Esempio n. 1
0
 function post()
 {
     logger('mod-photos: photos_post: begin', LOGGER_DEBUG);
     logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA);
     logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA);
     $ph = photo_factory('');
     $phototypes = $ph->supportedTypes();
     $can_post = false;
     $page_owner_uid = \App::$data['channel']['channel_id'];
     if (perm_is_allowed($page_owner_uid, get_observer_hash(), 'write_storage')) {
         $can_post = true;
     }
     if (!$can_post) {
         notice(t('Permission denied.') . EOL);
         if (is_ajax()) {
             killme();
         }
         return;
     }
     $s = abook_self($page_owner_uid);
     if (!$s) {
         notice(t('Page owner information could not be retrieved.') . EOL);
         logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid);
         if (is_ajax()) {
             killme();
         }
         return;
     }
     $owner_record = $s[0];
     $acl = new \Zotlabs\Access\AccessList(\App::$data['channel']);
     if (argc() > 3 && argv(2) === 'album') {
         $album = hex2bin(argv(3));
         if ($album === t('Profile Photos')) {
             // not allowed
             goaway(z_root() . '/' . $_SESSION['photo_return']);
         }
         if (!photos_album_exists($page_owner_uid, $album)) {
             notice(t('Album not found.') . EOL);
             goaway(z_root() . '/' . $_SESSION['photo_return']);
         }
         /*
          * DELETE photo album and all its photos
          */
         if ($_REQUEST['dropalbum'] == t('Delete Album')) {
             // This is dangerous because we combined file storage and photos into one interface
             // This function will remove all photos from any directory with the same name since
             // we have not passed the path value.
             // The correct solution would be to use a full pathname from your storage root for 'album'
             // We also need to prevent/block removing the storage root folder.
             $folder_hash = '';
             $r = q("select * from attach where is_dir = 1 and uid = %d and filename = '%s'", intval($page_owner_uid), dbesc($album));
             if (!$r) {
                 notice(t('Album not found.') . EOL);
                 return;
             }
             if (count($r) > 1) {
                 notice(t('Multiple storage folders exist with this album name, but within different directories. Please remove the desired folder or folders using the Files manager') . EOL);
                 return;
             } else {
                 $folder_hash = $r[0]['hash'];
             }
             $res = array();
             // get the list of photos we are about to delete
             if (remote_channel() && !local_channel()) {
                 $str = photos_album_get_db_idstr($page_owner_uid, $album, remote_channel());
             } elseif (local_channel()) {
                 $str = photos_album_get_db_idstr(local_channel(), $album);
             } else {
                 $str = null;
             }
             if (!$str) {
                 goaway(z_root() . '/' . $_SESSION['photo_return']);
             }
             $r = q("select id from item where resource_id in ( {$str} ) and resource_type = 'photo' and uid = %d " . item_normal(), intval($page_owner_uid));
             if ($r) {
                 foreach ($r as $i) {
                     attach_delete($page_owner_uid, $i['resource_id'], 1);
                 }
             }
             // remove the associated photos in case they weren't attached to an item
             q("delete from photo where resource_id in ( {$str} ) and uid = %d", intval($page_owner_uid));
             // @FIXME do the same for the linked attach
             if ($folder_hash) {
                 attach_delete($page_owner_uid, $folder_hash, 1);
                 $sync = attach_export_data(\App::$data['channel'], $folder_hash, true);
                 if ($sync) {
                     build_sync_packet($page_owner_uid, array('file' => array($sync)));
                 }
             }
         }
         goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address']);
     }
     if (argc() > 2 && x($_REQUEST, 'delete') && $_REQUEST['delete'] === t('Delete Photo')) {
         // same as above but remove single photo
         $ob_hash = get_observer_hash();
         if (!$ob_hash) {
             goaway(z_root() . '/' . $_SESSION['photo_return']);
         }
         $r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1", dbesc($ob_hash), intval(local_channel()), dbesc(\App::$argv[2]));
         if ($r) {
             attach_delete($page_owner_uid, $r[0]['resource_id'], 1);
             $sync = attach_export_data(\App::$data['channel'], $r[0]['resource_id'], true);
             if ($sync) {
                 build_sync_packet($page_owner_uid, array('file' => array($sync)));
             }
         }
         goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']);
     }
     if (argc() > 2 && array_key_exists('move_to_album', $_POST)) {
         $m = q("select folder from attach where hash = '%s' and uid = %d limit 1", dbesc(argv(2)), intval($page_owner_uid));
         if ($m && $m[0]['folder'] != $_POST['move_to_album']) {
             attach_move($page_owner_uid, argv(2), $_POST['move_to_album']);
             if (!($_POST['desc'] && $_POST['newtag'])) {
                 goaway(z_root() . '/' . $_SESSION['photo_return']);
             }
         }
     }
     if (argc() > 2 && (x($_POST, 'desc') !== false || x($_POST, 'newtag') !== false)) {
         $desc = x($_POST, 'desc') ? notags(trim($_POST['desc'])) : '';
         $rawtags = x($_POST, 'newtag') ? notags(trim($_POST['newtag'])) : '';
         $item_id = x($_POST, 'item_id') ? intval($_POST['item_id']) : 0;
         $is_nsfw = x($_POST, 'adult') ? intval($_POST['adult']) : 0;
         $acl->set_from_array($_POST);
         $perm = $acl->get();
         $resource_id = argv(2);
         if (x($_POST, 'rotate') !== false && (intval($_POST['rotate']) == 1 || intval($_POST['rotate']) == 2)) {
             logger('rotate');
             $r = q("select * from photo where `resource_id` = '%s' and uid = %d and imgscale = 0 limit 1", dbesc($resource_id), intval($page_owner_uid));
             if (count($r)) {
                 $d = $r[0]['os_storage'] ? @file_get_contents($r[0]['content']) : dbunescbin($r[0]['content']);
                 $ph = photo_factory($d, $r[0]['mimetype']);
                 if ($ph->is_valid()) {
                     $rotate_deg = intval($_POST['rotate']) == 1 ? 270 : 90;
                     $ph->rotate($rotate_deg);
                     $width = $ph->getWidth();
                     $height = $ph->getHeight();
                     if (intval($r[0]['os_storage'])) {
                         @file_put_contents($r[0]['content'], $ph->imageString());
                         $data = $r[0]['content'];
                         $fsize = @filesize($r[0]['content']);
                         q("update attach set filesize = %d where hash = '%s' and uid = %d limit 1", intval($fsize), dbesc($resource_id), intval($page_owner_uid));
                     } else {
                         $data = $ph->imageString();
                         $fsize = strlen($data);
                     }
                     $x = q("update photo set content = '%s', filesize = %d, height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 0", dbescbin($data), intval($fsize), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
                     if ($width > 1024 || $height > 1024) {
                         $ph->scaleImage(1024);
                     }
                     $width = $ph->getWidth();
                     $height = $ph->getHeight();
                     $x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 1", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
                     if ($width > 640 || $height > 640) {
                         $ph->scaleImage(640);
                     }
                     $width = $ph->getWidth();
                     $height = $ph->getHeight();
                     $x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 2", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
                     if ($width > 320 || $height > 320) {
                         $ph->scaleImage(320);
                     }
                     $width = $ph->getWidth();
                     $height = $ph->getHeight();
                     $x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 3", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
                 }
             }
         }
         $p = q("SELECT mimetype, is_nsfw, description, resource_id, imgscale, allow_cid, allow_gid, deny_cid, deny_gid FROM photo WHERE resource_id = '%s' AND uid = %d ORDER BY imgscale DESC", dbesc($resource_id), intval($page_owner_uid));
         if ($p) {
             $ext = $phototypes[$p[0]['mimetype']];
             $r = q("UPDATE `photo` SET `description` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", dbesc($desc), dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid));
         }
         $item_private = $str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny ? true : false;
         $old_is_nsfw = $p[0]['is_nsfw'];
         if ($old_is_nsfw != $is_nsfw) {
             $r = q("update photo set is_nsfw = %d where resource_id = '%s' and uid = %d", intval($is_nsfw), dbesc($resource_id), intval($page_owner_uid));
         }
         /* Don't make the item visible if the only change was the album name */
         $visibility = 0;
         if ($p[0]['description'] !== $desc || strlen($rawtags)) {
             $visibility = 1;
         }
         if (!$item_id) {
             $item_id = photos_create_item(\App::$data['channel'], get_observer_hash(), $p[0], $visibility);
         }
         if ($item_id) {
             $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item_id), intval($page_owner_uid));
             if ($r) {
                 $old_tag = $r[0]['tag'];
                 $old_inform = $r[0]['inform'];
             }
         }
         // make sure the linked item has the same permissions as the photo regardless of any other changes
         $x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d\n\t\t\t\twhere id = %d", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), intval($acl->is_private()), intval($item_id));
         // make sure the attach has the same permissions as the photo regardless of any other changes
         $x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d and is_photo = 1", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid));
         if (strlen($rawtags)) {
             $str_tags = '';
             $inform = '';
             // if the new tag doesn't have a namespace specifier (@foo or #foo) give it a mention
             $x = substr($rawtags, 0, 1);
             if ($x !== '@' && $x !== '#') {
                 $rawtags = '@' . $rawtags;
             }
             require_once 'include/text.php';
             $profile_uid = \App::$profile['profile_uid'];
             $results = linkify_tags($a, $rawtags, local_channel() ? local_channel() : $profile_uid);
             $success = $results['success'];
             $post_tags = array();
             foreach ($results as $result) {
                 $success = $result['success'];
                 if ($success['replaced']) {
                     $post_tags[] = array('uid' => $profile_uid, 'ttype' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url']);
                 }
             }
             $r = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval($page_owner_uid));
             if ($r) {
                 $r = fetch_post_tags($r, true);
                 $datarray = $r[0];
                 if ($post_tags) {
                     if (!array_key_exists('term', $datarray) || !is_array($datarray['term'])) {
                         $datarray['term'] = $post_tags;
                     } else {
                         $datarray['term'] = array_merge($datarray['term'], $post_tags);
                     }
                 }
                 item_store_update($datarray, $execflag);
             }
         }
         $sync = attach_export_data(\App::$data['channel'], $resource_id);
         if ($sync) {
             build_sync_packet($page_owner_uid, array('file' => array($sync)));
         }
         goaway(z_root() . '/' . $_SESSION['photo_return']);
         return;
         // NOTREACHED
     }
     /**
      * default post action - upload a photo
      */
     $channel = \App::$data['channel'];
     $observer = \App::$data['observer'];
     $_REQUEST['source'] = 'photos';
     require_once 'include/attach.php';
     if (!local_channel()) {
         $_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']);
         $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']);
         $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']);
         $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']);
     }
     $r = attach_store($channel, get_observer_hash(), '', $_REQUEST);
     if (!$r['success']) {
         notice($r['message'] . EOL);
     }
     if ($_REQUEST['newalbum']) {
         goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex($_REQUEST['newalbum']));
     } else {
         goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex(datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y')));
     }
 }
Esempio n. 2
0
function photos_post(&$a)
{
    logger('mod-photos: photos_post: begin', LOGGER_DEBUG);
    logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA);
    logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA);
    $ph = photo_factory('');
    $phototypes = $ph->supportedTypes();
    $can_post = false;
    $page_owner_uid = $a->data['channel']['channel_id'];
    if (perm_is_allowed($page_owner_uid, get_observer_hash(), 'write_storage')) {
        $can_post = true;
    }
    if (!$can_post) {
        notice(t('Permission denied.') . EOL);
        if (is_ajax()) {
            killme();
        }
        return;
    }
    $s = abook_self($page_owner_uid);
    if (!$s) {
        notice(t('Page owner information could not be retrieved.') . EOL);
        logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid);
        if (is_ajax()) {
            killme();
        }
        return;
    }
    $owner_record = $s[0];
    $acl = new AccessList($a->data['channel']);
    if (argc() > 3 && argv(2) === 'album') {
        $album = hex2bin(argv(3));
        if ($album === t('Profile Photos')) {
            // not allowed
            goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
        }
        if (!photos_album_exists($page_owner_uid, $album)) {
            notice(t('Album not found.') . EOL);
            goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
        }
        /*
         * RENAME photo album
         */
        $newalbum = notags(trim($_REQUEST['albumname']));
        if ($newalbum != $album) {
            // @fixme - syncronise with DAV or disallow completely
            goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
            //			$x = photos_album_rename($page_owner_uid,$album,$newalbum);
            //			if($x) {
            //				$newurl = str_replace(bin2hex($album),bin2hex($newalbum),$_SESSION['photo_return']);
            //				goaway($a->get_baseurl() . '/' . $newurl);
            //			}
        }
        /*
         * DELETE photo album and all its photos
         */
        if ($_REQUEST['dropalbum'] == t('Delete Album')) {
            $res = array();
            // get the list of photos we are about to delete
            if (remote_channel() && !local_channel()) {
                $str = photos_album_get_db_idstr($page_owner_uid, $album, remote_channel());
            } elseif (local_channel()) {
                $str = photos_album_get_db_idstr(local_channel(), $album);
            } else {
                $str = null;
            }
            if (!$str) {
                goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
            }
            $r = q("select id from item where resource_id in ( {$str} ) and resource_type = 'photo' and uid = %d " . item_normal(), intval($page_owner_uid));
            if ($r) {
                foreach ($r as $i) {
                    attach_delete($page_owner_uid, $i['resource_id'], 1);
                    // This is now being done in attach_delete()
                    //			drop_item($i['id'],false,DROPITEM_PHASE1,true /* force removal of linked items */);
                    //			proc_run('php','include/notifier.php','drop',$i['id']);
                }
            }
            // remove the associated photos in case they weren't attached to an item
            q("delete from photo where resource_id in ( {$str} ) and uid = %d", intval($page_owner_uid));
            // @FIXME do the same for the linked attach
        }
        goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address']);
    }
    if (argc() > 2 && x($_REQUEST, 'delete') && $_REQUEST['delete'] === t('Delete Photo')) {
        // same as above but remove single photo
        $ob_hash = get_observer_hash();
        if (!$ob_hash) {
            goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
        }
        $r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1", dbesc($ob_hash), intval(local_channel()), dbesc($a->argv[2]));
        if ($r) {
            /* this happens in attach_delete
            			q("DELETE FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s'",
            				intval($page_owner_uid),
            				dbesc($r[0]['resource_id'])
            			);
            			*/
            attach_delete($page_owner_uid, $r[0]['resource_id'], 1);
            /* this happens in attach_delete
            			$i = q("SELECT * FROM `item` WHERE `resource_id` = '%s' AND resource_type = 'photo' and `uid` = %d LIMIT 1",
            				dbesc($r[0]['resource_id']),
            				intval($page_owner_uid)
            			);
            			if(count($i)) {
            				drop_item($i[0]['id'],true,DROPITEM_PHASE1);
            				$url = $a->get_baseurl();
            			}
            			*/
        }
        goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']);
    }
    if ($a->argc > 2 && (x($_POST, 'desc') !== false || x($_POST, 'newtag') !== false) || x($_POST, 'albname') !== false) {
        $desc = x($_POST, 'desc') ? notags(trim($_POST['desc'])) : '';
        $rawtags = x($_POST, 'newtag') ? notags(trim($_POST['newtag'])) : '';
        $item_id = x($_POST, 'item_id') ? intval($_POST['item_id']) : 0;
        $albname = x($_POST, 'albname') ? notags(trim($_POST['albname'])) : '';
        $is_nsfw = x($_POST, 'adult') ? intval($_POST['adult']) : 0;
        $acl->set_from_array($_POST);
        $perm = $acl->get();
        $resource_id = $a->argv[2];
        if (!strlen($albname)) {
            $albname = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y');
        }
        if (x($_POST, 'rotate') !== false && (intval($_POST['rotate']) == 1 || intval($_POST['rotate']) == 2)) {
            logger('rotate');
            $r = q("select * from photo where `resource_id` = '%s' and uid = %d and scale = 0 limit 1", dbesc($resource_id), intval($page_owner_uid));
            if (count($r)) {
                $d = $r[0]['os_storage'] ? @file_get_contents($r[0]['data']) : dbunescbin($r[0]['data']);
                $ph = photo_factory($d, $r[0]['type']);
                if ($ph->is_valid()) {
                    $rotate_deg = intval($_POST['rotate']) == 1 ? 270 : 90;
                    $ph->rotate($rotate_deg);
                    $width = $ph->getWidth();
                    $height = $ph->getHeight();
                    if (intval($r[0]['os_storage'])) {
                        @file_put_contents($r[0]['data'], $ph->imageString());
                        $data = $r[0]['data'];
                        $fsize = @filesize($r[0]['data']);
                        q("update attach set filesize = %d where hash = '%s' and uid = %d limit 1", intval($fsize), dbesc($resource_id), intval($page_owner_uid));
                    } else {
                        $data = $ph->imageString();
                        $fsize = strlen($data);
                    }
                    $x = q("update photo set data = '%s', `size` = %d, height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 0", dbescbin($data), intval($fsize), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
                    if ($width > 1024 || $height > 1024) {
                        $ph->scaleImage(1024);
                    }
                    $width = $ph->getWidth();
                    $height = $ph->getHeight();
                    $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 1", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
                    if ($width > 640 || $height > 640) {
                        $ph->scaleImage(640);
                    }
                    $width = $ph->getWidth();
                    $height = $ph->getHeight();
                    $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 2", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
                    if ($width > 320 || $height > 320) {
                        $ph->scaleImage(320);
                    }
                    $width = $ph->getWidth();
                    $height = $ph->getHeight();
                    $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 3", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
                }
            }
        }
        $p = q("SELECT type, is_nsfw, description, resource_id, scale, allow_cid, allow_gid, deny_cid, deny_gid FROM photo WHERE resource_id = '%s' AND uid = %d ORDER BY scale DESC", dbesc($resource_id), intval($page_owner_uid));
        if ($p) {
            $ext = $phototypes[$p[0]['type']];
            $r = q("UPDATE `photo` SET `description` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", dbesc($desc), dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid));
        }
        $item_private = $str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny ? true : false;
        $old_is_nsfw = $p[0]['is_nsfw'];
        if ($old_is_nsfw != $is_nsfw) {
            $r = q("update photo set is_nsfw = %d where resource_id = '%s' and uid = %d", intval($is_nsfw), dbesc($resource_id), intval($page_owner_uid));
        }
        /* Don't make the item visible if the only change was the album name */
        $visibility = 0;
        if ($p[0]['description'] !== $desc || strlen($rawtags)) {
            $visibility = 1;
        }
        if (!$item_id) {
            $item_id = photos_create_item($a->data['channel'], get_observer_hash(), $p[0], $visibility);
        }
        if ($item_id) {
            $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item_id), intval($page_owner_uid));
            if ($r) {
                $old_tag = $r[0]['tag'];
                $old_inform = $r[0]['inform'];
            }
        }
        // make sure the linked item has the same permissions as the photo regardless of any other changes
        $x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d\n\t\t\twhere id = %d", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), intval($acl->is_private()), intval($item_id));
        // make sure the attach has the same permissions as the photo regardless of any other changes
        $x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d and is_photo = 1", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid));
        if (strlen($rawtags)) {
            $str_tags = '';
            $inform = '';
            // if the new tag doesn't have a namespace specifier (@foo or #foo) give it a mention
            $x = substr($rawtags, 0, 1);
            if ($x !== '@' && $x !== '#') {
                $rawtags = '@' . $rawtags;
            }
            require_once 'include/text.php';
            $profile_uid = $a->profile['profile_uid'];
            $results = linkify_tags($a, $rawtags, local_channel() ? local_channel() : $profile_uid);
            $success = $results['success'];
            $post_tags = array();
            foreach ($results as $result) {
                $success = $result['success'];
                if ($success['replaced']) {
                    $post_tags[] = array('uid' => $profile_uid, 'type' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url']);
                }
            }
            $r = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval($page_owner_uid));
            if ($r) {
                $r = fetch_post_tags($r, true);
                $datarray = $r[0];
                if ($post_tags) {
                    if (!array_key_exists('term', $datarray) || !is_array($datarray['term'])) {
                        $datarray['term'] = $post_tags;
                    } else {
                        $datarray['term'] = array_merge($datarray['term'], $post_tags);
                    }
                }
                item_store_update($datarray, $execflag);
            }
        }
        goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
        return;
        // NOTREACHED
    }
    /**
     * default post action - upload a photo
     */
    $channel = $a->data['channel'];
    $observer = $a->data['observer'];
    $_REQUEST['source'] = 'photos';
    require_once 'include/attach.php';
    if (!local_channel()) {
        $_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']);
        $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']);
        $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']);
        $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']);
    }
    $r = attach_store($a->channel, get_observer_hash(), '', $_REQUEST);
    if (!$r['success']) {
        notice($r['message'] . EOL);
    }
    if ($_REQUEST['newalbum']) {
        goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($_REQUEST['newalbum']));
    } else {
        goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex(datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y')));
    }
}
Esempio n. 3
0
File: photos.php Progetto: Mauru/red
function photos_post(&$a)
{
    logger('mod-photos: photos_post: begin', LOGGER_DEBUG);
    logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA);
    logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA);
    $ph = photo_factory('');
    $phototypes = $ph->supportedTypes();
    $can_post = false;
    $page_owner_uid = $a->data['channel']['channel_id'];
    if (perm_is_allowed($page_owner_uid, get_observer_hash(), 'post_photos')) {
        $can_post = true;
    }
    if (!$can_post) {
        notice(t('Permission denied.') . EOL);
        if (is_ajax()) {
            killme();
        }
        return;
    }
    $s = abook_self($page_owner_uid);
    if (!$s) {
        notice(t('Page owner information could not be retrieved.') . EOL);
        logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid);
        if (is_ajax()) {
            killme();
        }
        return;
    }
    $owner_record = $s[0];
    if (argc() > 3 && argv(2) === 'album') {
        $album = hex2bin(argv(3));
        if ($album === t('Profile Photos')) {
            // not allowed
            goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
        }
        if (!photos_album_exists($page_owner_uid, $album)) {
            notice(t('Album not found.') . EOL);
            goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
        }
        /*
         * RENAME photo album
         */
        $newalbum = notags(trim($_REQUEST['albumname']));
        if ($newalbum != $album) {
            $x = photos_album_rename($page_owner_uid, $album, $newalbum);
            if ($x) {
                $newurl = str_replace(bin2hex($album), bin2hex($newalbum), $_SESSION['photo_return']);
                goaway($a->get_baseurl() . '/' . $newurl);
            }
        }
        /*
         * DELETE photo album and all its photos
         */
        if ($_REQUEST['dropalbum'] == t('Delete Album')) {
            $res = array();
            // get the list of photos we are about to delete
            if (remote_user() && !local_user()) {
                $str = photos_album_get_db_idstr($page_owner_uid, $album, remote_user());
            } elseif (local_user()) {
                $str = photos_album_get_db_idstr(local_user(), $album);
            } else {
                $str = null;
            }
            if (!$str) {
                goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
            }
            $r = q("select id, item_restrict from item where resource_id in ( {$str} ) and resource_type = 'photo' and uid = %d", intval($page_owner_uid));
            if ($r) {
                foreach ($r as $i) {
                    drop_item($i['id'], false);
                    if (!$item_restrict) {
                        proc_run('php', 'include/notifier.php', 'drop', $i['id']);
                    }
                }
            }
            // remove the associated photos in case they weren't attached to an item
            q("delete from photo where resource_id in ( {$str} ) and uid = %d", intval($page_owner_uid));
        }
        goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address']);
    }
    if (argc() > 2 && x($_REQUEST, 'delete') && $_REQUEST['delete'] === t('Delete Photo')) {
        // same as above but remove single photo
        $ob_hash = get_observer_hash();
        if (!$ob_hash) {
            goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
        }
        $r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1", dbesc($ob_hash), intval(local_user()), dbesc($a->argv[2]));
        if ($r) {
            q("DELETE FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s'", intval($page_owner_uid), dbesc($r[0]['resource_id']));
            $i = q("SELECT * FROM `item` WHERE `resource_id` = '%s' AND resource_type = 'photo' and `uid` = %d LIMIT 1", dbesc($r[0]['resource_id']), intval($page_owner_uid));
            if (count($i)) {
                q("UPDATE `item` SET item_restrict = (item_restrict | %d), `edited` = '%s', `changed` = '%s' WHERE `parent_mid` = '%s' AND `uid` = %d", intval(ITEM_DELETED), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($i[0]['mid']), intval($page_owner_uid));
                $url = $a->get_baseurl();
                $drop_id = intval($i[0]['id']);
                if ($i[0]['visible']) {
                    proc_run('php', "include/notifier.php", "drop", "{$drop_id}");
                }
            }
        }
        goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
    }
    if ($a->argc > 2 && (x($_POST, 'desc') !== false || x($_POST, 'newtag') !== false) || x($_POST, 'albname') !== false) {
        $desc = x($_POST, 'desc') ? notags(trim($_POST['desc'])) : '';
        $rawtags = x($_POST, 'newtag') ? notags(trim($_POST['newtag'])) : '';
        $item_id = x($_POST, 'item_id') ? intval($_POST['item_id']) : 0;
        $albname = x($_POST, 'albname') ? notags(trim($_POST['albname'])) : '';
        $str_group_allow = perms2str($_POST['group_allow']);
        $str_contact_allow = perms2str($_POST['contact_allow']);
        $str_group_deny = perms2str($_POST['group_deny']);
        $str_contact_deny = perms2str($_POST['contact_deny']);
        $resource_id = $a->argv[2];
        if (!strlen($albname)) {
            $albname = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y');
        }
        if (x($_POST, 'rotate') !== false && (intval($_POST['rotate']) == 1 || intval($_POST['rotate']) == 2)) {
            logger('rotate');
            $r = q("select * from photo where `resource_id` = '%s' and uid = %d and scale = 0 limit 1", dbesc($resource_id), intval($page_owner_uid));
            if (count($r)) {
                $ph = photo_factory($r[0]['data'], $r[0]['type']);
                if ($ph->is_valid()) {
                    $rotate_deg = intval($_POST['rotate']) == 1 ? 270 : 90;
                    $ph->rotate($rotate_deg);
                    $width = $ph->getWidth();
                    $height = $ph->getHeight();
                    $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 0 limit 1", dbesc($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
                    if ($width > 640 || $height > 640) {
                        $ph->scaleImage(640);
                        $width = $ph->getWidth();
                        $height = $ph->getHeight();
                        $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 1 limit 1", dbesc($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
                    }
                    if ($width > 320 || $height > 320) {
                        $ph->scaleImage(320);
                        $width = $ph->getWidth();
                        $height = $ph->getHeight();
                        $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 2 limit 1", dbesc($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
                    }
                }
            }
        }
        $p = q("SELECT * FROM `photo` WHERE `resource_id` = '%s' AND `uid` = %d and ( photo_flags = %d or photo_flags = %d ) ORDER BY `scale` DESC", dbesc($resource_id), intval($page_owner_uid), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE));
        if (count($p)) {
            $ext = $phototypes[$p[0]['type']];
            $r = q("UPDATE `photo` SET `description` = '%s', `album` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", dbesc($desc), dbesc($albname), dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), dbesc($resource_id), intval($page_owner_uid));
        }
        $item_private = $str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny ? true : false;
        /* Don't make the item visible if the only change was the album name */
        $visibility = 0;
        if ($p[0]['description'] !== $desc || strlen($rawtags)) {
            $visibility = 1;
        }
        if (!$item_id) {
            $item_id = photos_create_item($a->data['channel'], get_observer_hash(), $p[0], $visibility);
        }
        if ($item_id) {
            $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item_id), intval($page_owner_uid));
        }
        if ($r) {
            $old_tag = $r[0]['tag'];
            $old_inform = $r[0]['inform'];
        }
        // make sure the linked item has the same permissions as the photo regardless of any other changes
        $x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d\n\t\t\twhere id = %d limit 1", dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval($item_private), intval($item_id));
        if (strlen($rawtags)) {
            $str_tags = '';
            $inform = '';
            // if the new tag doesn't have a namespace specifier (@foo or #foo) give it a mention
            $x = substr($rawtags, 0, 1);
            if ($x !== '@' && $x !== '#') {
                $rawtags = '@' . $rawtags;
            }
            $taginfo = array();
            $tags = get_tags($rawtags);
            if (count($tags)) {
                foreach ($tags as $tag) {
                    // If we already tagged 'Robert Johnson', don't try and tag 'Robert'.
                    // Robert Johnson should be first in the $tags array
                    $fullnametagged = false;
                    for ($x = 0; $x < count($tagged); $x++) {
                        if (stristr($tagged[$x], $tag . ' ')) {
                            $fullnametagged = true;
                            break;
                        }
                    }
                    if ($fullnametagged) {
                        continue;
                    }
                    require_once 'mod/item.php';
                    $body = $access_tag = '';
                    $success = handle_tag($a, $body, $access_tag, $str_tags, local_user() ? local_user() : $a->profile['profile_uid'], $tag);
                    logger('handle_tag: ' . print_r($success, tue), LOGGER_DEBUG);
                    if ($access_tag) {
                        logger('access_tag: ' . $tag . ' ' . print_r($access_tag, true), LOGGER_DEBUG);
                        if (strpos($access_tag, 'cid:') === 0) {
                            $str_contact_allow .= '<' . substr($access_tag, 4) . '>';
                            $access_tag = '';
                        } elseif (strpos($access_tag, 'gid:') === 0) {
                            $str_group_allow .= '<' . substr($access_tag, 4) . '>';
                            $access_tag = '';
                        }
                    }
                    if ($success['replaced']) {
                        $tagged[] = $tag;
                        $post_tags[] = array('uid' => $a->profile['profile_uid'], 'type' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url']);
                    }
                }
            }
            $r = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval($page_owner_uid));
            if ($r) {
                $datarray = $r[0];
                $datarray['term'] = $post_tags;
                item_store_update($datarray, $execflag);
            }
        }
        goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
        return;
        // NOTREACHED
    }
    /**
     * default post action - upload a photo
     */
    $_REQUEST['source'] = 'photos';
    $r = photo_upload($a->channel, $a->get_observer(), $_REQUEST);
    if (!$r['success']) {
        notice($r['message'] . EOL);
    }
    goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}