');
header("Expires: " . gmdate("D, d M Y H:i:s", time() + 31536000) . " GMT");
header("Cache-Control: max-age=31536000");
}
echo $data;
// If the photo is public and there is an existing photo directory store the photo there
if ($public and $file != "") {
// If the photo path isn't there, try to create it
$basepath = $a->get_basepath();
if (!is_dir($basepath . "/photo")) {
if (is_writable($basepath)) {
mkdir($basepath . "/photo");
}
}
if (is_dir($basepath . "/photo")) {
file_put_contents($basepath . "/photo/" . $file, $data);
}
}
killme();
// NOTREACHED
}
function photos_post(&$a)
{
logger('mod-photos: photos_post: begin', LOGGER_DEBUG);
logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA);
logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA);
$can_post = false;
$visitor = 0;
$page_owner_uid = $a->data['user']['uid'];
$community_page = $a->data['user']['page-flags'] == PAGE_COMMUNITY ? true : false;
if (local_user() && local_user() == $page_owner_uid) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval(remote_user()), intval($page_owner_uid));
if (count($r)) {
$can_post = true;
$visitor = remote_user();
}
}
}
if (!$can_post) {
notice(t('Permission denied.') . EOL);
killme();
}
$r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` \n\t\tWHERE `user`.`uid` = %d AND `self` = 1 LIMIT 1", intval($page_owner_uid));
if (!count($r)) {
notice(t('Contact information unavailable') . EOL);
logger('photos_post: unable to locate contact record for page owner. uid=' . $page_owner_uid);
killme();
}
$owner_record = $r[0];
if ($a->argc > 3 && $a->argv[2] === 'album') {
$album = hex2bin($a->argv[3]);
if ($album === t('Profile Photos') || $album === 'Contact Photos' || $album === t('Contact Photos')) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
return;
// NOTREACHED
}
$r = q("SELECT count(*) FROM `photo` WHERE `album` = '%s' AND `uid` = %d", dbesc($album), intval($page_owner_uid));
if (!count($r)) {
notice(t('Album not found.') . EOL);
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
return;
// NOTREACHED
}
$newalbum = notags(trim($_POST['albumname']));
if ($newalbum != $album) {
q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d", dbesc($newalbum), dbesc($album), intval($page_owner_uid));
$newurl = str_replace(bin2hex($album), bin2hex($newalbum), $_SESSION['photo_return']);
goaway($a->get_baseurl() . '/' . $newurl);
return;
// NOTREACHED
}
if ($_POST['dropalbum'] == t('Delete Album')) {
$res = array();
// get the list of photos we are about to delete
if ($visitor) {
$r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `album` = '%s'", intval($visitor), intval($page_owner_uid), dbesc($album));
} else {
$r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `uid` = %d AND `album` = '%s'", intval(local_user()), dbesc($album));
}
if (count($r)) {
foreach ($r as $rr) {
$res[] = "'" . dbesc($rr['rid']) . "'";
}
} else {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
return;
// NOTREACHED
}
$str_res = implode(',', $res);
// remove the associated photos
q("DELETE FROM `photo` WHERE `resource-id` IN ( {$str_res} ) AND `uid` = %d", intval($page_owner_uid));
// find and delete the corresponding item with all the comments and likes/dislikes
$r = q("SELECT `parent-uri` FROM `item` WHERE `resource-id` IN ( {$str_res} ) AND `uid` = %d", intval($page_owner_uid));
if (count($r)) {
foreach ($r as $rr) {
q("UPDATE `item` SET `deleted` = 1, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d", dbesc(datetime_convert()), dbesc($rr['parent-uri']), intval($page_owner_uid));
$drop_id = intval($rr['id']);
// send the notification upstream/downstream as the case may be
if ($rr['visible']) {
proc_run('php', "include/notifier.php", "drop", "{$drop_id}");
}
}
}
}
goaway($a->get_baseurl() . '/photos/' . $a->data['user']['nickname']);
return;
// NOTREACHED
}
if ($a->argc > 2 && x($_POST, 'delete') && $_POST['delete'] == t('Delete Photo')) {
// same as above but remove single photo
if ($visitor) {
$r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `resource-id` = '%s' LIMIT 1", intval($visitor), intval($page_owner_uid), dbesc($a->argv[2]));
} else {
$r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' LIMIT 1", intval(local_user()), dbesc($a->argv[2]));
}
if (count($r)) {
q("DELETE FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'", intval($page_owner_uid), dbesc($r[0]['resource-id']));
$i = q("SELECT * FROM `item` WHERE `resource-id` = '%s' AND `uid` = %d LIMIT 1", dbesc($r[0]['resource-id']), intval($page_owner_uid));
if (count($i)) {
q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d", dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($i[0]['uri']), intval($page_owner_uid));
$url = $a->get_baseurl();
$drop_id = intval($i[0]['id']);
if ($i[0]['visible']) {
proc_run('php', "include/notifier.php", "drop", "{$drop_id}");
}
}
}
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
return;
// NOTREACHED
}
if ($a->argc > 2 && (x($_POST, 'desc') !== false || x($_POST, 'newtag') !== false) || x($_POST, 'albname') !== false) {
$desc = x($_POST, 'desc') ? notags(trim($_POST['desc'])) : '';
$rawtags = x($_POST, 'newtag') ? notags(trim($_POST['newtag'])) : '';
$item_id = x($_POST, 'item_id') ? intval($_POST['item_id']) : 0;
$albname = x($_POST, 'albname') ? notags(trim($_POST['albname'])) : '';
$str_group_allow = perms2str($_POST['group_allow']);
$str_contact_allow = perms2str($_POST['contact_allow']);
$str_group_deny = perms2str($_POST['group_deny']);
$str_contact_deny = perms2str($_POST['contact_deny']);
$resource_id = $a->argv[2];
if (!strlen($albname)) {
$albname = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y');
}
if (x($_POST, 'rotate') !== false && intval($_POST['rotate']) == 1) {
logger('rotate');
$r = q("select * from photo where `resource-id` = '%s' and uid = %d and scale = 0 limit 1", dbesc($resource_id), intval($page_owner_uid));
if (count($r)) {
$ph = new Photo($r[0]['data']);
if ($ph->is_valid()) {
$ph->rotate(270);
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource-id` = '%s' and uid = %d and scale = 0 limit 1", dbesc($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 640 || $height > 640) {
$ph->scaleImage(640);
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource-id` = '%s' and uid = %d and scale = 1 limit 1", dbesc($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
}
if ($width > 320 || $height > 320) {
$ph->scaleImage(320);
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource-id` = '%s' and uid = %d and scale = 2 limit 1", dbesc($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
}
}
}
}
$p = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ORDER BY `scale` DESC", dbesc($resource_id), intval($page_owner_uid));
if (count($p)) {
$r = q("UPDATE `photo` SET `desc` = '%s', `album` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource-id` = '%s' AND `uid` = %d", dbesc($desc), dbesc($albname), dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), dbesc($resource_id), intval($page_owner_uid));
}
/* Don't make the item visible if the only change was the album name */
$visibility = 0;
if ($p[0]['desc'] !== $desc || strlen($rawtags)) {
$visibility = 1;
}
if (!$item_id) {
// Create item container
$title = '';
$uri = item_new_uri($a->get_hostname(), $page_owner_uid);
$arr = array();
$arr['uid'] = $page_owner_uid;
$arr['uri'] = $uri;
$arr['parent-uri'] = $uri;
$arr['type'] = 'photo';
$arr['wall'] = 1;
$arr['resource-id'] = $p[0]['resource-id'];
$arr['contact-id'] = $owner_record['id'];
$arr['owner-name'] = $owner_record['name'];
$arr['owner-link'] = $owner_record['url'];
$arr['owner-avatar'] = $owner_record['thumb'];
$arr['author-name'] = $owner_record['name'];
$arr['author-link'] = $owner_record['url'];
$arr['author-avatar'] = $owner_record['thumb'];
$arr['title'] = $title;
$arr['allow_cid'] = $p[0]['allow_cid'];
$arr['allow_gid'] = $p[0]['allow_gid'];
$arr['deny_cid'] = $p[0]['deny_cid'];
$arr['deny_gid'] = $p[0]['deny_gid'];
$arr['last-child'] = 1;
$arr['visible'] = $visibility;
$arr['origin'] = 1;
$arr['body'] = '[url=' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . $a->get_baseurl() . '/photo/' . $p[0]['resource-id'] . '-' . $p[0]['scale'] . '.jpg' . '[/img]' . '[/url]';
$item_id = item_store($arr);
}
if ($item_id) {
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item_id), intval($page_owner_uid));
}
if (count($r)) {
$old_tag = $r[0]['tag'];
$old_inform = $r[0]['inform'];
}
if (strlen($rawtags)) {
$str_tags = '';
$inform = '';
// if the new tag doesn't have a namespace specifier (@foo or #foo) give it a hashtag
$x = substr($rawtags, 0, 1);
if ($x !== '@' && $x !== '#') {
$rawtags = '#' . $rawtags;
}
$taginfo = array();
$tags = get_tags($rawtags);
if (count($tags)) {
foreach ($tags as $tag) {
if (isset($profile)) {
unset($profile);
}
if (strpos($tag, '@') === 0) {
$name = substr($tag, 1);
if (strpos($name, '@') || strpos($name, 'http://')) {
$newname = $name;
$links = @lrdd($name);
if (count($links)) {
foreach ($links as $link) {
if ($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page') {
$profile = $link['@attributes']['href'];
}
if ($link['@attributes']['rel'] === 'salmon') {
$salmon = '$url:' . str_replace(',', '%sc', $link['@attributes']['href']);
if (strlen($inform)) {
$inform .= ',';
}
$inform .= $salmon;
}
}
}
$taginfo[] = array($newname, $profile, $salmon);
} else {
$newname = $name;
$alias = '';
$tagcid = 0;
if (strrpos($newname, '+')) {
$tagcid = intval(substr($newname, strrpos($newname, '+') + 1));
}
if ($tagcid) {
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($tagcid), intval($profile_uid));
} elseif (strstr($name, '_') || strstr($name, ' ')) {
$newname = str_replace('_', ' ', $name);
$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", dbesc($newname), intval($page_owner_uid));
} else {
$r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1", dbesc($name), dbesc($name), intval($page_owner_uid));
}
if (count($r)) {
$newname = $r[0]['name'];
$profile = $r[0]['url'];
$notify = 'cid:' . $r[0]['id'];
if (strlen($inform)) {
$inform .= ',';
}
$inform .= $notify;
}
}
if ($profile) {
if (substr($notify, 0, 4) === 'cid:') {
$taginfo[] = array($newname, $profile, $notify, $r[0], '@[url=' . str_replace(',', '%2c', $profile) . ']' . $newname . '[/url]');
} else {
$taginfo[] = array($newname, $profile, $notify, null, $str_tags .= '@[url=' . $profile . ']' . $newname . '[/url]');
}
if (strlen($str_tags)) {
$str_tags .= ',';
}
$profile = str_replace(',', '%2c', $profile);
$str_tags .= '@[url=' . $profile . ']' . $newname . '[/url]';
}
}
}
}
$newtag = $old_tag;
if (strlen($newtag) && strlen($str_tags)) {
$newtag .= ',';
}
$newtag .= $str_tags;
$newinform = $old_inform;
if (strlen($newinform) && strlen($inform)) {
$newinform .= ',';
}
$newinform .= $inform;
$r = q("UPDATE `item` SET `tag` = '%s', `inform` = '%s', `edited` = '%s', `changed` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", dbesc($newtag), dbesc($newinform), dbesc(datetime_convert()), dbesc(datetime_convert()), intval($item_id), intval($page_owner_uid));
$best = 0;
foreach ($p as $scales) {
if (intval($scales['scale']) == 2) {
$best = 2;
break;
}
if (intval($scales['scale']) == 4) {
$best = 4;
break;
}
}
if (count($taginfo)) {
foreach ($taginfo as $tagged) {
$uri = item_new_uri($a->get_hostname(), $page_owner_uid);
$arr = array();
$arr['uid'] = $page_owner_uid;
$arr['uri'] = $uri;
$arr['parent-uri'] = $uri;
$arr['type'] = 'activity';
$arr['wall'] = 1;
$arr['contact-id'] = $owner_record['id'];
$arr['owner-name'] = $owner_record['name'];
$arr['owner-link'] = $owner_record['url'];
$arr['owner-avatar'] = $owner_record['thumb'];
$arr['author-name'] = $owner_record['name'];
$arr['author-link'] = $owner_record['url'];
$arr['author-avatar'] = $owner_record['thumb'];
$arr['title'] = '';
$arr['allow_cid'] = $p[0]['allow_cid'];
$arr['allow_gid'] = $p[0]['allow_gid'];
$arr['deny_cid'] = $p[0]['deny_cid'];
$arr['deny_gid'] = $p[0]['deny_gid'];
$arr['last-child'] = 1;
$arr['visible'] = 1;
$arr['verb'] = ACTIVITY_TAG;
$arr['object-type'] = ACTIVITY_OBJ_PERSON;
$arr['target-type'] = ACTIVITY_OBJ_PHOTO;
$arr['tag'] = $tagged[4];
$arr['inform'] = $tagged[2];
$arr['origin'] = 1;
$arr['body'] = '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]' . ' ' . t('was tagged in a') . ' ' . '[url=' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . t('photo') . '[/url]' . ' ' . t('by') . ' ' . '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]';
$arr['body'] .= "\n\n" . '[url=' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . $a->get_baseurl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.jpg' . '[/img][/url]' . "\n";
$arr['object'] = '<object><type>' . ACTIVITY_OBJ_PERSON . '</type><title>' . $tagged[0] . '</title><id>' . $tagged[1] . '/' . $tagged[0] . '</id>';
$arr['object'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $tagged[1] . '" />' . "\n");
if ($tagged[3]) {
$arr['object'] .= xmlify('<link rel="photo" type="image/jpeg" href="' . $tagged[3]['photo'] . '" />' . "\n");
}
$arr['object'] .= '</link></object>' . "\n";
$arr['target'] = '<target><type>' . ACTIVITY_OBJ_PHOTO . '</type><title>' . $p[0]['desc'] . '</title><id>' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '</id>';
$arr['target'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '" />' . "\n" . '<link rel="preview" type="image/jpeg" href="' . $a->get_baseurl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.jpg' . '" />') . '</link></target>';
$item_id = item_store($arr);
if ($item_id) {
q("UPDATE `item` SET `plink` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1", dbesc($a->get_baseurl() . '/display/' . $owner_record['nickname'] . '/' . $item_id), intval($page_owner_uid), intval($item_id));
proc_run('php', "include/notifier.php", "tag", "{$item_id}");
}
}
}
}
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
return;
// NOTREACHED
}
/**
* default post action - upload a photo
*/
call_hooks('photo_post_init', $_POST);
/**
* Determine the album to use
*/
$album = notags(trim($_REQUEST['album']));
$newalbum = notags(trim($_REQUEST['newalbum']));
logger('mod/photos.php: photos_post(): album= ' . $album . ' newalbum= ' . $newalbum, LOGGER_DEBUG);
if (!strlen($album)) {
if (strlen($newalbum)) {
$album = $newalbum;
} else {
$album = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y');
}
}
/**
*
* We create a wall item for every photo, but we don't want to
* overwhelm the data stream with a hundred newly uploaded photos.
* So we will make the first photo uploaded to this album in the last several hours
* visible by default, the rest will become visible over time when and if
* they acquire comments, likes, dislikes, and/or tags
*
*/
$r = q("SELECT * FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `created` > UTC_TIMESTAMP() - INTERVAL 3 HOUR ", dbesc($album), intval($page_owner_uid));
if (!count($r) || $album == t('Profile Photos')) {
$visible = 1;
} else {
$visible = 0;
}
if (intval($_REQUEST['not_visible']) || $_REQUEST['not_visible'] === 'true') {
$visible = 0;
}
$str_group_allow = perms2str(is_array($_REQUEST['group_allow']) ? $_REQUEST['group_allow'] : explode(',', $_REQUEST['group_allow']));
$str_contact_allow = perms2str(is_array($_REQUEST['contact_allow']) ? $_REQUEST['contact_allow'] : explode(',', $_REQUEST['contact_allow']));
$str_group_deny = perms2str(is_array($_REQUEST['group_deny']) ? $_REQUEST['group_deny'] : explode(',', $_REQUEST['group_deny']));
$str_contact_deny = perms2str(is_array($_REQUEST['contact_deny']) ? $_REQUEST['contact_deny'] : explode(',', $_REQUEST['contact_deny']));
$ret = array('src' => '', 'filename' => '', 'filesize' => 0);
call_hooks('photo_post_file', $ret);
if (x($ret, 'src') && x($ret, 'filesize')) {
$src = $ret['src'];
$filename = $ret['filename'];
$filesize = $ret['filesize'];
} else {
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
}
logger('photos: upload: received file: ' . $filename . ' as ' . $src . ' ' . $filesize . ' bytes', LOGGER_DEBUG);
$maximagesize = get_config('system', 'maximagesize');
if ($maximagesize && $filesize > $maximagesize) {
notice(t('Image exceeds size limit of ') . $maximagesize . EOL);
@unlink($src);
$foo = 0;
call_hooks('photo_post_end', $foo);
return;
}
if (!$filesize) {
notice(t('Image file is empty.') . EOL);
@unlink($src);
$foo = 0;
call_hooks('photo_post_end', $foo);
return;
}
logger('mod/photos.php: photos_post(): loading the contents of ' . $src, LOGGER_DEBUG);
$imagedata = @file_get_contents($src);
$ph = new Photo($imagedata);
if (!$ph->is_valid()) {
logger('mod/photos.php: photos_post(): unable to process image', LOGGER_DEBUG);
notice(t('Unable to process image.') . EOL);
@unlink($src);
$foo = 0;
call_hooks('photo_post_end', $foo);
killme();
}
@unlink($src);
$width = $ph->getWidth();
$height = $ph->getHeight();
$smallest = 0;
$photo_hash = photo_new_resource();
$r = $ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 0, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
if (!$r) {
logger('mod/photos.php: photos_post(): image store failed', LOGGER_DEBUG);
notice(t('Image upload failed.') . EOL);
killme();
}
if ($width > 640 || $height > 640) {
$ph->scaleImage(640);
$ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$smallest = 1;
}
if ($width > 320 || $height > 320) {
$ph->scaleImage(320);
$ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$smallest = 2;
}
$basename = basename($filename);
$uri = item_new_uri($a->get_hostname(), $page_owner_uid);
// Create item container
$arr = array();
$arr['uid'] = $page_owner_uid;
$arr['uri'] = $uri;
$arr['parent-uri'] = $uri;
$arr['type'] = 'photo';
$arr['wall'] = 1;
$arr['resource-id'] = $photo_hash;
$arr['contact-id'] = $owner_record['id'];
$arr['owner-name'] = $owner_record['name'];
$arr['owner-link'] = $owner_record['url'];
$arr['owner-avatar'] = $owner_record['thumb'];
$arr['author-name'] = $owner_record['name'];
$arr['author-link'] = $owner_record['url'];
$arr['author-avatar'] = $owner_record['thumb'];
$arr['title'] = '';
$arr['allow_cid'] = $str_contact_allow;
$arr['allow_gid'] = $str_group_allow;
$arr['deny_cid'] = $str_contact_deny;
$arr['deny_gid'] = $str_group_deny;
$arr['last-child'] = 1;
$arr['visible'] = $visible;
$arr['origin'] = 1;
$arr['body'] = '[url=' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $photo_hash . ']' . '[img]' . $a->get_baseurl() . "/photo/{$photo_hash}-{$smallest}.jpg" . '[/img]' . '[/url]';
$item_id = item_store($arr);
if ($item_id) {
q("UPDATE `item` SET `plink` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1", dbesc($a->get_baseurl() . '/display/' . $owner_record['nickname'] . '/' . $item_id), intval($page_owner_uid), intval($item_id));
}
if ($visible) {
proc_run('php', "include/notifier.php", 'wall-new', $item_id);
}
call_hooks('photo_post_end', intval($item_id));
// addon uploaders should call "killme()" [e.g. exit] within the photo_post_end hook
// if they do not wish to be redirected
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
// NOTREACHED
}
function fix_private_photos($s, $uid, $item = null, $cid = 0)
{
if (get_config('system', 'disable_embedded')) {
return $s;
}
$a = get_app();
logger('fix_private_photos: check for photos', LOGGER_DEBUG);
$site = substr($a->get_baseurl(), strpos($a->get_baseurl(), '://'));
$orig_body = $s;
$new_body = '';
$img_start = strpos($orig_body, '[img');
$img_st_close = $img_start !== false ? strpos(substr($orig_body, $img_start), ']') : false;
$img_len = $img_start !== false ? strpos(substr($orig_body, $img_start + $img_st_close + 1), '[/img]') : false;
while ($img_st_close !== false && $img_len !== false) {
$img_st_close++;
// make it point to AFTER the closing bracket
$image = substr($orig_body, $img_start + $img_st_close, $img_len);
logger('fix_private_photos: found photo ' . $image, LOGGER_DEBUG);
if (stristr($image, $site . '/photo/')) {
// Only embed locally hosted photos
$replace = false;
$i = basename($image);
$i = str_replace(array('.jpg', '.png', '.gif'), array('', '', ''), $i);
$x = strpos($i, '-');
if ($x) {
$res = substr($i, $x + 1);
$i = substr($i, 0, $x);
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d AND `uid` = %d", dbesc($i), intval($res), intval($uid));
if ($r) {
// Check to see if we should replace this photo link with an embedded image
// 1. No need to do so if the photo is public
// 2. If there's a contact-id provided, see if they're in the access list
// for the photo. If so, embed it.
// 3. Otherwise, if we have an item, see if the item permissions match the photo
// permissions, regardless of order but first check to see if they're an exact
// match to save some processing overhead.
if (has_permissions($r[0])) {
if ($cid) {
$recips = enumerate_permissions($r[0]);
if (in_array($cid, $recips)) {
$replace = true;
}
} elseif ($item) {
if (compare_permissions($item, $r[0])) {
$replace = true;
}
}
}
if ($replace) {
$data = $r[0]['data'];
$type = $r[0]['type'];
// If a custom width and height were specified, apply before embedding
if (preg_match("/\\[img\\=([0-9]*)x([0-9]*)\\]/is", substr($orig_body, $img_start, $img_st_close), $match)) {
logger('fix_private_photos: scaling photo', LOGGER_DEBUG);
$width = intval($match[1]);
$height = intval($match[2]);
$ph = new Photo($data, $type);
if ($ph->is_valid()) {
$ph->scaleImage(max($width, $height));
$data = $ph->imageString();
$type = $ph->getType();
}
}
logger('fix_private_photos: replacing photo', LOGGER_DEBUG);
$image = 'data:' . $type . ';base64,' . base64_encode($data);
logger('fix_private_photos: replaced: ' . $image, LOGGER_DATA);
}
}
}
}
$new_body = $new_body . substr($orig_body, 0, $img_start + $img_st_close) . $image . '[/img]';
$orig_body = substr($orig_body, $img_start + $img_st_close + $img_len + strlen('[/img]'));
if ($orig_body === false) {
$orig_body = '';
}
$img_start = strpos($orig_body, '[img');
$img_st_close = $img_start !== false ? strpos(substr($orig_body, $img_start), ']') : false;
$img_len = $img_start !== false ? strpos(substr($orig_body, $img_start + $img_st_close + 1), '[/img]') : false;
}
$new_body = $new_body . $orig_body;
return $new_body;
}
function photo_init(&$a)
{
switch ($a->argc) {
case 4:
$person = $a->argv[3];
$customres = intval($a->argv[2]);
$type = $a->argv[1];
break;
case 3:
$person = $a->argv[2];
$type = $a->argv[1];
break;
case 2:
$photo = $a->argv[1];
break;
case 1:
default:
killme();
// NOTREACHED
}
$default = 'images/default-profile.jpg';
if (isset($type)) {
/**
* Profile photos
*/
switch ($type) {
case 'profile':
case 'custom':
$resolution = 4;
break;
case 'micro':
$resolution = 6;
$default = 'images/default-profile-mm.jpg';
break;
case 'avatar':
default:
$resolution = 5;
$default = 'images/default-profile-sm.jpg';
break;
}
$uid = str_replace('.jpg', '', $person);
$r = q("SELECT * FROM `photo` WHERE `scale` = %d AND `uid` = %d AND `profile` = 1 LIMIT 1", intval($resolution), intval($uid));
if (count($r)) {
$data = $r[0]['data'];
}
if (!isset($data)) {
$data = file_get_contents($default);
}
} else {
/**
* Other photos
*/
$resolution = 0;
$photo = str_replace('.jpg', '', $photo);
if (substr($photo, -2, 1) == '-') {
$resolution = intval(substr($photo, -1, 1));
$photo = substr($photo, 0, -2);
}
$r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", dbesc($photo), intval($resolution));
if (count($r)) {
$sql_extra = permissions_sql($r[0]['uid']);
// Now we'll see if we can access the photo
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d {$sql_extra} LIMIT 1", dbesc($photo), intval($resolution));
if (count($r)) {
$data = $r[0]['data'];
} else {
// Does the picture exist? It may be a remote person with no credentials,
// but who should otherwise be able to view it. Show a default image to let
// them know permissions was denied. It may be possible to view the image
// through an authenticated profile visit.
// There won't be many completely unauthorised people seeing this because
// they won't have the photo link, so there's a reasonable chance that the person
// might be able to obtain permission to view it.
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", dbesc($photo), intval($resolution));
if (count($r)) {
$data = file_get_contents('images/nosign.jpg');
}
}
}
}
if (!isset($data)) {
killme();
// NOTREACHED
}
if (intval($customres) && $customres > 0 && $customres < 500) {
require_once 'include/Photo.php';
$ph = new Photo($data);
if ($ph->is_valid()) {
$ph->scaleImageSquare($customres);
$data = $ph->imageString();
}
}
if (function_exists('header_remove')) {
header_remove('Pragma');
header_remove('pragma');
}
header("Content-type: image/jpeg");
header("Expires: " . gmdate("D, d M Y H:i:s", time() + 3600 * 24) . " GMT");
header("Cache-Control: max-age=" . 3600 * 24);
echo $data;
killme();
// NOTREACHED
}
function proxy_init()
{
global $a, $_SERVER;
// Pictures are stored in one of the following ways:
// 1. If a folder "proxy" exists and is writeable, then use this for caching
// 2. If a cache path is defined, use this
// 3. If everything else failed, cache into the database
//
// Question: Do we really need these three methods?
if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
header('HTTP/1.1 304 Not Modified');
header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
header('Etag: ' . $_SERVER['HTTP_IF_NONE_MATCH']);
header("Expires: " . gmdate("D, d M Y H:i:s", time() + 31536000) . " GMT");
header("Cache-Control: max-age=31536000");
if (function_exists('header_remove')) {
header_remove('Last-Modified');
header_remove('Expires');
header_remove('Cache-Control');
}
exit;
}
if (function_exists('header_remove')) {
header_remove('Pragma');
header_remove('pragma');
}
$thumb = false;
$size = 1024;
// If the cache path isn't there, try to create it
if (!is_dir($_SERVER["DOCUMENT_ROOT"] . "/proxy")) {
if (is_writable($_SERVER["DOCUMENT_ROOT"])) {
mkdir($_SERVER["DOCUMENT_ROOT"] . "/proxy");
}
}
// Checking if caching into a folder in the webroot is activated and working
$direct_cache = (is_dir($_SERVER["DOCUMENT_ROOT"] . "/proxy") and is_writable($_SERVER["DOCUMENT_ROOT"] . "/proxy"));
// Look for filename in the arguments
if ((isset($a->argv[1]) or isset($a->argv[2]) or isset($a->argv[3])) and !isset($_REQUEST["url"])) {
if (isset($a->argv[3])) {
$url = $a->argv[3];
} elseif (isset($a->argv[2])) {
$url = $a->argv[2];
} else {
$url = $a->argv[1];
}
if (isset($a->argv[3]) and $a->argv[3] == "thumb") {
$size = 200;
}
// thumb, small, medium and large.
if (substr($url, -6) == ":thumb") {
$size = 150;
}
if (substr($url, -6) == ":small") {
$size = 340;
}
if (substr($url, -7) == ":medium") {
$size = 600;
}
if (substr($url, -6) == ":large") {
$size = 1024;
}
$pos = strrpos($url, "=.");
if ($pos) {
$url = substr($url, 0, $pos + 1);
}
$url = str_replace(array(".jpg", ".jpeg", ".gif", ".png"), array("", "", "", ""), $url);
$url = base64_decode(strtr($url, '-_', '+/'), true);
if ($url) {
$_REQUEST['url'] = $url;
}
} else {
$direct_cache = false;
}
if (!$direct_cache) {
$urlhash = 'pic:' . sha1($_REQUEST['url']);
$cachefile = get_cachefile(hash("md5", $_REQUEST['url']));
if ($cachefile != '') {
if (file_exists($cachefile)) {
$img_str = file_get_contents($cachefile);
$mime = image_type_to_mime_type(exif_imagetype($cachefile));
header("Content-type: {$mime}");
header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
header('Etag: "' . md5($img_str) . '"');
header("Expires: " . gmdate("D, d M Y H:i:s", time() + 31536000) . " GMT");
header("Cache-Control: max-age=31536000");
// reduce quality - if it isn't a GIF
if ($mime != "image/gif") {
$img = new Photo($img_str, $mime);
if ($img->is_valid()) {
$img_str = $img->imageString();
}
}
echo $img_str;
killme();
}
}
} else {
$cachefile = "";
}
$valid = true;
if (!$direct_cache and $cachefile == "") {
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' LIMIT 1", $urlhash);
if (count($r)) {
$img_str = $r[0]['data'];
$mime = $r[0]["desc"];
if ($mime == "") {
$mime = "image/jpeg";
}
}
} else {
$r = array();
}
if (!count($r)) {
// It shouldn't happen but it does - spaces in URL
$_REQUEST['url'] = str_replace(" ", "+", $_REQUEST['url']);
$redirects = 0;
$img_str = fetch_url($_REQUEST['url'], true, $redirects, 10);
$tempfile = tempnam(get_temppath(), "cache");
file_put_contents($tempfile, $img_str);
$mime = image_type_to_mime_type(exif_imagetype($tempfile));
unlink($tempfile);
// If there is an error then return a blank image
if (substr($a->get_curl_code(), 0, 1) == "4" or !$img_str) {
$img_str = file_get_contents("images/blank.png");
$mime = "image/png";
$cachefile = "";
// Clear the cachefile so that the dummy isn't stored
$valid = false;
$img = new Photo($img_str, "image/png");
if ($img->is_valid()) {
$img->scaleImage(10);
$img_str = $img->imageString();
}
} else {
if ($mime != "image/jpeg" and !$direct_cache and $cachefile == "") {
$image = @imagecreatefromstring($img_str);
if ($image === FALSE) {
die;
}
q("INSERT INTO `photo`\n\t\t\t( `uid`, `contact-id`, `guid`, `resource-id`, `created`, `edited`, `filename`, `album`, `height`, `width`, `desc`, `data`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, %d, '%s', '%s', '%s', '%s' )", 0, 0, get_guid(), dbesc($urlhash), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(basename(dbesc($_REQUEST["url"]))), dbesc(''), intval(imagesy($image)), intval(imagesx($image)), $mime, dbesc($img_str), 100, intval(0), dbesc(''), dbesc(''), dbesc(''), dbesc(''));
} else {
$img = new Photo($img_str, $mime);
if ($img->is_valid()) {
if (!$direct_cache and $cachefile == "") {
$img->store(0, 0, $urlhash, $_REQUEST['url'], '', 100);
}
}
}
}
}
// reduce quality - if it isn't a GIF
if ($mime != "image/gif") {
$img = new Photo($img_str, $mime);
if ($img->is_valid()) {
$img->scaleImage($size);
$img_str = $img->imageString();
}
}
// If there is a real existing directory then put the cache file there
// advantage: real file access is really fast
// Otherwise write in cachefile
if ($valid and $direct_cache) {
file_put_contents($_SERVER["DOCUMENT_ROOT"] . "/proxy/" . proxy_url($_REQUEST['url'], true), $img_str);
} elseif ($cachefile != '') {
file_put_contents($cachefile, $img_str);
}
header("Content-type: {$mime}");
// Only output the cache headers when the file is valid
if ($valid) {
header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
header('Etag: "' . md5($img_str) . '"');
header("Expires: " . gmdate("D, d M Y H:i:s", time() + 31536000) . " GMT");
header("Cache-Control: max-age=31536000");
}
echo $img_str;
killme();
}
function photo_init(&$a)
{
// To-Do:
// - checking with realpath
// - checking permissions
/*
$cache = get_config('system','itemcache');
if (($cache != '') and is_dir($cache)) {
$cachefile = $cache."/".$a->argc."-".$a->argv[1]."-".$a->argv[2]."-".$a->argv[3];
if (file_exists($cachefile)) {
$data = file_get_contents($cachefile);
if(function_exists('header_remove')) {
header_remove('Pragma');
header_remove('pragma');
}
header("Content-type: image/jpeg");
header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT");
header("Cache-Control: max-age=" . (3600*24));
echo $data;
killme();
// NOTREACHED
}
}*/
$prvcachecontrol = false;
switch ($a->argc) {
case 4:
$person = $a->argv[3];
$customres = intval($a->argv[2]);
$type = $a->argv[1];
break;
case 3:
$person = $a->argv[2];
$type = $a->argv[1];
break;
case 2:
$photo = $a->argv[1];
break;
case 1:
default:
killme();
// NOTREACHED
}
$default = 'images/person-175.jpg';
if (isset($type)) {
/**
* Profile photos
*/
switch ($type) {
case 'profile':
case 'custom':
$resolution = 4;
break;
case 'micro':
$resolution = 6;
$default = 'images/person-48.jpg';
break;
case 'avatar':
default:
$resolution = 5;
$default = 'images/person-80.jpg';
break;
}
$uid = str_replace('.jpg', '', $person);
$r = q("SELECT * FROM `photo` WHERE `scale` = %d AND `uid` = %d AND `profile` = 1 LIMIT 1", intval($resolution), intval($uid));
if (count($r)) {
$data = $r[0]['data'];
}
if (!isset($data)) {
$data = file_get_contents($default);
}
} else {
/**
* Other photos
*/
$resolution = 0;
$photo = str_replace('.jpg', '', $photo);
if (substr($photo, -2, 1) == '-') {
$resolution = intval(substr($photo, -1, 1));
$photo = substr($photo, 0, -2);
}
$r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", dbesc($photo), intval($resolution));
if (count($r)) {
$sql_extra = permissions_sql($r[0]['uid']);
// Now we'll see if we can access the photo
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d {$sql_extra} LIMIT 1", dbesc($photo), intval($resolution));
if (count($r)) {
$data = $r[0]['data'];
} else {
// Does the picture exist? It may be a remote person with no credentials,
// but who should otherwise be able to view it. Show a default image to let
// them know permissions was denied. It may be possible to view the image
// through an authenticated profile visit.
// There won't be many completely unauthorised people seeing this because
// they won't have the photo link, so there's a reasonable chance that the person
// might be able to obtain permission to view it.
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", dbesc($photo), intval($resolution));
if (count($r)) {
$data = file_get_contents('images/nosign.jpg');
$prvcachecontrol = true;
}
}
}
}
if (!isset($data)) {
if (isset($resolution)) {
switch ($resolution) {
case 4:
$data = file_get_contents('images/person-175.jpg');
break;
case 5:
$data = file_get_contents('images/person-80.jpg');
break;
case 6:
$data = file_get_contents('images/person-48.jpg');
break;
default:
killme();
// NOTREACHED
break;
}
}
}
if (isset($customres) && $customres > 0 && $customres < 500) {
require_once 'include/Photo.php';
$ph = new Photo($data);
if ($ph->is_valid()) {
$ph->scaleImageSquare($customres);
$data = $ph->imageString();
}
}
// Writing in cachefile
if (isset($cachefile) && $cachefile != '') {
file_put_contents($cachefile, $data);
}
if (function_exists('header_remove')) {
header_remove('Pragma');
header_remove('pragma');
}
header("Content-type: image/jpeg");
if ($prvcachecontrol) {
// it is a private photo that they have no permission to view.
// tell the browser not to cache it, in case they authenticate
// and subsequently have permission to see it
header("Cache-Control: no-store, no-cache, must-revalidate");
} else {
header("Expires: " . gmdate("D, d M Y H:i:s", time() + 3600 * 24) . " GMT");
header("Cache-Control: max-age=" . 3600 * 24);
}
echo $data;
killme();
// NOTREACHED
}
function photo_init(&$a)
{
global $_SERVER;
$prvcachecontrol = false;
$file = "";
switch ($a->argc) {
case 4:
$person = $a->argv[3];
$customres = intval($a->argv[2]);
$type = $a->argv[1];
break;
case 3:
$person = $a->argv[2];
$type = $a->argv[1];
break;
case 2:
$photo = $a->argv[1];
$file = $photo;
break;
case 1:
default:
killme();
// NOTREACHED
}
// strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= filemtime($localFileName)) {
if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
header('HTTP/1.1 304 Not Modified');
header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
header('Etag: ' . $_SERVER['HTTP_IF_NONE_MATCH']);
header("Expires: " . gmdate("D, d M Y H:i:s", time() + 31536000) . " GMT");
header("Cache-Control: max-age=31536000");
if (function_exists('header_remove')) {
header_remove('Last-Modified');
header_remove('Expires');
header_remove('Cache-Control');
}
exit;
}
$default = 'images/person-175.jpg';
if (isset($type)) {
/**
* Profile photos
*/
switch ($type) {
case 'profile':
case 'custom':
$resolution = 4;
break;
case 'micro':
$resolution = 6;
$default = 'images/person-48.jpg';
break;
case 'avatar':
default:
$resolution = 5;
$default = 'images/person-80.jpg';
break;
}
$uid = str_replace(array('.jpg', '.png'), array('', ''), $person);
$r = q("SELECT * FROM `photo` WHERE `scale` = %d AND `uid` = %d AND `profile` = 1 LIMIT 1", intval($resolution), intval($uid));
if (count($r)) {
$data = $r[0]['data'];
$mimetype = $r[0]['type'];
}
if (!isset($data)) {
$data = file_get_contents($default);
$mimetype = 'image/jpeg';
}
} else {
/**
* Other photos
*/
$resolution = 0;
foreach (Photo::supportedTypes() as $m => $e) {
$photo = str_replace(".{$e}", '', $photo);
}
if (substr($photo, -2, 1) == '-') {
$resolution = intval(substr($photo, -1, 1));
$photo = substr($photo, 0, -2);
}
$r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", dbesc($photo), intval($resolution));
if (count($r)) {
$sql_extra = permissions_sql($r[0]['uid']);
// Now we'll see if we can access the photo
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d {$sql_extra} LIMIT 1", dbesc($photo), intval($resolution));
$public = $r[0]['allow_cid'] == '' and $r[0]['allow_gid'] == '' and $r[0]['deny_cid'] == '' and $r[0]['deny_gid'] == '';
if (count($r)) {
$data = $r[0]['data'];
$mimetype = $r[0]['type'];
} else {
// Does the picture exist? It may be a remote person with no credentials,
// but who should otherwise be able to view it. Show a default image to let
// them know permissions was denied. It may be possible to view the image
// through an authenticated profile visit.
// There won't be many completely unauthorised people seeing this because
// they won't have the photo link, so there's a reasonable chance that the person
// might be able to obtain permission to view it.
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", dbesc($photo), intval($resolution));
if (count($r)) {
$data = file_get_contents('images/nosign.jpg');
$mimetype = 'image/jpeg';
$prvcachecontrol = true;
}
}
}
}
if (!isset($data)) {
if (isset($resolution)) {
switch ($resolution) {
case 4:
$data = file_get_contents('images/person-175.jpg');
$mimetype = 'image/jpeg';
break;
case 5:
$data = file_get_contents('images/person-80.jpg');
$mimetype = 'image/jpeg';
break;
case 6:
$data = file_get_contents('images/person-48.jpg');
$mimetype = 'image/jpeg';
break;
default:
killme();
// NOTREACHED
break;
}
}
}
// Resize only if its not a GIF
if ($mime != "image/gif") {
$ph = new Photo($data, $mimetype);
if ($ph->is_valid()) {
if (isset($customres) && $customres > 0 && $customres < 500) {
$ph->scaleImageSquare($customres);
}
$data = $ph->imageString();
$mimetype = $ph->getType();
}
}
if (function_exists('header_remove')) {
header_remove('Pragma');
header_remove('pragma');
}
header("Content-type: " . $mimetype);
if ($prvcachecontrol) {
// it is a private photo that they have no permission to view.
// tell the browser not to cache it, in case they authenticate
// and subsequently have permission to see it
header("Cache-Control: no-store, no-cache, must-revalidate");
} else {
header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
header('Etag: "' . md5($data) . '"');
header("Expires: " . gmdate("D, d M Y H:i:s", time() + 31536000) . " GMT");
header("Cache-Control: max-age=31536000");
}
echo $data;
// If the photo is public and there is an existing photo directory store the photo there
if ($public and $file != "") {
if (is_dir($_SERVER["DOCUMENT_ROOT"] . "/photo")) {
file_put_contents($_SERVER["DOCUMENT_ROOT"] . "/photo/" . $file, $data);
}
}
killme();
// NOTREACHED
}
