function post()
{
$hash = $_POST['hash'];
$time = $_POST['time'];
$sig = $_POST['signature'];
$resource = $_POST['resource'];
$revision = intval($_POST['revision']);
if (!$hash) {
killme();
}
$channel = channelx_by_hash($hash);
if (!$channel || !$time || !$sig) {
killme();
}
$slop = intval(get_pconfig($channel['channel_id'], 'system', 'getfile_time_slop'));
if ($slop < 1) {
$slop = 3;
}
$d1 = datetime_convert('UTC', 'UTC', "now + {$slop} minutes");
$d2 = datetime_convert('UTC', 'UTC', "now - {$slop} minutes");
if ($time > $d1 || $time < $d2) {
logger('time outside allowable range');
killme();
}
if (!rsa_verify($hash . '.' . $time, base64url_decode($sig), $channel['channel_pubkey'])) {
logger('verify failed.');
killme();
}
$r = attach_by_hash($resource, $revision);
if (!$r['success']) {
notice($r['message'] . EOL);
return;
}
$unsafe_types = array('text/html', 'text/css', 'application/javascript');
if (in_array($r['data']['filetype'], $unsafe_types)) {
header('Content-type: text/plain');
} else {
header('Content-type: ' . $r['data']['filetype']);
}
header('Content-disposition: attachment; filename="' . $r['data']['filename'] . '"');
if (intval($r['data']['os_storage'])) {
$fname = dbunescbin($r['data']['data']);
if (strpos($fname, 'store') !== false) {
$istream = fopen($fname, 'rb');
} else {
$istream = fopen('store/' . $channel['channel_address'] . '/' . $fname, 'rb');
}
$ostream = fopen('php://output', 'wb');
if ($istream && $ostream) {
pipe_streams($istream, $ostream);
fclose($istream);
fclose($ostream);
}
} else {
echo dbunescbin($r['data']['data']);
}
killme();
}
function attach_init(&$a)
{
if (argc() < 2) {
notice(t('Item not available.') . EOL);
return;
}
$r = attach_by_hash(argv(1), argc() > 2 ? intval(argv(2)) : 0);
if (!$r['success']) {
notice($r['message'] . EOL);
return;
}
$c = q("select channel_address from channel where channel_id = %d limit 1", intval($r['data']['uid']));
if (!$c) {
return;
}
$unsafe_types = array('text/html', 'text/css', 'application/javascript');
if (in_array($r['data']['filetype'], $unsafe_types)) {
header('Content-type: text/plain');
} else {
header('Content-type: ' . $r['data']['filetype']);
}
header('Content-disposition: attachment; filename="' . $r['data']['filename'] . '"');
if (intval($r['data']['os_storage'])) {
$fname = dbunescbin($r['data']['data']);
if (strpos($fname, 'store') !== false) {
$istream = fopen($fname, 'rb');
} else {
$istream = fopen('store/' . $c[0]['channel_address'] . '/' . $fname, 'rb');
}
$ostream = fopen('php://output', 'wb');
if ($istream && $ostream) {
pipe_streams($istream, $ostream);
fclose($istream);
fclose($ostream);
}
} else {
echo dbunescbin($r['data']['data']);
}
killme();
}
function api_photo_detail(&$a, $type)
{
if (api_user() === false) {
return false;
}
if (!$_REQUEST['photo_id']) {
return false;
}
$scale = array_key_exists('scale', $_REQUEST) ? intval($_REQUEST['scale']) : 0;
$r = q("select * from photo where uid = %d and resource_id = '%s' and scale = %d limit 1", intval(local_channel()), dbesc($_REQUEST['photo_id']), intval($scale));
if ($r) {
$data = dbunescbin($r[0]['data']);
if (array_key_exists('os_storage', $r[0]) && intval($r[0]['os_storage'])) {
$data = file_get_contents($data);
}
$r[0]['data'] = base64_encode($data);
$ret = array('photo' => $r[0]);
$i = q("select id from item where uid = %d and resource_type = 'photo' and resource_id = '%s' limit 1", intval(local_channel()), dbesc($_REQUEST['photo_id']));
if ($i) {
$ii = q("select * from item where parent = %d order by id", intval($i[0]['id']));
if ($ii) {
xchan_query($ii, true, 0);
$ii = fetch_post_tags($ii, true);
if ($ii) {
$ret['item'] = array();
foreach ($ii as $iii) {
$ret['item'][] = encode_item($iii, true);
}
}
}
}
json_return_and_die($ret);
}
killme();
}
function profile_photo_content(&$a)
{
if (!local_channel()) {
notice(t('Permission denied.') . EOL);
return;
}
$channel = App::get_channel();
$newuser = false;
if (argc() == 2 && argv(1) === 'new') {
$newuser = true;
}
if (argv(1) === 'use') {
if (argc() < 3) {
notice(t('Permission denied.') . EOL);
return;
}
// check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
$resource_id = argv(2);
$r = q("SELECT id, album, scale FROM photo WHERE uid = %d AND resource_id = '%s' ORDER BY scale ASC", intval(local_channel()), dbesc($resource_id));
if (!$r) {
notice(t('Photo not available.') . EOL);
return;
}
$havescale = false;
foreach ($r as $rr) {
if ($rr['scale'] == 5) {
$havescale = true;
}
}
// set an already loaded photo as profile photo
if ($r[0]['album'] == t('Profile Photos') && $havescale) {
// unset any existing profile photos
$r = q("UPDATE photo SET photo_usage = %d WHERE photo_usage = %d AND uid = %d", intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval(local_channel()));
$r = q("UPDATE photo SET photo_usage = %d WHERE uid = %d AND resource_id = '%s'", intval(PHOTO_PROFILE), intval(local_channel()), dbesc($resource_id));
$r = q("UPDATE xchan set xchan_photo_date = '%s' \n\t\t\t\twhere xchan_hash = '%s'", dbesc(datetime_convert()), dbesc($channel['xchan_hash']));
profile_photo_set_profile_perms();
//Reset default photo permissions to public
proc_run('php', 'include/directory.php', local_channel());
goaway(z_root() . '/profiles');
}
$r = q("SELECT `data`, `type`, resource_id, os_storage FROM photo WHERE id = %d and uid = %d limit 1", intval($r[0]['id']), intval(local_channel()));
if (!$r) {
notice(t('Photo not available.') . EOL);
return;
}
if (intval($r[0]['os_storage'])) {
$data = @file_get_contents($r[0]['data']);
} else {
$data = dbunescbin($r[0]['data']);
}
$ph = photo_factory($data, $r[0]['type']);
$smallest = 0;
if ($ph->is_valid()) {
// go ahead as if we have just uploaded a new photo to crop
$i = q("select resource_id, scale from photo where resource_id = '%s' and uid = %d order by scale", dbesc($r[0]['resource_id']), intval(local_channel()));
if ($i) {
$hash = $i[0]['resource_id'];
foreach ($i as $ii) {
if (intval($ii['scale']) < 2) {
$smallest = intval($ii['scale']);
}
}
}
}
profile_photo_crop_ui_head($a, $ph, $hash, $smallest);
}
$profiles = q("select id, profile_name as name, is_default from profile where uid = %d", intval(local_channel()));
if (!x(App::$data, 'imagecrop')) {
$tpl = get_markup_template('profile_photo.tpl');
$o .= replace_macros($tpl, array('$user' => App::$channel['channel_address'], '$lbl_upfile' => t('Upload File:'), '$lbl_profiles' => t('Select a profile:'), '$title' => t('Upload Profile Photo'), '$submit' => t('Upload'), '$profiles' => $profiles, '$single' => count($profiles) == 1 ? true : false, '$profile0' => $profiles[0], '$form_security_token' => get_form_security_token("profile_photo"), '$select' => sprintf('%s %s', t('or'), $newuser ? '<a href="' . z_root() . '">' . t('skip this step') . '</a>' : '<a href="' . z_root() . '/photos/' . App::$channel['channel_address'] . '">' . t('select a photo from your photo albums') . '</a>')));
call_hooks('profile_photo_content_end', $o);
return $o;
} else {
$filename = App::$data['imagecrop'] . '-' . App::$data['imagecrop_resolution'];
$resolution = App::$data['imagecrop_resolution'];
$tpl = get_markup_template("cropbody.tpl");
$o .= replace_macros($tpl, array('$filename' => $filename, '$profile' => intval($_REQUEST['profile']), '$resource' => App::$data['imagecrop'] . '-' . App::$data['imagecrop_resolution'], '$image_url' => z_root() . '/photo/' . $filename, '$title' => t('Crop Image'), '$desc' => t('Please adjust the image cropping for optimum viewing.'), '$form_security_token' => get_form_security_token("profile_photo"), '$done' => t('Done Editing')));
return $o;
}
return;
// NOTREACHED
}
function profile_photo_post(&$a)
{
if (!local_channel()) {
return;
}
check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
if (x($_POST, 'cropfinal') && $_POST['cropfinal'] == 1) {
// unless proven otherwise
$is_default_profile = 1;
if ($_REQUEST['profile']) {
$r = q("select id, is_default from profile where id = %d and uid = %d limit 1", intval($_REQUEST['profile']), intval(local_channel()));
if ($r && !intval($r[0]['is_default'])) {
$is_default_profile = 0;
}
}
// phase 2 - we have finished cropping
if (argc() != 2) {
notice(t('Image uploaded but image cropping failed.') . EOL);
return;
}
$image_id = argv(1);
if (substr($image_id, -2, 1) == '-') {
$scale = substr($image_id, -1, 1);
$image_id = substr($image_id, 0, -2);
}
$srcX = $_POST['xstart'];
$srcY = $_POST['ystart'];
$srcW = $_POST['xfinal'] - $srcX;
$srcH = $_POST['yfinal'] - $srcY;
$r = q("SELECT * FROM photo WHERE resource_id = '%s' AND uid = %d AND scale = %d LIMIT 1", dbesc($image_id), dbesc(local_channel()), intval($scale));
if ($r) {
$base_image = $r[0];
$base_image['data'] = dbunescbin($base_image['data']);
$im = photo_factory($base_image['data'], $base_image['type']);
if ($im->is_valid()) {
$im->cropImage(175, $srcX, $srcY, $srcW, $srcH);
$aid = get_account_id();
$p = array('aid' => $aid, 'uid' => local_channel(), 'resource_id' => $base_image['resource_id'], 'filename' => $base_image['filename'], 'album' => t('Profile Photos'));
$p['scale'] = 4;
$p['photo_flags'] = $is_default_profile ? PHOTO_PROFILE : PHOTO_NORMAL;
$r1 = $im->save($p);
$im->scaleImage(80);
$p['scale'] = 5;
$r2 = $im->save($p);
$im->scaleImage(48);
$p['scale'] = 6;
$r3 = $im->save($p);
if ($r1 === false || $r2 === false || $r3 === false) {
// if one failed, delete them all so we can start over.
notice(t('Image resize failed.') . EOL);
$x = q("delete from photo where resource_id = '%s' and uid = %d and scale >= 4 ", dbesc($base_image['resource_id']), local_channel());
return;
}
// If setting for the default profile, unset the profile photo flag from any other photos I own
if ($is_default_profile) {
$r = q("UPDATE photo SET profile = 0 WHERE profile = 1 AND resource_id != '%s' AND `uid` = %d", dbesc($base_image['resource_id']), intval(local_channel()));
$r = q("UPDATE photo SET photo_flags = ( photo_flags & ~%d ) WHERE ( photo_flags & %d )>0 \n\t\t\t\t\t\tAND resource_id != '%s' AND `uid` = %d", intval(PHOTO_PROFILE), intval(PHOTO_PROFILE), dbesc($base_image['resource_id']), intval(local_channel()));
} else {
$r = q("update profile set photo = '%s', thumb = '%s' where id = %d and uid = %d", dbesc($a->get_baseurl() . '/photo/' . $base_image['resource_id'] . '-4'), dbesc($a->get_baseurl() . '/photo/' . $base_image['resource_id'] . '-5'), intval($_REQUEST['profile']), intval(local_channel()));
}
// We'll set the updated profile-photo timestamp even if it isn't the default profile,
// so that browsers will do a cache update unconditionally
$channel = $a->get_channel();
$r = q("UPDATE xchan set xchan_photo_mimetype = '%s', xchan_photo_date = '%s' \n\t\t\t\t\twhere xchan_hash = '%s'", dbesc($im->getType()), dbesc(datetime_convert()), dbesc($channel['xchan_hash']));
info(t('Shift-reload the page or clear browser cache if the new photo does not display immediately.') . EOL);
// Update directory in background
proc_run('php', "include/directory.php", $channel['channel_id']);
// Now copy profile-permissions to pictures, to prevent privacyleaks by automatically created folder 'Profile Pictures'
profile_photo_set_profile_perms($_REQUEST['profile']);
} else {
notice(t('Unable to process image') . EOL);
}
}
goaway($a->get_baseurl() . '/profiles');
return;
// NOTREACHED
}
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$filetype = $_FILES['userfile']['type'];
if ($filetype == "") {
$filetype = guess_image_type($filename);
}
$maximagesize = get_config('system', 'maximagesize');
if ($maximagesize && $filesize > $maximagesize) {
notice(sprintf(t('Image exceeds size limit of %d'), $maximagesize) . EOL);
@unlink($src);
return;
}
$imagedata = @file_get_contents($src);
$ph = photo_factory($imagedata, $filetype);
if (!$ph->is_valid()) {
notice(t('Unable to process image.') . EOL);
@unlink($src);
return;
}
$ph->orient($src);
@unlink($src);
return profile_photo_crop_ui_head($a, $ph);
}
function update_r1159()
{
$r = q("select attach.id, attach.data, attach.hash, channel_address from attach left join channel on attach.uid = channel_id where os_storage = 1 ");
if ($r) {
foreach ($r as $rr) {
$x = dbunescbin($rr['data']);
$has_slash = $x === 'store/' . $rr['channel_address'] . '/' ? true : false;
if ($x === 'store/' . $rr['channel_address'] || $has_slash) {
q("update attach set data = '%s' where id = %d", dbesc('store/' . $rr['channel_address'] . ($has_slash ? '' : '/' . $rr['hash'])), dbesc($rr['id']));
}
}
}
return UPDATE_SUCCESS;
}
function photos_post(&$a)
{
logger('mod-photos: photos_post: begin', LOGGER_DEBUG);
logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA);
logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA);
$ph = photo_factory('');
$phototypes = $ph->supportedTypes();
$can_post = false;
$page_owner_uid = $a->data['channel']['channel_id'];
if (perm_is_allowed($page_owner_uid, get_observer_hash(), 'write_storage')) {
$can_post = true;
}
if (!$can_post) {
notice(t('Permission denied.') . EOL);
if (is_ajax()) {
killme();
}
return;
}
$s = abook_self($page_owner_uid);
if (!$s) {
notice(t('Page owner information could not be retrieved.') . EOL);
logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid);
if (is_ajax()) {
killme();
}
return;
}
$owner_record = $s[0];
$acl = new AccessList($a->data['channel']);
if (argc() > 3 && argv(2) === 'album') {
$album = hex2bin(argv(3));
if ($album === t('Profile Photos')) {
// not allowed
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
if (!photos_album_exists($page_owner_uid, $album)) {
notice(t('Album not found.') . EOL);
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
/*
* RENAME photo album
*/
$newalbum = notags(trim($_REQUEST['albumname']));
if ($newalbum != $album) {
// @fixme - syncronise with DAV or disallow completely
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
// $x = photos_album_rename($page_owner_uid,$album,$newalbum);
// if($x) {
// $newurl = str_replace(bin2hex($album),bin2hex($newalbum),$_SESSION['photo_return']);
// goaway($a->get_baseurl() . '/' . $newurl);
// }
}
/*
* DELETE photo album and all its photos
*/
if ($_REQUEST['dropalbum'] == t('Delete Album')) {
$res = array();
// get the list of photos we are about to delete
if (remote_channel() && !local_channel()) {
$str = photos_album_get_db_idstr($page_owner_uid, $album, remote_channel());
} elseif (local_channel()) {
$str = photos_album_get_db_idstr(local_channel(), $album);
} else {
$str = null;
}
if (!$str) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
$r = q("select id from item where resource_id in ( {$str} ) and resource_type = 'photo' and uid = %d " . item_normal(), intval($page_owner_uid));
if ($r) {
foreach ($r as $i) {
attach_delete($page_owner_uid, $i['resource_id'], 1);
// This is now being done in attach_delete()
// drop_item($i['id'],false,DROPITEM_PHASE1,true /* force removal of linked items */);
// proc_run('php','include/notifier.php','drop',$i['id']);
}
}
// remove the associated photos in case they weren't attached to an item
q("delete from photo where resource_id in ( {$str} ) and uid = %d", intval($page_owner_uid));
// @FIXME do the same for the linked attach
}
goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address']);
}
if (argc() > 2 && x($_REQUEST, 'delete') && $_REQUEST['delete'] === t('Delete Photo')) {
// same as above but remove single photo
$ob_hash = get_observer_hash();
if (!$ob_hash) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
$r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1", dbesc($ob_hash), intval(local_channel()), dbesc($a->argv[2]));
if ($r) {
/* this happens in attach_delete
q("DELETE FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s'",
intval($page_owner_uid),
dbesc($r[0]['resource_id'])
);
*/
attach_delete($page_owner_uid, $r[0]['resource_id'], 1);
/* this happens in attach_delete
$i = q("SELECT * FROM `item` WHERE `resource_id` = '%s' AND resource_type = 'photo' and `uid` = %d LIMIT 1",
dbesc($r[0]['resource_id']),
intval($page_owner_uid)
);
if(count($i)) {
drop_item($i[0]['id'],true,DROPITEM_PHASE1);
$url = $a->get_baseurl();
}
*/
}
goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']);
}
if ($a->argc > 2 && (x($_POST, 'desc') !== false || x($_POST, 'newtag') !== false) || x($_POST, 'albname') !== false) {
$desc = x($_POST, 'desc') ? notags(trim($_POST['desc'])) : '';
$rawtags = x($_POST, 'newtag') ? notags(trim($_POST['newtag'])) : '';
$item_id = x($_POST, 'item_id') ? intval($_POST['item_id']) : 0;
$albname = x($_POST, 'albname') ? notags(trim($_POST['albname'])) : '';
$is_nsfw = x($_POST, 'adult') ? intval($_POST['adult']) : 0;
$acl->set_from_array($_POST);
$perm = $acl->get();
$resource_id = $a->argv[2];
if (!strlen($albname)) {
$albname = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y');
}
if (x($_POST, 'rotate') !== false && (intval($_POST['rotate']) == 1 || intval($_POST['rotate']) == 2)) {
logger('rotate');
$r = q("select * from photo where `resource_id` = '%s' and uid = %d and scale = 0 limit 1", dbesc($resource_id), intval($page_owner_uid));
if (count($r)) {
$d = $r[0]['os_storage'] ? @file_get_contents($r[0]['data']) : dbunescbin($r[0]['data']);
$ph = photo_factory($d, $r[0]['type']);
if ($ph->is_valid()) {
$rotate_deg = intval($_POST['rotate']) == 1 ? 270 : 90;
$ph->rotate($rotate_deg);
$width = $ph->getWidth();
$height = $ph->getHeight();
if (intval($r[0]['os_storage'])) {
@file_put_contents($r[0]['data'], $ph->imageString());
$data = $r[0]['data'];
$fsize = @filesize($r[0]['data']);
q("update attach set filesize = %d where hash = '%s' and uid = %d limit 1", intval($fsize), dbesc($resource_id), intval($page_owner_uid));
} else {
$data = $ph->imageString();
$fsize = strlen($data);
}
$x = q("update photo set data = '%s', `size` = %d, height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 0", dbescbin($data), intval($fsize), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 1024 || $height > 1024) {
$ph->scaleImage(1024);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 1", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 640 || $height > 640) {
$ph->scaleImage(640);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 2", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 320 || $height > 320) {
$ph->scaleImage(320);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 3", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
}
}
}
$p = q("SELECT type, is_nsfw, description, resource_id, scale, allow_cid, allow_gid, deny_cid, deny_gid FROM photo WHERE resource_id = '%s' AND uid = %d ORDER BY scale DESC", dbesc($resource_id), intval($page_owner_uid));
if ($p) {
$ext = $phototypes[$p[0]['type']];
$r = q("UPDATE `photo` SET `description` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", dbesc($desc), dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid));
}
$item_private = $str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny ? true : false;
$old_is_nsfw = $p[0]['is_nsfw'];
if ($old_is_nsfw != $is_nsfw) {
$r = q("update photo set is_nsfw = %d where resource_id = '%s' and uid = %d", intval($is_nsfw), dbesc($resource_id), intval($page_owner_uid));
}
/* Don't make the item visible if the only change was the album name */
$visibility = 0;
if ($p[0]['description'] !== $desc || strlen($rawtags)) {
$visibility = 1;
}
if (!$item_id) {
$item_id = photos_create_item($a->data['channel'], get_observer_hash(), $p[0], $visibility);
}
if ($item_id) {
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item_id), intval($page_owner_uid));
if ($r) {
$old_tag = $r[0]['tag'];
$old_inform = $r[0]['inform'];
}
}
// make sure the linked item has the same permissions as the photo regardless of any other changes
$x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d\n\t\t\twhere id = %d", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), intval($acl->is_private()), intval($item_id));
// make sure the attach has the same permissions as the photo regardless of any other changes
$x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d and is_photo = 1", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid));
if (strlen($rawtags)) {
$str_tags = '';
$inform = '';
// if the new tag doesn't have a namespace specifier (@foo or #foo) give it a mention
$x = substr($rawtags, 0, 1);
if ($x !== '@' && $x !== '#') {
$rawtags = '@' . $rawtags;
}
require_once 'include/text.php';
$profile_uid = $a->profile['profile_uid'];
$results = linkify_tags($a, $rawtags, local_channel() ? local_channel() : $profile_uid);
$success = $results['success'];
$post_tags = array();
foreach ($results as $result) {
$success = $result['success'];
if ($success['replaced']) {
$post_tags[] = array('uid' => $profile_uid, 'type' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url']);
}
}
$r = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval($page_owner_uid));
if ($r) {
$r = fetch_post_tags($r, true);
$datarray = $r[0];
if ($post_tags) {
if (!array_key_exists('term', $datarray) || !is_array($datarray['term'])) {
$datarray['term'] = $post_tags;
} else {
$datarray['term'] = array_merge($datarray['term'], $post_tags);
}
}
item_store_update($datarray, $execflag);
}
}
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
return;
// NOTREACHED
}
/**
* default post action - upload a photo
*/
$channel = $a->data['channel'];
$observer = $a->data['observer'];
$_REQUEST['source'] = 'photos';
require_once 'include/attach.php';
if (!local_channel()) {
$_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']);
$_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']);
$_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']);
$_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']);
}
$r = attach_store($a->channel, get_observer_hash(), '', $_REQUEST);
if (!$r['success']) {
notice($r['message'] . EOL);
}
if ($_REQUEST['newalbum']) {
goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($_REQUEST['newalbum']));
} else {
goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex(datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y')));
}
}
/**
* @brief Returns the raw data.
*
* @return string
*/
public function get()
{
logger('get file ' . basename($this->name), LOGGER_DEBUG);
logger('os_path: ' . $this->os_path, LOGGER_DATA);
$r = q("SELECT data, flags, os_storage, filename, filetype FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($this->data['hash']), intval($this->data['uid']));
if ($r) {
// @todo this should be a global definition
$unsafe_types = array('text/html', 'text/css', 'application/javascript');
if (in_array($r[0]['filetype'], $unsafe_types)) {
header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"');
header('Content-type: text/plain');
}
if (intval($r[0]['os_storage'])) {
$f = 'store/' . $this->auth->owner_nick . '/' . ($this->os_path ? $this->os_path . '/' : '') . dbunescbin($r[0]['data']);
return fopen($f, 'rb');
}
return dbunescbin($r[0]['data']);
}
}
function init()
{
$prvcachecontrol = false;
$streaming = null;
$channel = null;
switch (argc()) {
case 4:
$person = argv(3);
$res = argv(2);
$type = argv(1);
break;
case 2:
$photo = argv(1);
break;
case 1:
default:
killme();
// NOTREACHED
}
$observer_xchan = get_observer_hash();
$default = get_default_profile_photo();
if (isset($type)) {
/**
* Profile photos - Access controls on default profile photos are not honoured since they need to be exchanged with remote sites.
*
*/
if ($type === 'profile') {
switch ($res) {
case 'm':
$resolution = 5;
$default = get_default_profile_photo(80);
break;
case 's':
$resolution = 6;
$default = get_default_profile_photo(48);
break;
case 'l':
default:
$resolution = 4;
break;
}
}
$uid = $person;
$d = ['imgscale' => $resolution, 'channel_id' => $uid, 'default' => $default, 'data' => '', 'mimetype' => ''];
call_hooks('get_profile_photo', $d);
$resolution = $d['imgscale'];
$uid = $d['channel_id'];
$default = $d['default'];
$data = $d['data'];
$mimetype = $d['mimetype'];
if (!$data) {
$r = q("SELECT * FROM photo WHERE imgscale = %d AND uid = %d AND photo_usage = %d LIMIT 1", intval($resolution), intval($uid), intval(PHOTO_PROFILE));
if ($r) {
$data = dbunescbin($r[0]['content']);
$mimetype = $r[0]['mimetype'];
}
if (intval($r[0]['os_storage'])) {
$data = file_get_contents($data);
}
}
if (!$data) {
$data = file_get_contents($default);
}
if (!$mimetype) {
$mimetype = 'image/png';
}
} else {
/**
* Other photos
*/
/* Check for a cookie to indicate display pixel density, in order to detect high-resolution
displays. This procedure was derived from the "Retina Images" by Jeremey Worboys,
used in accordance with the Creative Commons Attribution 3.0 Unported License.
Project link: https://github.com/Retina-Images/Retina-Images
License link: http://creativecommons.org/licenses/by/3.0/
*/
$cookie_value = false;
if (isset($_COOKIE['devicePixelRatio'])) {
$cookie_value = intval($_COOKIE['devicePixelRatio']);
} else {
// Force revalidation of cache on next request
$cache_directive = 'no-cache';
$status = 'no cookie';
}
$resolution = 0;
if (strpos($photo, '.') !== false) {
$photo = substr($photo, 0, strpos($photo, '.'));
}
if (substr($photo, -2, 1) == '-') {
$resolution = intval(substr($photo, -1, 1));
$photo = substr($photo, 0, -2);
// If viewing on a high-res screen, attempt to serve a higher resolution image:
if ($resolution == 2 && $cookie_value > 1) {
$resolution = 1;
}
}
// If using resolution 1, make sure it exists before proceeding:
if ($resolution == 1) {
$r = q("SELECT uid FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", dbesc($photo), intval($resolution));
if (!$r) {
$resolution = 2;
}
}
$r = q("SELECT uid FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", dbesc($photo), intval($resolution));
if ($r) {
$allowed = $r[0]['uid'] ? perm_is_allowed($r[0]['uid'], $observer_xchan, 'view_storage') : true;
$sql_extra = permissions_sql($r[0]['uid']);
if (!$sql_extra) {
$sql_extra = ' and true ';
}
// Only check permissions on normal photos. Those photos we don't check includes
// profile photos, xchan photos (which are also profile photos), 'thing' photos,
// and cover photos
$sql_extra = " and (( photo_usage = 0 {$sql_extra} ) or photo_usage != 0 )";
$channel = channelx_by_n($r[0]['uid']);
// Now we'll see if we can access the photo
$r = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d {$sql_extra} LIMIT 1", dbesc($photo), intval($resolution));
if ($r && $allowed) {
$data = dbunescbin($r[0]['content']);
$mimetype = $r[0]['mimetype'];
if (intval($r[0]['os_storage'])) {
$streaming = $data;
}
} else {
// Does the picture exist? It may be a remote person with no credentials,
// but who should otherwise be able to view it. Show a default image to let
// them know permissions was denied. It may be possible to view the image
// through an authenticated profile visit.
// There won't be many completely unauthorised people seeing this because
// they won't have the photo link, so there's a reasonable chance that the person
// might be able to obtain permission to view it.
$r = q("SELECT * FROM `photo` WHERE `resource_id` = '%s' AND `imgscale` = %d LIMIT 1", dbesc($photo), intval($resolution));
if ($r) {
logger('mod_photo: forbidden. ' . \App::$query_string);
$observer = \App::get_observer();
logger('mod_photo: observer = ' . ($observer ? $observer['xchan_addr'] : '(not authenticated)'));
$data = file_get_contents('images/nosign.png');
$mimetype = 'image/png';
$prvcachecontrol = true;
}
}
}
}
if (!isset($data)) {
if (isset($resolution)) {
switch ($resolution) {
case 4:
$data = file_get_contents(get_default_profile_photo());
$mimetype = 'image/png';
break;
case 5:
$data = file_get_contents(get_default_profile_photo(80));
$mimetype = 'image/png';
break;
case 6:
$data = file_get_contents(get_default_profile_photo(48));
$mimetype = 'image/png';
break;
default:
killme();
// NOTREACHED
break;
}
}
}
if (isset($res) && intval($res) && $res < 500) {
$ph = photo_factory($data, $mimetype);
if ($ph->is_valid()) {
$ph->scaleImageSquare($res);
$data = $ph->imageString();
$mimetype = $ph->getType();
}
}
// Writing in cachefile
if (isset($cachefile) && $cachefile != '') {
file_put_contents($cachefile, $data);
}
if (function_exists('header_remove')) {
header_remove('Pragma');
header_remove('pragma');
}
header("Content-type: " . $mimetype);
if ($prvcachecontrol) {
// it is a private photo that they have no permission to view.
// tell the browser not to cache it, in case they authenticate
// and subsequently have permission to see it
header("Cache-Control: no-store, no-cache, must-revalidate");
} else {
// The photo cache default is 1 day to provide a privacy trade-off,
// as somebody reducing photo permissions on a photo that is already
// "in the wild" won't be able to stop the photo from being viewed
// for this amount amount of time once it is in the browser cache.
// The privacy expectations of your site members and their perception
// of privacy where it affects the entire project may be affected.
// This has performance considerations but we highly recommend you
// leave it alone.
$cache = get_config('system', 'photo_cache_time');
if (!$cache) {
$cache = 3600 * 24;
}
// 1 day
header("Expires: " . gmdate("D, d M Y H:i:s", time() + $cache) . " GMT");
header("Cache-Control: max-age=" . $cache);
}
// If it's a file resource, stream it.
if ($streaming && $channel) {
if (strpos($streaming, 'store') !== false) {
$istream = fopen($streaming, 'rb');
} else {
$istream = fopen('store/' . $channel['channel_address'] . '/' . $streaming, 'rb');
}
$ostream = fopen('php://output', 'wb');
if ($istream && $ostream) {
pipe_streams($istream, $ostream);
fclose($istream);
fclose($ostream);
}
} else {
echo $data;
}
killme();
// NOTREACHED
}
function cover_photo_content(&$a)
{
if (!local_channel()) {
notice(t('Permission denied.') . EOL);
return;
}
$channel = App::get_channel();
$newuser = false;
if (argc() == 2 && argv(1) === 'new') {
$newuser = true;
}
if (argv(1) === 'use') {
if (argc() < 3) {
notice(t('Permission denied.') . EOL);
return;
}
// check_form_security_token_redirectOnErr('/cover_photo', 'cover_photo');
$resource_id = argv(2);
$r = q("SELECT id, album, scale FROM photo WHERE uid = %d AND resource_id = '%s' ORDER BY scale ASC", intval(local_channel()), dbesc($resource_id));
if (!$r) {
notice(t('Photo not available.') . EOL);
return;
}
$havescale = false;
foreach ($r as $rr) {
if ($rr['scale'] == 7) {
$havescale = true;
}
}
$r = q("SELECT `data`, `type`, resource_id, os_storage FROM photo WHERE id = %d and uid = %d limit 1", intval($r[0]['id']), intval(local_channel()));
if (!$r) {
notice(t('Photo not available.') . EOL);
return;
}
if (intval($r[0]['os_storage'])) {
$data = @file_get_contents($r[0]['data']);
} else {
$data = dbunescbin($r[0]['data']);
}
$ph = photo_factory($data, $r[0]['type']);
$smallest = 0;
if ($ph->is_valid()) {
// go ahead as if we have just uploaded a new photo to crop
$i = q("select resource_id, scale from photo where resource_id = '%s' and uid = %d and scale = 0", dbesc($r[0]['resource_id']), intval(local_channel()));
if ($i) {
$hash = $i[0]['resource_id'];
foreach ($i as $ii) {
$smallest = intval($ii['scale']);
}
}
}
cover_photo_crop_ui_head($a, $ph, $hash, $smallest);
}
if (!x(App::$data, 'imagecrop')) {
$tpl = get_markup_template('cover_photo.tpl');
$o .= replace_macros($tpl, array('$user' => App::$channel['channel_address'], '$lbl_upfile' => t('Upload File:'), '$lbl_profiles' => t('Select a profile:'), '$title' => t('Upload Cover Photo'), '$submit' => t('Upload'), '$profiles' => $profiles, '$form_security_token' => get_form_security_token("cover_photo"), '$select' => sprintf('%s %s', t('or'), $newuser ? '<a href="' . z_root() . '">' . t('skip this step') . '</a>' : '<a href="' . z_root() . '/photos/' . App::$channel['channel_address'] . '">' . t('select a photo from your photo albums') . '</a>')));
call_hooks('cover_photo_content_end', $o);
return $o;
} else {
$filename = App::$data['imagecrop'] . '-3';
$resolution = 3;
$tpl = get_markup_template("cropcover.tpl");
$o .= replace_macros($tpl, array('$filename' => $filename, '$profile' => intval($_REQUEST['profile']), '$resource' => App::$data['imagecrop'] . '-3', '$image_url' => z_root() . '/photo/' . $filename, '$title' => t('Crop Image'), '$desc' => t('Please adjust the image cropping for optimum viewing.'), '$form_security_token' => get_form_security_token("cover_photo"), '$done' => t('Done Editing')));
return $o;
}
return;
// NOTREACHED
}
function post()
{
logger('mod-photos: photos_post: begin', LOGGER_DEBUG);
logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA);
logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA);
$ph = photo_factory('');
$phototypes = $ph->supportedTypes();
$can_post = false;
$page_owner_uid = \App::$data['channel']['channel_id'];
if (perm_is_allowed($page_owner_uid, get_observer_hash(), 'write_storage')) {
$can_post = true;
}
if (!$can_post) {
notice(t('Permission denied.') . EOL);
if (is_ajax()) {
killme();
}
return;
}
$s = abook_self($page_owner_uid);
if (!$s) {
notice(t('Page owner information could not be retrieved.') . EOL);
logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid);
if (is_ajax()) {
killme();
}
return;
}
$owner_record = $s[0];
$acl = new \Zotlabs\Access\AccessList(\App::$data['channel']);
if (argc() > 3 && argv(2) === 'album') {
$album = hex2bin(argv(3));
if ($album === t('Profile Photos')) {
// not allowed
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
if (!photos_album_exists($page_owner_uid, $album)) {
notice(t('Album not found.') . EOL);
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
/*
* DELETE photo album and all its photos
*/
if ($_REQUEST['dropalbum'] == t('Delete Album')) {
// This is dangerous because we combined file storage and photos into one interface
// This function will remove all photos from any directory with the same name since
// we have not passed the path value.
// The correct solution would be to use a full pathname from your storage root for 'album'
// We also need to prevent/block removing the storage root folder.
$folder_hash = '';
$r = q("select * from attach where is_dir = 1 and uid = %d and filename = '%s'", intval($page_owner_uid), dbesc($album));
if (!$r) {
notice(t('Album not found.') . EOL);
return;
}
if (count($r) > 1) {
notice(t('Multiple storage folders exist with this album name, but within different directories. Please remove the desired folder or folders using the Files manager') . EOL);
return;
} else {
$folder_hash = $r[0]['hash'];
}
$res = array();
// get the list of photos we are about to delete
if (remote_channel() && !local_channel()) {
$str = photos_album_get_db_idstr($page_owner_uid, $album, remote_channel());
} elseif (local_channel()) {
$str = photos_album_get_db_idstr(local_channel(), $album);
} else {
$str = null;
}
if (!$str) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
$r = q("select id from item where resource_id in ( {$str} ) and resource_type = 'photo' and uid = %d " . item_normal(), intval($page_owner_uid));
if ($r) {
foreach ($r as $i) {
attach_delete($page_owner_uid, $i['resource_id'], 1);
}
}
// remove the associated photos in case they weren't attached to an item
q("delete from photo where resource_id in ( {$str} ) and uid = %d", intval($page_owner_uid));
// @FIXME do the same for the linked attach
if ($folder_hash) {
attach_delete($page_owner_uid, $folder_hash, 1);
$sync = attach_export_data(\App::$data['channel'], $folder_hash, true);
if ($sync) {
build_sync_packet($page_owner_uid, array('file' => array($sync)));
}
}
}
goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address']);
}
if (argc() > 2 && x($_REQUEST, 'delete') && $_REQUEST['delete'] === t('Delete Photo')) {
// same as above but remove single photo
$ob_hash = get_observer_hash();
if (!$ob_hash) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
$r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1", dbesc($ob_hash), intval(local_channel()), dbesc(\App::$argv[2]));
if ($r) {
attach_delete($page_owner_uid, $r[0]['resource_id'], 1);
$sync = attach_export_data(\App::$data['channel'], $r[0]['resource_id'], true);
if ($sync) {
build_sync_packet($page_owner_uid, array('file' => array($sync)));
}
}
goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']);
}
if (argc() > 2 && array_key_exists('move_to_album', $_POST)) {
$m = q("select folder from attach where hash = '%s' and uid = %d limit 1", dbesc(argv(2)), intval($page_owner_uid));
if ($m && $m[0]['folder'] != $_POST['move_to_album']) {
attach_move($page_owner_uid, argv(2), $_POST['move_to_album']);
if (!($_POST['desc'] && $_POST['newtag'])) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
}
}
if (argc() > 2 && (x($_POST, 'desc') !== false || x($_POST, 'newtag') !== false)) {
$desc = x($_POST, 'desc') ? notags(trim($_POST['desc'])) : '';
$rawtags = x($_POST, 'newtag') ? notags(trim($_POST['newtag'])) : '';
$item_id = x($_POST, 'item_id') ? intval($_POST['item_id']) : 0;
$is_nsfw = x($_POST, 'adult') ? intval($_POST['adult']) : 0;
$acl->set_from_array($_POST);
$perm = $acl->get();
$resource_id = argv(2);
if (x($_POST, 'rotate') !== false && (intval($_POST['rotate']) == 1 || intval($_POST['rotate']) == 2)) {
logger('rotate');
$r = q("select * from photo where `resource_id` = '%s' and uid = %d and imgscale = 0 limit 1", dbesc($resource_id), intval($page_owner_uid));
if (count($r)) {
$d = $r[0]['os_storage'] ? @file_get_contents($r[0]['content']) : dbunescbin($r[0]['content']);
$ph = photo_factory($d, $r[0]['mimetype']);
if ($ph->is_valid()) {
$rotate_deg = intval($_POST['rotate']) == 1 ? 270 : 90;
$ph->rotate($rotate_deg);
$width = $ph->getWidth();
$height = $ph->getHeight();
if (intval($r[0]['os_storage'])) {
@file_put_contents($r[0]['content'], $ph->imageString());
$data = $r[0]['content'];
$fsize = @filesize($r[0]['content']);
q("update attach set filesize = %d where hash = '%s' and uid = %d limit 1", intval($fsize), dbesc($resource_id), intval($page_owner_uid));
} else {
$data = $ph->imageString();
$fsize = strlen($data);
}
$x = q("update photo set content = '%s', filesize = %d, height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 0", dbescbin($data), intval($fsize), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 1024 || $height > 1024) {
$ph->scaleImage(1024);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 1", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 640 || $height > 640) {
$ph->scaleImage(640);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 2", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 320 || $height > 320) {
$ph->scaleImage(320);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 3", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
}
}
}
$p = q("SELECT mimetype, is_nsfw, description, resource_id, imgscale, allow_cid, allow_gid, deny_cid, deny_gid FROM photo WHERE resource_id = '%s' AND uid = %d ORDER BY imgscale DESC", dbesc($resource_id), intval($page_owner_uid));
if ($p) {
$ext = $phototypes[$p[0]['mimetype']];
$r = q("UPDATE `photo` SET `description` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", dbesc($desc), dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid));
}
$item_private = $str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny ? true : false;
$old_is_nsfw = $p[0]['is_nsfw'];
if ($old_is_nsfw != $is_nsfw) {
$r = q("update photo set is_nsfw = %d where resource_id = '%s' and uid = %d", intval($is_nsfw), dbesc($resource_id), intval($page_owner_uid));
}
/* Don't make the item visible if the only change was the album name */
$visibility = 0;
if ($p[0]['description'] !== $desc || strlen($rawtags)) {
$visibility = 1;
}
if (!$item_id) {
$item_id = photos_create_item(\App::$data['channel'], get_observer_hash(), $p[0], $visibility);
}
if ($item_id) {
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item_id), intval($page_owner_uid));
if ($r) {
$old_tag = $r[0]['tag'];
$old_inform = $r[0]['inform'];
}
}
// make sure the linked item has the same permissions as the photo regardless of any other changes
$x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d\n\t\t\t\twhere id = %d", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), intval($acl->is_private()), intval($item_id));
// make sure the attach has the same permissions as the photo regardless of any other changes
$x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d and is_photo = 1", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid));
if (strlen($rawtags)) {
$str_tags = '';
$inform = '';
// if the new tag doesn't have a namespace specifier (@foo or #foo) give it a mention
$x = substr($rawtags, 0, 1);
if ($x !== '@' && $x !== '#') {
$rawtags = '@' . $rawtags;
}
require_once 'include/text.php';
$profile_uid = \App::$profile['profile_uid'];
$results = linkify_tags($a, $rawtags, local_channel() ? local_channel() : $profile_uid);
$success = $results['success'];
$post_tags = array();
foreach ($results as $result) {
$success = $result['success'];
if ($success['replaced']) {
$post_tags[] = array('uid' => $profile_uid, 'ttype' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url']);
}
}
$r = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval($page_owner_uid));
if ($r) {
$r = fetch_post_tags($r, true);
$datarray = $r[0];
if ($post_tags) {
if (!array_key_exists('term', $datarray) || !is_array($datarray['term'])) {
$datarray['term'] = $post_tags;
} else {
$datarray['term'] = array_merge($datarray['term'], $post_tags);
}
}
item_store_update($datarray, $execflag);
}
}
$sync = attach_export_data(\App::$data['channel'], $resource_id);
if ($sync) {
build_sync_packet($page_owner_uid, array('file' => array($sync)));
}
goaway(z_root() . '/' . $_SESSION['photo_return']);
return;
// NOTREACHED
}
/**
* default post action - upload a photo
*/
$channel = \App::$data['channel'];
$observer = \App::$data['observer'];
$_REQUEST['source'] = 'photos';
require_once 'include/attach.php';
if (!local_channel()) {
$_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']);
$_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']);
$_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']);
$_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']);
}
$r = attach_store($channel, get_observer_hash(), '', $_REQUEST);
if (!$r['success']) {
notice($r['message'] . EOL);
}
if ($_REQUEST['newalbum']) {
goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex($_REQUEST['newalbum']));
} else {
goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex(datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y')));
}
}
function get()
{
if (!local_channel()) {
notice(t('Permission denied.') . EOL);
return;
}
$channel = \App::get_channel();
$newuser = false;
if (argc() == 2 && argv(1) === 'new') {
$newuser = true;
}
if (argv(1) === 'use') {
if (argc() < 3) {
notice(t('Permission denied.') . EOL);
return;
}
$resource_id = argv(2);
// When using an existing photo, we don't have a dialogue to offer a choice of profiles,
// so it gets attached to the default
$p = q("select id from profile where is_default = 1 and uid = %d", intval(local_channel()));
if ($p) {
$_REQUEST['profile'] = $p[0]['id'];
}
$r = q("SELECT id, album, imgscale FROM photo WHERE uid = %d AND resource_id = '%s' ORDER BY imgscale ASC", intval(local_channel()), dbesc($resource_id));
if (!$r) {
notice(t('Photo not available.') . EOL);
return;
}
$havescale = false;
foreach ($r as $rr) {
if ($rr['imgscale'] == PHOTO_RES_PROFILE_80) {
$havescale = true;
}
}
// set an already loaded and cropped photo as profile photo
if ($r[0]['album'] == t('Profile Photos') && $havescale) {
// unset any existing profile photos
$r = q("UPDATE photo SET photo_usage = %d WHERE photo_usage = %d AND uid = %d", intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval(local_channel()));
$r = q("UPDATE photo SET photo_usage = %d WHERE uid = %d AND resource_id = '%s'", intval(PHOTO_PROFILE), intval(local_channel()), dbesc($resource_id));
$r = q("UPDATE xchan set xchan_photo_date = '%s' \n\t\t\t\t\twhere xchan_hash = '%s'", dbesc(datetime_convert()), dbesc($channel['xchan_hash']));
profile_photo_set_profile_perms(local_channel());
// Reset default photo permissions to public
\Zotlabs\Daemon\Master::Summon(array('Directory', local_channel()));
goaway(z_root() . '/profiles');
}
$r = q("SELECT content, mimetype, resource_id, os_storage FROM photo WHERE id = %d and uid = %d limit 1", intval($r[0]['id']), intval(local_channel()));
if (!$r) {
notice(t('Photo not available.') . EOL);
return;
}
if (intval($r[0]['os_storage'])) {
$data = @file_get_contents($r[0]['content']);
} else {
$data = dbunescbin($r[0]['content']);
}
$ph = photo_factory($data, $r[0]['mimetype']);
$smallest = 0;
if ($ph->is_valid()) {
// go ahead as if we have just uploaded a new photo to crop
$i = q("select resource_id, imgscale from photo where resource_id = '%s' and uid = %d order by imgscale", dbesc($r[0]['resource_id']), intval(local_channel()));
if ($i) {
$hash = $i[0]['resource_id'];
foreach ($i as $ii) {
if (intval($ii['imgscale']) < PHOTO_RES_640) {
$smallest = intval($ii['imgscale']);
}
}
}
}
$this->profile_photo_crop_ui_head($a, $ph, $hash, $smallest);
// falls through with App::$data['imagecrop'] set so we go straight to the cropping section
}
// present an upload form
$profiles = q("select id, profile_name as name, is_default from profile where uid = %d order by id asc", intval(local_channel()));
if (!x(\App::$data, 'imagecrop')) {
$tpl = get_markup_template('profile_photo.tpl');
$o .= replace_macros($tpl, array('$user' => \App::$channel['channel_address'], '$lbl_upfile' => t('Upload File:'), '$lbl_profiles' => t('Select a profile:'), '$title' => t('Upload Profile Photo'), '$submit' => t('Upload'), '$profiles' => $profiles, '$single' => count($profiles) == 1 ? true : false, '$profile0' => $profiles[0], '$form_security_token' => get_form_security_token("profile_photo"), '$select' => sprintf('%s %s', t('or'), $newuser ? '<a href="' . z_root() . '">' . t('skip this step') . '</a>' : '<a href="' . z_root() . '/photos/' . \App::$channel['channel_address'] . '">' . t('select a photo from your photo albums') . '</a>')));
call_hooks('profile_photo_content_end', $o);
return $o;
} else {
// present a cropping form
$filename = \App::$data['imagecrop'] . '-' . \App::$data['imagecrop_resolution'];
$resolution = \App::$data['imagecrop_resolution'];
$tpl = get_markup_template("cropbody.tpl");
$o .= replace_macros($tpl, array('$filename' => $filename, '$profile' => intval($_REQUEST['profile']), '$resource' => \App::$data['imagecrop'] . '-' . \App::$data['imagecrop_resolution'], '$image_url' => z_root() . '/photo/' . $filename, '$title' => t('Crop Image'), '$desc' => t('Please adjust the image cropping for optimum viewing.'), '$form_security_token' => get_form_security_token("profile_photo"), '$done' => t('Done Editing')));
return $o;
}
return;
// NOTREACHED
}
