function post()
{
$channel = \App::get_channel();
check_form_security_token_redirectOnErr('/settings/tokens', 'settings_tokens');
$token_errs = 0;
if (array_key_exists('token', $_POST)) {
$atoken_id = $_POST['atoken_id'] ? intval($_POST['atoken_id']) : 0;
$name = trim(escape_tags($_POST['name']));
$token = trim($_POST['token']);
if (!$name || !$token) {
$token_errs++;
}
if (trim($_POST['expires'])) {
$expires = datetime_convert(date_default_timezone_get(), 'UTC', $_POST['expires']);
} else {
$expires = NULL_DATE;
}
$max_atokens = service_class_fetch(local_channel(), 'access_tokens');
if ($max_atokens) {
$r = q("select count(atoken_id) as total where atoken_uid = %d", intval(local_channel()));
if ($r && intval($r[0]['total']) >= $max_tokens) {
notice(sprintf(t('This channel is limited to %d tokens'), $max_tokens) . EOL);
return;
}
}
}
if ($token_errs) {
notice(t('Name and Password are required.') . EOL);
return;
}
if ($atoken_id) {
$r = q("update atoken set atoken_name = '%s', atoken_token = '%s', atoken_expires = '%s' \n\t\t\t\twhere atoken_id = %d and atoken_uid = %d", dbesc($name), dbesc($token), dbesc($expires), intval($atoken_id), intval($channel['channel_id']));
} else {
$r = q("insert into atoken ( atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expires )\n\t\t\t\tvalues ( %d, %d, '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel['channel_id']), dbesc($name), dbesc($token), dbesc($expires));
}
$atoken_xchan = substr($channel['channel_hash'], 0, 16) . '.' . $name;
$all_perms = \Zotlabs\Access\Permissions::Perms();
if ($all_perms) {
foreach ($all_perms as $perm => $desc) {
if (array_key_exists('perms_' . $perm, $_POST)) {
set_abconfig($channel['channel_id'], $atoken_xchan, 'my_perms', $perm, intval($_POST['perms_' . $perm]));
} else {
set_abconfig($channel['channel_id'], $atoken_xchan, 'my_perms', $perm, 0);
}
}
}
info(t('Token saved.') . EOL);
return;
}
function chatroom_enter($observer_xchan, $room_id, $status, $client)
{
if (!$room_id || !$observer_xchan) {
return;
}
$r = q("select * from chatroom where cr_id = %d limit 1", intval($room_id));
if (!$r) {
notice(t('Room not found.') . EOL);
return false;
}
require_once 'include/security.php';
$sql_extra = permissions_sql($r[0]['cr_uid']);
$x = q("select * from chatroom where cr_id = %d and cr_uid = %d {$sql_extra} limit 1", intval($room_id), intval($r[0]['cr_uid']));
if (!$x) {
notice(t('Permission denied.') . EOL);
return false;
}
$limit = service_class_fetch($r[0]['cr_uid'], 'chatters_inroom');
if ($limit !== false) {
$y = q("select count(*) as total from chatpresence where cp_room = %d", intval($room_id));
if ($y && $y[0]['total'] > $limit) {
notice(t('Room is full') . EOL);
return false;
}
}
if (intval($x[0]['cr_expire'])) {
$sql = "delete from chat where created < UTC_TIMESTAMP() - INTERVAL " . intval($x[0]['cr_expire']) . " MINUTE and chat_room = " . intval($x[0]['cr_id']);
$r = q($sql);
}
$r = q("select * from chatpresence where cp_xchan = '%s' and cp_room = %d limit 1", dbesc($observer_xchan), intval($room_id));
if ($r) {
q("update chatpresence set cp_last = '%s' where cp_id = %d and cp_client = '%s' limit 1", dbesc(datetime_convert()), intval($r[0]['cp_id']), dbesc($client));
return true;
}
$r = q("insert into chatpresence ( cp_room, cp_xchan, cp_last, cp_status, cp_client )\n\t\tvalues ( %d, '%s', '%s', '%s', '%s' )", intval($room_id), dbesc($observer_xchan), dbesc(datetime_convert()), dbesc($status), dbesc($client));
return $r;
}
function wall_attach_post(&$a)
{
if ($a->argc > 1) {
$nick = $a->argv[1];
$r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($nick));
if (!count($r)) {
return;
}
} else {
return;
}
$can_post = false;
$visitor = 0;
$page_owner_uid = $r[0]['uid'];
$page_owner_cid = $r[0]['id'];
$page_owner_nick = $r[0]['nickname'];
$community_page = $r[0]['page-flags'] == PAGE_COMMUNITY ? true : false;
if (local_user() && local_user() == $page_owner_uid) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
$cid = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $page_owner_uid) {
$cid = $v['cid'];
break;
}
}
}
if ($cid) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($cid), intval($page_owner_uid));
if (count($r)) {
$can_post = true;
$visitor = $cid;
}
}
}
}
if (!$can_post) {
notice(t('Permission denied.') . EOL);
killme();
}
if (!x($_FILES, 'userfile')) {
killme();
}
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$maxfilesize = get_config('system', 'maxfilesize');
/* Found html code written in text field of form,
* when trying to upload a file with filesize
* greater than upload_max_filesize. Cause is unknown.
* Then Filesize gets <= 0.
*/
if ($filesize <= 0) {
notice(t('Sorry, maybe your upload is bigger than the PHP configuration allows') . EOL . t('Or - did you try to upload an empty file?') . EOL);
@unlink($src);
killme();
}
if ($maxfilesize && $filesize > $maxfilesize) {
notice(sprintf(t('File exceeds size limit of %d'), $maxfilesize) . EOL);
@unlink($src);
return;
}
$r = q("select sum(octet_length(data)) as total from attach where uid = %d ", intval($page_owner_uid));
$limit = service_class_fetch($page_owner_uid, 'attach_upload_limit');
if ($limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) {
echo upgrade_message(true) . EOL;
@unlink($src);
killme();
}
$filedata = @file_get_contents($src);
$mimetype = z_mime_content_type($filename);
$hash = random_string();
$created = datetime_convert();
$r = q("INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )\n\t\tVALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($page_owner_uid), dbesc($hash), dbesc($filename), dbesc($mimetype), intval($filesize), dbesc($filedata), dbesc($created), dbesc($created), dbesc('<' . $page_owner_cid . '>'), dbesc(''), dbesc(''), dbesc(''));
@unlink($src);
if (!$r) {
echo t('File upload failed.') . EOL;
killme();
}
$r = q("SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1", intval($page_owner_uid), dbesc($created), dbesc($hash));
if (!count($r)) {
echo t('File upload failed.') . EOL;
killme();
}
$lf = "\n";
echo $lf . $lf . '[attachment]' . $r[0]['id'] . '[/attachment]' . $lf;
killme();
// NOTREACHED
}
function process_channel_sync_delivery($sender, $arr, $deliveries)
{
/** @FIXME this will sync red structures (channel, pconfig and abook). Eventually we need to make this application agnostic. */
$result = array();
foreach ($deliveries as $d) {
$r = q("select * from channel where channel_hash = '%s' limit 1", dbesc($d['hash']));
if (!$r) {
$result[] = array($d['hash'], 'not found');
continue;
}
$channel = $r[0];
$max_friends = service_class_fetch($channel['channel_id'], 'total_channels');
$max_feeds = account_service_class_fetch($channel['channel_account_id'], 'total_feeds');
if ($channel['channel_hash'] != $sender['hash']) {
logger('process_channel_sync_delivery: possible forgery. Sender ' . $sender['hash'] . ' is not ' . $channel['channel_hash']);
$result[] = array($d['hash'], 'channel mismatch', $channel['channel_name'], '');
continue;
}
if (array_key_exists('config', $arr) && is_array($arr['config']) && count($arr['config'])) {
foreach ($arr['config'] as $cat => $k) {
foreach ($arr['config'][$cat] as $k => $v) {
set_pconfig($channel['channel_id'], $cat, $k, $v);
}
}
}
if (array_key_exists('channel', $arr) && is_array($arr['channel']) && count($arr['channel'])) {
$disallowed = array('channel_id', 'channel_account_id', 'channel_primary', 'channel_prvkey', 'channel_address', 'channel_notifyflags');
$clean = array();
foreach ($arr['channel'] as $k => $v) {
if (in_array($k, $disallowed)) {
continue;
}
$clean[$k] = $v;
}
if (count($clean)) {
foreach ($clean as $k => $v) {
$r = dbq("UPDATE channel set " . dbesc($k) . " = '" . dbesc($v) . "' where channel_id = " . intval($channel['channel_id']));
}
}
}
if (array_key_exists('abook', $arr) && is_array($arr['abook']) && count($arr['abook'])) {
$total_friends = 0;
$total_feeds = 0;
$r = q("select abook_id, abook_flags from abook where abook_channel = %d", intval($channel['channel_id']));
if ($r) {
// don't count yourself
$total_friends = count($r) > 0 ? count($r) - 1 : 0;
foreach ($r as $rr) {
if ($rr['abook_flags'] & ABOOK_FLAG_FEED) {
$total_feeds++;
}
}
}
$disallowed = array('abook_id', 'abook_account', 'abook_channel');
foreach ($arr['abook'] as $abook) {
$clean = array();
if ($abook['abook_xchan'] && $abook['entry_deleted']) {
logger('process_channel_sync_delivery: removing abook entry for ' . $abook['abook_xchan']);
require_once 'include/Contact.php';
$r = q("select abook_id, abook_flags from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d )>0 limit 1", dbesc($abook['abook_xchan']), intval($channel['channel_id']), intval(ABOOK_FLAG_SELF));
if ($r) {
contact_remove($channel['channel_id'], $r[0]['abook_id']);
if ($total_friends) {
$total_friends--;
}
if ($r[0]['abook_flags'] & ABOOK_FLAG_FEED) {
$total_feeds--;
}
}
continue;
}
// Perform discovery if the referenced xchan hasn't ever been seen on this hub.
// This relies on the undocumented behaviour that red sites send xchan info with the abook
if ($abook['abook_xchan'] && $abook['xchan_address']) {
$h = zot_get_hublocs($abook['abook_xchan']);
if (!$h) {
$f = zot_finger($abook['xchan_address'], $channel);
if (!$f['success']) {
logger('process_channel_sync_delivery: abook not probe-able' . $abook['xchan_address']);
continue;
}
$j = json_decode($f['body'], true);
if (!($j['success'] && $j['guid'])) {
logger('process_channel_sync_delivery: probe failed.');
continue;
}
$x = import_xchan($j);
if (!$x['success']) {
logger('process_channel_sync_delivery: import failed.');
continue;
}
}
}
foreach ($abook as $k => $v) {
if (in_array($k, $disallowed) || strpos($k, 'abook') !== 0) {
continue;
}
$clean[$k] = $v;
}
if (!array_key_exists('abook_xchan', $clean)) {
continue;
}
$r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($clean['abook_xchan']), intval($channel['channel_id']));
// make sure we have an abook entry for this xchan on this system
if (!$r) {
if ($max_friends !== false && $total_friends > $max_friends) {
logger('process_channel_sync_delivery: total_channels service class limit exceeded');
continue;
}
if ($max_feeds !== false && $clean['abook_flags'] & ABOOK_FLAG_FEED && $total_feeds > $max_feeds) {
logger('process_channel_sync_delivery: total_feeds service class limit exceeded');
continue;
}
q("insert into abook ( abook_xchan, abook_channel ) values ('%s', %d ) ", dbesc($clean['abook_xchan']), intval($channel['channel_id']));
$total_friends++;
if ($clean['abook_flags'] & ABOOK_FLAG_FEED) {
$total_feeds++;
}
}
if (count($clean)) {
foreach ($clean as $k => $v) {
if ($k == 'abook_dob') {
$v = dbescdate($v);
}
$r = dbq("UPDATE abook set " . dbesc($k) . " = '" . dbesc($v) . "' where abook_xchan = '" . dbesc($clean['abook_xchan']) . "' and abook_channel = " . intval($channel['channel_id']));
}
}
}
}
// sync collections (privacy groups) oh joy...
if (array_key_exists('collections', $arr) && is_array($arr['collections']) && count($arr['collections'])) {
$x = q("select * from groups where uid = %d", intval($channel['channel_id']));
foreach ($arr['collections'] as $cl) {
$found = false;
if ($x) {
foreach ($x as $y) {
if ($cl['collection'] == $y['hash']) {
$found = true;
break;
}
}
if ($found) {
if ($y['name'] != $cl['name'] || $y['visible'] != $cl['visible'] || $y['deleted'] != $cl['deleted']) {
q("update groups set name = '%s', visible = %d, deleted = %d where hash = '%s' and uid = %d", dbesc($cl['name']), intval($cl['visible']), intval($cl['deleted']), dbesc($cl['hash']), intval($channel['channel_id']));
}
if (intval($cl['deleted']) && !intval($y['deleted'])) {
q("delete from group_member where gid = %d", intval($y['id']));
}
}
}
if (!$found) {
$r = q("INSERT INTO `groups` ( hash, uid, visible, deleted, name )\n\t\t\t\t\t\tVALUES( '%s', %d, %d, %d, '%s' ) ", dbesc($cl['collection']), intval($channel['channel_id']), intval($cl['visible']), intval($cl['deleted']), dbesc($cl['name']));
}
// now look for any collections locally which weren't in the list we just received.
// They need to be removed by marking deleted and removing the members.
// This shouldn't happen except for clones created before this function was written.
if ($x) {
$found_local = false;
foreach ($x as $y) {
foreach ($arr['collections'] as $cl) {
if ($cl['collection'] == $y['hash']) {
$found_local = true;
break;
}
}
if (!$found_local) {
q("delete from group_member where gid = %d", intval($y['id']));
q("update groups set deleted = 1 where id = %d and uid = %d", intval($y['id']), intval($channel['channel_id']));
}
}
}
}
// reload the group list with any updates
$x = q("select * from groups where uid = %d", intval($channel['channel_id']));
// now sync the members
if (array_key_exists('collection_members', $arr) && is_array($arr['collection_members']) && count($arr['collection_members'])) {
// first sort into groups keyed by the group hash
$members = array();
foreach ($arr['collection_members'] as $cm) {
if (!array_key_exists($cm['collection'], $members)) {
$members[$cm['collection']] = array();
}
$members[$cm['collection']][] = $cm['member'];
}
// our group list is already synchronised
if ($x) {
foreach ($x as $y) {
// for each group, loop on members list we just received
foreach ($members[$y['hash']] as $member) {
$found = false;
$z = q("select xchan from group_member where gid = %d and uid = %d and xchan = '%s' limit 1", intval($y['id']), intval($channel['channel_id']), dbesc($member));
if ($z) {
$found = true;
}
// if somebody is in the group that wasn't before - add them
if (!$found) {
q("INSERT INTO `group_member` (`uid`, `gid`, `xchan`)\n\t\t\t\t\t\t\t\t\tVALUES( %d, %d, '%s' ) ", intval($channel['channel_id']), intval($y['id']), dbesc($member));
}
}
// now retrieve a list of members we have on this site
$m = q("select xchan from group_member where gid = %d and uid = %d", intval($y['id']), intval($channel['channel_id']));
if ($m) {
foreach ($m as $mm) {
// if the local existing member isn't in the list we just received - remove them
if (!in_array($mm['xchan'], $members[$y['hash']])) {
q("delete from group_member where xchan = '%s' and gid = %d and uid = %d", dbesc($mm['xchan']), intval($y['id']), intval($channel['channel_id']));
}
}
}
}
}
}
}
if (array_key_exists('profile', $arr) && is_array($arr['profile']) && count($arr['profile'])) {
$disallowed = array('id', 'aid', 'uid');
foreach ($arr['profile'] as $profile) {
$x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1", dbesc($profile['profile_guid']), intval($channel['channel_id']));
if (!$x) {
q("insert into profile ( profile_guid, aid, uid ) values ('%s', %d, %d)", dbesc($profile['profile_guid']), intval($channel['channel_account_id']), intval($channel['channel_id']));
$x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1", dbesc($profile['profile_guid']), intval($channel['channel_id']));
if (!$x) {
continue;
}
}
$clean = array();
foreach ($profile as $k => $v) {
if (in_array($k, $disallowed)) {
continue;
}
$clean[$k] = $v;
/**
* @TODO check if these are allowed, otherwise we'll error
* We also need to import local photos if a custom photo is selected
*/
}
if (count($clean)) {
foreach ($clean as $k => $v) {
$r = dbq("UPDATE profile set " . dbesc($k) . " = '" . dbesc($v) . "' where profile_guid = '" . dbesc($profile['profile_guid']) . "' and uid = " . intval($channel['channel_id']));
}
}
}
}
$result[] = array($d['hash'], 'channel sync updated', $channel['channel_name'], '');
}
return $result;
}
public static function run($argc, $argv)
{
$maxsysload = intval(get_config('system', 'maxloadavg'));
if ($maxsysload < 1) {
$maxsysload = 50;
}
if (function_exists('sys_getloadavg')) {
$load = sys_getloadavg();
if (intval($load[0]) > $maxsysload) {
logger('system: load ' . $load . ' too high. Poller deferred to next scheduled run.');
return;
}
}
$interval = intval(get_config('system', 'poll_interval'));
if (!$interval) {
$interval = get_config('system', 'delivery_interval') === false ? 3 : intval(get_config('system', 'delivery_interval'));
}
// Check for a lockfile. If it exists, but is over an hour old, it's stale. Ignore it.
$lockfile = 'store/[data]/poller';
if (file_exists($lockfile) && filemtime($lockfile) > time() - 3600 && !get_config('system', 'override_poll_lockfile')) {
logger("poller: Already running");
return;
}
// Create a lockfile. Needs two vars, but $x doesn't need to contain anything.
file_put_contents($lockfile, $x);
logger('poller: start');
$manual_id = 0;
$generation = 0;
$force = false;
$restart = false;
if ($argc > 1 && $argv[1] == 'force') {
$force = true;
}
if ($argc > 1 && $argv[1] == 'restart') {
$restart = true;
$generation = intval($argv[2]);
if (!$generation) {
killme();
}
}
if ($argc > 1 && intval($argv[1])) {
$manual_id = intval($argv[1]);
$force = true;
}
$sql_extra = $manual_id ? " AND abook_id = " . intval($manual_id) . " " : "";
reload_plugins();
$d = datetime_convert();
// Only poll from those with suitable relationships
$abandon_sql = $abandon_days ? sprintf(" AND account_lastlog > %s - INTERVAL %s ", db_utcnow(), db_quoteinterval(intval($abandon_days) . ' DAY')) : '';
$randfunc = db_getfunc('RAND');
$contacts = q("SELECT * FROM abook LEFT JOIN xchan on abook_xchan = xchan_hash \n\t\t\tLEFT JOIN account on abook_account = account_id\n\t\t\twhere abook_self = 0\n\t\t\t{$sql_extra} \n\t\t\tAND (( account_flags = %d ) OR ( account_flags = %d )) {$abandon_sql} ORDER BY {$randfunc}", intval(ACCOUNT_OK), intval(ACCOUNT_UNVERIFIED));
if ($contacts) {
foreach ($contacts as $contact) {
$update = false;
$t = $contact['abook_updated'];
$c = $contact['abook_connected'];
if (intval($contact['abook_feed'])) {
$min = service_class_fetch($contact['abook_channel'], 'minimum_feedcheck_minutes');
if (!$min) {
$min = intval(get_config('system', 'minimum_feedcheck_minutes'));
}
if (!$min) {
$min = 60;
}
$x = datetime_convert('UTC', 'UTC', "now - {$min} minutes");
if ($c < $x) {
Master::Summon(array('Onepoll', $contact['abook_id']));
if ($interval) {
@time_sleep_until(microtime(true) + (double) $interval);
}
}
continue;
}
if ($contact['xchan_network'] !== 'zot') {
continue;
}
if ($c == $t) {
if (datetime_convert('UTC', 'UTC', 'now') > datetime_convert('UTC', 'UTC', $t . " + 1 day")) {
$update = true;
}
} else {
// if we've never connected with them, start the mark for death countdown from now
if ($c == NULL_DATE) {
$r = q("update abook set abook_connected = '%s' where abook_id = %d", dbesc(datetime_convert()), intval($contact['abook_id']));
$c = datetime_convert();
$update = true;
}
// He's dead, Jim
if (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $c . " + 30 day")) > 0) {
$r = q("update abook set abook_archived = 1 where abook_id = %d", intval($contact['abook_id']));
$update = false;
continue;
}
if (intval($contact['abook_archived'])) {
$update = false;
continue;
}
// might be dead, so maybe don't poll quite so often
// recently deceased, so keep up the regular schedule for 3 days
if (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $c . " + 3 day")) > 0 && strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $t . " + 1 day")) > 0) {
$update = true;
}
// After that back off and put them on a morphine drip
if (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $t . " + 2 day")) > 0) {
$update = true;
}
}
if (intval($contact['abook_pending']) || intval($contact['abook_archived']) || intval($contact['abook_ignored']) || intval($contact['abook_blocked'])) {
continue;
}
if (!$update && !$force) {
continue;
}
Master::Summon(array('Onepoll', $contact['abook_id']));
if ($interval) {
@time_sleep_until(microtime(true) + (double) $interval);
}
}
}
if ($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) {
$r = q("SELECT u.ud_addr, u.ud_id, u.ud_last FROM updates AS u INNER JOIN (SELECT ud_addr, max(ud_id) AS ud_id FROM updates WHERE ( ud_flags & %d ) = 0 AND ud_addr != '' AND ( ud_last = '%s' OR ud_last > %s - INTERVAL %s ) GROUP BY ud_addr) AS s ON s.ud_id = u.ud_id ", intval(UPDATE_FLAGS_UPDATED), dbesc(NULL_DATE), db_utcnow(), db_quoteinterval('7 DAY'));
if ($r) {
foreach ($r as $rr) {
// If they didn't respond when we attempted before, back off to once a day
// After 7 days we won't bother anymore
if ($rr['ud_last'] != NULL_DATE) {
if ($rr['ud_last'] > datetime_convert('UTC', 'UTC', 'now - 1 day')) {
continue;
}
}
Master::Summon(array('Onedirsync', $rr['ud_id']));
if ($interval) {
@time_sleep_until(microtime(true) + (double) $interval);
}
}
}
}
set_config('system', 'lastpoll', datetime_convert());
//All done - clear the lockfile
@unlink($lockfile);
return;
}
/**
* @brief Check service_class restrictions.
*
* If there are no service_classes defined, everything is allowed.
* If $usage is supplied, we check against a maximum count and return true if
* the current usage is less than the subscriber plan allows. Otherwise we
* return boolean true or false if the property is allowed (or not) in this
* subscriber plan. An unset property for this service plan means the property
* is allowed, so it is only necessary to provide negative properties for each
* plan, or what the subscriber is not allowed to do.
*
* Like account_service_class_allows() but queries directly by account rather
* than channel. Service classes are set for accounts, so we look up the
* account for the channel and fetch the service class restrictions of the
* account.
*
* @see account_service_class_allows() if you have a channel_id already
* @see service_class_fetch()
*
* @param int $uid The channel_id to check
* @param string $property The service class property to check for
* @param string|boolean $usage (optional) The value to check against
* @return boolean
*/
function service_class_allows($uid, $property, $usage = false)
{
$limit = service_class_fetch($uid, $property);
if ($limit === false) {
return true;
}
// No service class set => everything is allowed
if ($usage === false) {
// We use negative values for not allowed properties in a subscriber plan
return x($limit) ? (bool) $limit : true;
} else {
return intval($usage) < intval($limit) ? true : false;
}
}
/**
* @brief Creates a form to add new folders and upload files.
*
* @param \Sabre\DAV\INode $node
* @param string &$output
*/
public function htmlActionsPanel(DAV\INode $node, &$output)
{
if (!$node instanceof DAV\ICollection) {
return;
}
// We also know fairly certain that if an object is a non-extended
// SimpleCollection, we won't need to show the panel either.
if (get_class($node) === 'Sabre\\DAV\\SimpleCollection') {
return;
}
// Storage and quota for the account (all channels of the owner of this directory)!
$limit = engr_units_to_bytes(service_class_fetch($owner, 'attach_upload_limit'));
$r = q("SELECT SUM(filesize) AS total FROM attach WHERE aid = %d", intval($this->auth->channel_account_id));
$used = $r[0]['total'];
if ($used) {
$quotaDesc = t('You are using %1$s of your available file storage.');
$quotaDesc = sprintf($quotaDesc, userReadableSize($used));
}
if ($limit && $used) {
$quotaDesc = t('You are using %1$s of %2$s available file storage. (%3$s%)');
$quotaDesc = sprintf($quotaDesc, userReadableSize($used), userReadableSize($limit), round($used / $limit, 1) * 100);
}
// prepare quota for template
$quota = array();
$quota['used'] = $used;
$quota['limit'] = $limit;
$quota['desc'] = $quotaDesc;
$quota['warning'] = $limit && round($used / $limit, 1) * 100 >= 90 ? t('WARNING:') : '';
// 10485760 bytes = 100MB
$output .= replace_macros(get_markup_template('cloud_actionspanel.tpl'), array('$folder_header' => t('Create new folder'), '$folder_submit' => t('Create'), '$upload_header' => t('Upload file'), '$upload_submit' => t('Upload'), '$quota' => $quota));
}
/**
* A lot going on in this function, and some of it is old cruft and some is new cruft
* and the entire thing probably needs to be refactored. It started out just storing
* files, before we had DAV. It was made extensible to do extra stuff like edit an
* existing file or optionally store a separate revision using $options to choose between different
* storage models. Along the way we moved from
* DB data storage to file system storage.
* Then DAV came along and used different upload methods depending on whether the
* file was stored as a DAV directory object or updated as a file object. One of these
* is essentially an update and the other is basically an upload, but doesn't use the traditional PHP
* upload workflow.
* Then came hubzilla and we tried to merge photo functionality with the file storage. Most of
* that integration occurs within this function.
* This required overlap with the old photo_upload stuff and photo albums were
* completely different concepts from directories which needed to be reconciled somehow.
* The old revision stuff is kind of orphaned currently. There's new revision stuff for photos
* which attaches (2) etc. onto the name, but doesn't integrate with the attach table revisioning.
* That's where it sits currently. I repeat it needs to be refactored, and this note is here
* for future explorers and those who may be doing that work to understand where it came
* from and got to be the monstrosity of tangled unrelated code that it currently is.
*/
function attach_store($channel, $observer_hash, $options = '', $arr = null)
{
require_once 'include/photos.php';
call_hooks('photo_upload_begin', $arr);
$ret = array('success' => false);
$channel_id = $channel['channel_id'];
$sql_options = '';
$source = $arr ? $arr['source'] : '';
$album = $arr ? $arr['album'] : '';
$newalbum = $arr ? $arr['newalbum'] : '';
$hash = $arr && $arr['hash'] ? $arr['hash'] : null;
$upload_path = $arr && $arr['directory'] ? $arr['directory'] : '';
$visible = $arr && $arr['visible'] ? $arr['visible'] : '';
$observer = array();
if ($observer_hash) {
$x = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($observer_hash));
if ($x) {
$observer = $x[0];
}
}
logger('arr: ' . print_r($arr, true));
if (!perm_is_allowed($channel_id, $observer_hash, 'write_storage')) {
$ret['message'] = t('Permission denied.');
return $ret;
}
$str_group_allow = perms2str($arr['group_allow']);
$str_contact_allow = perms2str($arr['contact_allow']);
$str_group_deny = perms2str($arr['group_deny']);
$str_contact_deny = perms2str($arr['contact_deny']);
// The 'update' option sets db values without uploading a new attachment
// 'replace' replaces the existing uploaded data
// 'revision' creates a new revision with new upload data
// Default is to upload a new file
// revise or update must provide $arr['hash'] of the thing to revise/update
// By default remove $src when finished
$remove_when_processed = true;
if ($options === 'import') {
$src = $arr['src'];
$filename = $arr['filename'];
$filesize = @filesize($src);
$hash = $arr['resource_id'];
if (array_key_exists('hash', $arr)) {
$hash = $arr['hash'];
}
if (array_key_exists('type', $arr)) {
$type = $arr['type'];
}
if ($arr['preserve_original']) {
$remove_when_processed = false;
}
// if importing a directory, just do it now and go home - we're done.
if (array_key_exists('is_dir', $arr) && intval($arr['is_dir'])) {
$x = attach_mkdir($channel, $observer_hash, $arr);
if ($x['message']) {
logger('import_directory: ' . $x['message']);
}
return;
}
} elseif ($options !== 'update') {
$f = array('src' => '', 'filename' => '', 'filesize' => 0, 'type' => '');
call_hooks('photo_upload_file', $f);
call_hooks('attach_upload_file', $f);
if (x($f, 'src') && x($f, 'filesize')) {
$src = $f['src'];
$filename = $f['filename'];
$filesize = $f['filesize'];
$type = $f['type'];
} else {
if (!x($_FILES, 'userfile')) {
$ret['message'] = t('No source file.');
return $ret;
}
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
}
}
$existing_size = 0;
if ($options === 'replace') {
$x = q("select id, hash, filesize from attach where id = %d and uid = %d limit 1", intval($arr['id']), intval($channel_id));
if (!$x) {
$ret['message'] = t('Cannot locate file to replace');
return $ret;
}
$existing_id = $x[0]['id'];
$existing_size = intval($x[0]['filesize']);
$hash = $x[0]['hash'];
}
if ($options === 'revise' || $options === 'update') {
$sql_options = " order by revision desc ";
if ($options === 'update' && $arr && array_key_exists('revision', $arr)) {
$sql_options = " and revision = " . intval($arr['revision']) . " ";
}
$x = q("select id, aid, uid, filename, filetype, filesize, hash, revision, folder, os_storage, is_photo, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where hash = '%s' and uid = %d {$sql_options} limit 1", dbesc($arr['hash']), intval($channel_id));
if (!$x) {
$ret['message'] = t('Cannot locate file to revise/update');
return $ret;
}
$hash = $x[0]['hash'];
}
$def_extension = '';
$is_photo = 0;
$gis = @getimagesize($src);
logger('getimagesize: ' . print_r($gis, true), LOGGER_DATA);
if ($gis && ($gis[2] === IMAGETYPE_GIF || $gis[2] === IMAGETYPE_JPEG || $gis[2] === IMAGETYPE_PNG)) {
$is_photo = 1;
if ($gis[2] === IMAGETYPE_GIF) {
$def_extension = '.gif';
}
if ($gis[2] === IMAGETYPE_JPEG) {
$def_extension = '.jpg';
}
if ($gis[2] === IMAGETYPE_PNG) {
$def_extension = '.png';
}
}
$pathname = '';
if ($is_photo) {
if ($newalbum) {
$pathname = filepath_macro($newalbum);
} elseif (array_key_exists('folder', $arr)) {
$x = q("select filename from attach where hash = '%s' and uid = %d limit 1", dbesc($arr['folder']), intval($channel['channel_id']));
if ($x) {
$pathname = $x[0]['filename'];
}
} else {
$pathname = filepath_macro($album);
}
} else {
$pathname = filepath_macro($upload_path);
}
$darr = array('pathname' => $pathname);
// if we need to create a directory, use the channel default permissions.
$darr['allow_cid'] = $channel['allow_cid'];
$darr['allow_gid'] = $channel['allow_gid'];
$darr['deny_cid'] = $channel['deny_cid'];
$darr['deny_gid'] = $channel['deny_gid'];
$direct = null;
if ($pathname) {
$x = attach_mkdirp($channel, $observer_hash, $darr);
$folder_hash = $x['success'] ? $x['data']['hash'] : '';
$direct = $x['success'] ? $x['data'] : null;
if (!$str_contact_allow && !$str_group_allow && !$str_contact_deny && !$str_group_deny) {
$str_contact_allow = $x['data']['allow_cid'];
$str_group_allow = $x['data']['allow_gid'];
$str_contact_deny = $x['data']['deny_cid'];
$str_group_deny = $x['data']['deny_gid'];
}
} else {
$folder_hash = $arr && array_key_exists('folder', $arr) ? $arr['folder'] : '';
}
if (!$options || $options === 'import') {
// A freshly uploaded file. Check for duplicate and resolve with the channel's overwrite settings.
$r = q("select filename, id, hash, filesize from attach where filename = '%s' and folder = '%s' ", dbesc($filename), dbesc($folder_hash));
if ($r) {
$overwrite = get_pconfig($channel_id, 'system', 'overwrite_dup_files');
if ($overwrite) {
$options = 'replace';
$existing_id = $x[0]['id'];
$existing_size = intval($x[0]['filesize']);
$hash = $x[0]['hash'];
} else {
if (strpos($filename, '.') !== false) {
$basename = substr($filename, 0, strrpos($filename, '.'));
$ext = substr($filename, strrpos($filename, '.'));
} else {
$basename = $filename;
$ext = $def_extension;
}
$r = q("select filename from attach where ( filename = '%s' OR filename like '%s' ) and folder = '%s' ", dbesc($basename . $ext), dbesc($basename . '(%)' . $ext), dbesc($folder_hash));
if ($r) {
$x = 1;
do {
$found = false;
foreach ($r as $rr) {
if ($rr['filename'] === $basename . '(' . $x . ')' . $ext) {
$found = true;
break;
}
}
if ($found) {
$x++;
}
} while ($found);
$filename = $basename . '(' . $x . ')' . $ext;
} else {
$filename = $basename . $ext;
}
}
}
}
if (!$hash) {
$hash = random_string();
}
// Check storage limits
if ($options !== 'update') {
$maxfilesize = get_config('system', 'maxfilesize');
if ($maxfilesize && $filesize > $maxfilesize) {
$ret['message'] = sprintf(t('File exceeds size limit of %d'), $maxfilesize);
if ($remove_when_processed) {
@unlink($src);
}
call_hooks('photo_upload_end', $ret);
return $ret;
}
$limit = service_class_fetch($channel_id, 'attach_upload_limit');
if ($limit !== false) {
$r = q("select sum(filesize) as total from attach where aid = %d ", intval($channel['channel_account_id']));
if ($r && $r[0]['total'] + $filesize > $limit - $existing_size) {
$ret['message'] = upgrade_message(true) . sprintf(t("You have reached your limit of %1\$.0f Mbytes attachment storage."), $limit / 1024000);
if ($remove_when_processed) {
@unlink($src);
}
call_hooks('photo_upload_end', $ret);
return $ret;
}
}
$mimetype = isset($type) && $type ? $type : z_mime_content_type($filename);
}
$os_basepath = 'store/' . $channel['channel_address'] . '/';
$os_relpath = '';
if ($folder_hash) {
$curr = find_folder_hash_by_attach_hash($channel_id, $folder_hash, true);
if ($curr) {
$os_relpath .= $curr . '/';
}
$os_relpath .= $folder_hash . '/';
}
$os_relpath .= $hash;
if ($src) {
@file_put_contents($os_basepath . $os_relpath, @file_get_contents($src));
}
if (array_key_exists('created', $arr)) {
$created = $arr['created'];
} else {
$created = datetime_convert();
}
if (array_key_exists('edited', $arr)) {
$edited = $arr['edited'];
} else {
$edited = $created;
}
if ($options === 'replace') {
$r = q("update attach set filename = '%s', filetype = '%s', folder = '%s', filesize = %d, os_storage = %d, is_photo = %d, data = '%s', edited = '%s' where id = %d and uid = %d", dbesc($filename), dbesc($mimetype), dbesc($folder_hash), intval($filesize), intval(1), intval($is_photo), dbesc($os_relpath), dbesc($created), intval($existing_id), intval($channel_id));
} elseif ($options === 'revise') {
$r = q("insert into attach ( aid, uid, hash, creator, filename, filetype, folder, filesize, revision, os_storage, is_photo, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($x[0]['aid']), intval($channel_id), dbesc($x[0]['hash']), dbesc($observer_hash), dbesc($filename), dbesc($mimetype), dbesc($folder_hash), intval($filesize), intval($x[0]['revision'] + 1), intval(1), intval($is_photo), dbesc($os_relpath), dbesc($created), dbesc($created), dbesc($x[0]['allow_cid']), dbesc($x[0]['allow_gid']), dbesc($x[0]['deny_cid']), dbesc($x[0]['deny_gid']));
} elseif ($options === 'update') {
$r = q("update attach set filename = '%s', filetype = '%s', folder = '%s', edited = '%s', os_storage = %d, is_photo = %d, \n\t\t\tallow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d", dbesc(array_key_exists('filename', $arr) ? $arr['filename'] : $x[0]['filename']), dbesc(array_key_exists('filetype', $arr) ? $arr['filetype'] : $x[0]['filetype']), dbesc($folder_hash ? $folder_hash : $x[0]['folder']), dbesc($created), dbesc(array_key_exists('os_storage', $arr) ? $arr['os_storage'] : $x[0]['os_storage']), dbesc(array_key_exists('is_photo', $arr) ? $arr['is_photo'] : $x[0]['is_photo']), dbesc(array_key_exists('allow_cid', $arr) ? $arr['allow_cid'] : $x[0]['allow_cid']), dbesc(array_key_exists('allow_gid', $arr) ? $arr['allow_gid'] : $x[0]['allow_gid']), dbesc(array_key_exists('deny_cid', $arr) ? $arr['deny_cid'] : $x[0]['deny_cid']), dbesc(array_key_exists('deny_gid', $arr) ? $arr['deny_gid'] : $x[0]['deny_gid']), intval($x[0]['id']), intval($x[0]['uid']));
} else {
$r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, folder, filesize, revision, os_storage, is_photo, data, created, edited, allow_cid, allow_gid,deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel_id), dbesc($hash), dbesc(get_observer_hash()), dbesc($filename), dbesc($mimetype), dbesc($folder_hash), intval($filesize), intval(0), intval(1), intval($is_photo), dbesc($os_relpath), dbesc($created), dbesc($created), dbesc($arr && array_key_exists('allow_cid', $arr) ? $arr['allow_cid'] : $str_contact_allow), dbesc($arr && array_key_exists('allow_gid', $arr) ? $arr['allow_gid'] : $str_group_allow), dbesc($arr && array_key_exists('deny_cid', $arr) ? $arr['deny_cid'] : $str_contact_deny), dbesc($arr && array_key_exists('deny_gid', $arr) ? $arr['deny_gid'] : $str_group_deny));
}
if ($is_photo) {
$args = array('source' => $source, 'visible' => $visible, 'resource_id' => $hash, 'album' => basename($pathname), 'os_path' => $os_basepath . $os_relpath, 'filename' => $filename, 'getimagesize' => $gis, 'directory' => $direct);
if ($arr['contact_allow']) {
$args['contact_allow'] = $arr['contact_allow'];
}
if ($arr['group_allow']) {
$args['group_allow'] = $arr['group_allow'];
}
if ($arr['contact_deny']) {
$args['contact_deny'] = $arr['contact_deny'];
}
if ($arr['group_deny']) {
$args['group_deny'] = $arr['group_deny'];
}
if (array_key_exists('allow_cid', $arr)) {
$args['allow_cid'] = $arr['allow_cid'];
}
if (array_key_exists('allow_gid', $arr)) {
$args['allow_gid'] = $arr['allow_gid'];
}
if (array_key_exists('deny_cid', $arr)) {
$args['deny_cid'] = $arr['deny_cid'];
}
if (array_key_exists('deny_gid', $arr)) {
$args['deny_gid'] = $arr['deny_gid'];
}
$args['created'] = $created;
$args['edited'] = $edited;
if ($arr['item']) {
$args['item'] = $arr['item'];
}
$p = photo_upload($channel, $observer, $args);
if ($p['success']) {
$ret['body'] = $p['body'];
}
}
if ($options !== 'update' && $remove_when_processed) {
@unlink($src);
}
if (!$r) {
$ret['message'] = t('File upload failed. Possible system limit or action terminated.');
call_hooks('photo_upload_end', $ret);
return $ret;
}
// Caution: This re-uses $sql_options set further above
$r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, os_storage, is_photo, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' {$sql_options} limit 1", intval($channel_id), dbesc($hash));
if (!$r) {
$ret['message'] = t('Stored file could not be verified. Upload failed.');
call_hooks('photo_upload_end', $ret);
return $ret;
}
$ret['success'] = true;
$ret['data'] = $r[0];
if (!$is_photo) {
// This would've been called already with a success result in photos_upload() if it was a photo.
call_hooks('photo_upload_end', $ret);
}
return $ret;
}
function photos_content(&$a)
{
// URLs:
// photos/name
// photos/name/album/xxxxx (xxxxx is album name)
// photos/name/image/xxxxx
if (get_config('system', 'block_public') && !local_channel() && !remote_channel()) {
notice(t('Public access denied.') . EOL);
return;
}
$unsafe = array_key_exists('unsafe', $_REQUEST) && $_REQUEST['unsafe'] ? 1 : 0;
require_once 'include/bbcode.php';
require_once 'include/security.php';
require_once 'include/conversation.php';
if (!x($a->data, 'channel')) {
notice(t('No photos selected') . EOL);
return;
}
$ph = photo_factory('');
$phototypes = $ph->supportedTypes();
$_SESSION['photo_return'] = $a->cmd;
//
// Parse arguments
//
$can_comment = perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'post_comments');
if (argc() > 3) {
$datatype = argv(2);
$datum = argv(3);
} else {
if (argc() > 2) {
$datatype = argv(2);
$datum = '';
} else {
$datatype = 'summary';
}
}
if (argc() > 4) {
$cmd = argv(4);
} else {
$cmd = 'view';
}
//
// Setup permissions structures
//
$can_post = false;
$visitor = 0;
$owner_uid = $a->data['channel']['channel_id'];
$owner_aid = $a->data['channel']['channel_account_id'];
$observer = $a->get_observer();
$can_post = perm_is_allowed($owner_uid, $observer['xchan_hash'], 'write_storage');
$can_view = perm_is_allowed($owner_uid, $observer['xchan_hash'], 'view_storage');
if (!$can_view) {
notice(t('Access to this item is restricted.') . EOL);
return;
}
$sql_extra = permissions_sql($owner_uid);
$o = "";
$o .= "<script> var profile_uid = " . $a->profile['profile_uid'] . "; var netargs = '?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n";
// tabs
$_is_owner = local_channel() && local_channel() == $owner_uid;
$o .= profile_tabs($a, $_is_owner, $a->data['channel']['channel_address']);
/**
* Display upload form
*/
if ($can_post) {
$uploader = '';
$ret = array('post_url' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'], 'addon_text' => $uploader, 'default_upload' => true);
call_hooks('photo_upload_form', $ret);
/* Show space usage */
$r = q("select sum(size) as total from photo where aid = %d and scale = 0 ", intval($a->data['channel']['channel_account_id']));
$limit = service_class_fetch($a->data['channel']['channel_id'], 'photo_upload_limit');
if ($limit !== false) {
$usage_message = sprintf(t("%1\$.2f MB of %2\$.2f MB photo storage used."), $r[0]['total'] / 1024000, $limit / 1024000);
} else {
$usage_message = sprintf(t('%1$.2f MB photo storage used.'), $r[0]['total'] / 1024000);
}
if ($_is_owner) {
$channel = $a->get_channel();
$acl = new AccessList($channel);
$channel_acl = $acl->get();
$lockstate = $acl->is_private() ? 'lock' : 'unlock';
}
$aclselect = $_is_owner ? populate_acl($channel_acl, false) : '';
$selname = $datum ? hex2bin($datum) : '';
$albums = array_key_exists('albums', $a->data) ? $a->data['albums'] : photos_albums_list($a->data['channel'], $a->data['observer']);
if (!$selname) {
$def_album = get_pconfig($a->data['channel']['channel_id'], 'system', 'photo_path');
if ($def_album) {
$selname = filepath_macro($def_album);
$albums['album'][] = array('text' => $selname);
}
}
$tpl = get_markup_template('photos_upload.tpl');
$upload_form = replace_macros($tpl, array('$pagename' => t('Upload Photos'), '$sessid' => session_id(), '$usage' => $usage_message, '$nickname' => $a->data['channel']['channel_address'], '$newalbum_label' => t('Enter an album name'), '$newalbum_placeholder' => t('or select an existing album (doubleclick)'), '$visible' => array('visible', t('Create a status post for this upload'), 0, '', array(t('No'), t('Yes'))), '$albums' => $albums['albums'], '$selname' => $selname, '$permissions' => t('Permissions'), '$aclselect' => $aclselect, '$lockstate' => $lockstate, '$uploader' => $ret['addon_text'], '$default' => $ret['default_upload'] ? true : false, '$uploadurl' => $ret['post_url'], '$submit' => t('Submit')));
}
//
// dispatch request
//
/*
* Display a single photo album
*/
if ($datatype === 'album') {
if (strlen($datum)) {
if (strlen($datum) & 1 || !ctype_xdigit($datum)) {
notice(t('Album name could not be decoded') . EOL);
logger('mod_photos: illegal album encoding: ' . $datum);
$datum = '';
}
}
$album = $datum ? hex2bin($datum) : '';
$r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' \n\t\t\tAND `scale` <= 4 and photo_usage IN ( %d, %d ) and is_nsfw = %d {$sql_extra} GROUP BY `resource_id`", intval($owner_uid), dbesc($album), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval($unsafe));
if (count($r)) {
$a->set_pager_total(count($r));
$a->set_pager_itemspage(60);
} else {
goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address']);
}
if ($_GET['order'] === 'posted') {
$order = 'ASC';
} else {
$order = 'DESC';
}
$r = q("SELECT p.resource_id, p.id, p.filename, p.type, p.scale, p.description, p.created FROM photo p INNER JOIN\n\t\t\t\t(SELECT resource_id, max(scale) scale FROM photo WHERE uid = %d AND album = '%s' AND scale <= 4 AND photo_usage IN ( %d, %d ) and is_nsfw = %d {$sql_extra} GROUP BY resource_id) ph \n\t\t\t\tON (p.resource_id = ph.resource_id AND p.scale = ph.scale)\n\t\t\tORDER BY created {$order} LIMIT %d OFFSET %d", intval($owner_uid), dbesc($album), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval($unsafe), intval($a->pager['itemspage']), intval($a->pager['start']));
//edit album name
$album_edit = null;
if ($album !== t('Profile Photos') && $album !== 'Profile Photos' && $album !== 'Contact Photos' && $album !== t('Contact Photos')) {
if ($can_post) {
if ($a->get_template_engine() === 'internal') {
$album_e = template_escape($album);
} else {
$album_e = $album;
}
$albums = array_key_exists('albums', $a->data) ? $a->data['albums'] : photos_albums_list($a->data['channel'], $a->data['observer']);
// @fixme - syncronise actions with DAV
// $edit_tpl = get_markup_template('album_edit.tpl');
// $album_edit = replace_macros($edit_tpl,array(
// '$nametext' => t('Enter a new album name'),
// '$name_placeholder' => t('or select an existing one (doubleclick)'),
// '$nickname' => $a->data['channel']['channel_address'],
// '$album' => $album_e,
// '$albums' => $albums['albums'],
// '$hexalbum' => bin2hex($album),
// '$submit' => t('Submit'),
// '$dropsubmit' => t('Delete Album')
// ));
}
}
if ($_GET['order'] === 'posted') {
$order = array(t('Show Newest First'), $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($album));
} else {
$order = array(t('Show Oldest First'), $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($album) . '?f=&order=posted');
}
$photos = array();
if (count($r)) {
$twist = 'rotright';
foreach ($r as $rr) {
if ($twist == 'rotright') {
$twist = 'rotleft';
} else {
$twist = 'rotright';
}
$ext = $phototypes[$rr['type']];
$imgalt_e = $rr['filename'];
$desc_e = $rr['description'];
$imagelink = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $rr['resource_id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : '');
$photos[] = array('id' => $rr['id'], 'twist' => ' ' . $twist . rand(2, 4), 'link' => $imagelink, 'title' => t('View Photo'), 'src' => $a->get_baseurl() . '/photo/' . $rr['resource_id'] . '-' . $rr['scale'] . '.' . $ext, 'alt' => $imgalt_e, 'desc' => $desc_e, 'ext' => $ext, 'hash' => $rr['resource_id'], 'unknown' => t('Unknown'));
}
}
if ($_REQUEST['aj']) {
if ($photos) {
$o = replace_macros(get_markup_template('photosajax.tpl'), array('$photos' => $photos));
} else {
$o = '<div id="content-complete"></div>';
}
echo $o;
killme();
} else {
$o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
$tpl = get_markup_template('photo_album.tpl');
$o .= replace_macros($tpl, array('$photos' => $photos, '$album' => $album, '$album_edit' => array(t('Edit Album'), $album_edit), '$can_post' => $can_post, '$upload' => array(t('Upload'), $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/upload/' . bin2hex($album)), '$order' => $order, '$upload_form' => $upload_form, '$usage' => $usage_message));
}
if (!$photos && $_REQUEST['aj']) {
$o .= '<div id="content-complete"></div>';
echo $o;
killme();
}
// $o .= paginate($a);
return $o;
}
/**
* Display one photo
*/
if ($datatype === 'image') {
// fetch image, item containing image, then comments
$ph = q("SELECT id,aid,uid,xchan,resource_id,created,edited,title,`description`,album,filename,`type`,height,width,`size`,scale,photo_usage,is_nsfw,allow_cid,allow_gid,deny_cid,deny_gid FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s' \n\t\t\t{$sql_extra} ORDER BY `scale` ASC ", intval($owner_uid), dbesc($datum));
if (!$ph) {
/* Check again - this time without specifying permissions */
$ph = q("SELECT id FROM photo WHERE uid = %d AND resource_id = '%s' LIMIT 1", intval($owner_uid), dbesc($datum));
if ($ph) {
notice(t('Permission denied. Access to this item may be restricted.') . EOL);
} else {
notice(t('Photo not available') . EOL);
}
return;
}
$prevlink = '';
$nextlink = '';
if ($_GET['order'] === 'posted') {
$order = 'ASC';
} else {
$order = 'DESC';
}
$prvnxt = q("SELECT `resource_id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0 \n\t\t\t{$sql_extra} ORDER BY `created` {$order} ", dbesc($ph[0]['album']), intval($owner_uid));
if (count($prvnxt)) {
for ($z = 0; $z < count($prvnxt); $z++) {
if ($prvnxt[$z]['resource_id'] == $ph[0]['resource_id']) {
$prv = $z - 1;
$nxt = $z + 1;
if ($prv < 0) {
$prv = count($prvnxt) - 1;
}
if ($nxt >= count($prvnxt)) {
$nxt = 0;
}
break;
}
}
$prevlink = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $prvnxt[$prv]['resource_id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : '');
$nextlink = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $prvnxt[$nxt]['resource_id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : '');
}
if (count($ph) == 1) {
$hires = $lores = $ph[0];
}
if (count($ph) > 1) {
if ($ph[1]['scale'] == 2) {
// original is 640 or less, we can display it directly
$hires = $lores = $ph[0];
} else {
$hires = $ph[0];
$lores = $ph[1];
}
}
$album_link = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($ph[0]['album']);
$tools = Null;
$lock = Null;
if ($can_post && $ph[0]['uid'] == $owner_uid) {
$tools = array('profile' => array($a->get_baseurl() . '/profile_photo/use/' . $ph[0]['resource_id'], t('Use as profile photo')));
}
// lockstate
$lockstate = strlen($ph[0]['allow_cid']) || strlen($ph[0]['allow_gid']) || strlen($ph[0]['deny_cid']) || strlen($ph[0]['deny_gid']) ? array('lock', t('Private Photo')) : array('unlock', Null);
$a->page['htmlhead'] .= '<script>$(document).keydown(function(event) {' . "\n";
if ($prevlink) {
$a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 37) { event.preventDefault(); window.location.href = \'' . $prevlink . '\'; }' . "\n";
}
if ($nextlink) {
$a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 39) { event.preventDefault(); window.location.href = \'' . $nextlink . '\'; }' . "\n";
}
$a->page['htmlhead'] .= '});</script>';
if ($prevlink) {
$prevlink = array($prevlink, t('Previous'));
}
$photo = array('href' => $a->get_baseurl() . '/photo/' . $hires['resource_id'] . '-' . $hires['scale'] . '.' . $phototypes[$hires['type']], 'title' => t('View Full Size'), 'src' => $a->get_baseurl() . '/photo/' . $lores['resource_id'] . '-' . $lores['scale'] . '.' . $phototypes[$lores['type']] . '?f=&_u=' . datetime_convert('', '', '', 'ymdhis'));
if ($nextlink) {
$nextlink = array($nextlink, t('Next'));
}
// Do we have an item for this photo?
$linked_items = q("SELECT * FROM item WHERE resource_id = '%s' and resource_type = 'photo' \n\t\t\t{$sql_extra} LIMIT 1", dbesc($datum));
$map = null;
if ($linked_items) {
xchan_query($linked_items);
$linked_items = fetch_post_tags($linked_items, true);
$link_item = $linked_items[0];
$item_normal = item_normal();
$r = q("select * from item where parent_mid = '%s' \n\t\t\t\t{$item_normal} and uid = %d {$sql_extra} ", dbesc($link_item['mid']), intval($link_item['uid']));
if ($r) {
xchan_query($r);
$r = fetch_post_tags($r, true);
$r = conv_sort($r, 'commented');
}
$tags = array();
if ($link_item['term']) {
$cnt = 0;
foreach ($link_item['term'] as $t) {
$tags[$cnt] = array(0 => format_term_for_display($t));
if ($can_post && $ph[0]['uid'] == $owner_uid) {
$tags[$cnt][1] = 'tagrm/drop/' . $link_item['id'] . '/' . bin2hex($t['term']);
//?f=&item=' . $link_item['id'];
$tags[$cnt][2] = t('Remove');
}
$cnt++;
}
}
if (local_channel() && local_channel() == $link_item['uid']) {
q("UPDATE `item` SET item_unseen = 0 WHERE parent = %d and uid = %d and item_unseen = 1", intval($link_item['parent']), intval(local_channel()));
}
if ($link_item['coord']) {
$map = generate_map($link_item['coord']);
}
}
// logger('mod_photo: link_item' . print_r($link_item,true));
// FIXME - remove this when we move to conversation module
$r = $r[0]['children'];
$edit = null;
if ($can_post) {
$album_e = $ph[0]['album'];
$caption_e = $ph[0]['description'];
$aclselect_e = $_is_owner ? populate_acl($ph[0]) : '';
$albums = array_key_exists('albums', $a->data) ? $a->data['albums'] : photos_albums_list($a->data['channel'], $a->data['observer']);
$_SESSION['album_return'] = bin2hex($ph[0]['album']);
$edit = array('edit' => t('Edit photo'), 'id' => $link_item['id'], 'rotatecw' => t('Rotate CW (right)'), 'rotateccw' => t('Rotate CCW (left)'), 'albums' => $albums['albums'], 'album' => $album_e, 'newalbum_label' => t('Enter a new album name'), 'newalbum_placeholder' => t('or select an existing one (doubleclick)'), 'nickname' => $a->data['channel']['channel_address'], 'resource_id' => $ph[0]['resource_id'], 'capt_label' => t('Caption'), 'caption' => $caption_e, 'tag_label' => t('Add a Tag'), 'permissions' => t('Permissions'), 'aclselect' => $aclselect_e, 'lockstate' => $lockstate[0], 'help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com'), 'item_id' => count($linked_items) ? $link_item['id'] : 0, 'adult_enabled' => feature_enabled($owner_uid, 'adult_photo_flagging'), 'adult' => array('adult', t('Flag as adult in album view'), intval($ph[0]['is_nsfw']), ''), 'submit' => t('Submit'), 'delete' => t('Delete Photo'));
}
if (count($linked_items)) {
$cmnt_tpl = get_markup_template('comment_item.tpl');
$tpl = get_markup_template('photo_item.tpl');
$return_url = $a->cmd;
$like_tpl = get_markup_template('like_noshare.tpl');
$likebuttons = '';
if ($can_post || $can_comment) {
$likebuttons = array('id' => $link_item['id'], 'likethis' => t("I like this (toggle)"), 'nolike' => t("I don't like this (toggle)"), 'share' => t('Share'), 'wait' => t('Please wait'));
}
$comments = '';
if (!count($r)) {
if ($can_post || $can_comment) {
$commentbox = replace_macros($cmnt_tpl, array('$return_path' => '', '$mode' => 'photos', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $observer['xchan_url'], '$mytitle' => t('This is you'), '$myphoto' => $observer['xchan_photo_s'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), '$ww' => '', '$feature_encrypt' => false));
}
}
$alike = array();
$dlike = array();
$like = '';
$dislike = '';
$conv_responses = array('like' => array('title' => t('Likes', 'title')), 'dislike' => array('title' => t('Dislikes', 'title')), 'agree' => array('title' => t('Agree', 'title')), 'disagree' => array('title' => t('Disagree', 'title')), 'abstain' => array('title' => t('Abstain', 'title')), 'attendyes' => array('title' => t('Attending', 'title')), 'attendno' => array('title' => t('Not attending', 'title')), 'attendmaybe' => array('title' => t('Might attend', 'title')));
if ($r) {
foreach ($r as $item) {
builtin_activity_puller($item, $conv_responses);
}
$like_count = x($alike, $link_item['mid']) ? $alike[$link_item['mid']] : '';
$like_list = x($alike, $link_item['mid']) ? $alike[$link_item['mid'] . '-l'] : '';
if (count($like_list) > MAX_LIKERS) {
$like_list_part = array_slice($like_list, 0, MAX_LIKERS);
array_push($like_list_part, '<a href="#" data-toggle="modal" data-target="#likeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
} else {
$like_list_part = '';
}
$like_button_label = tt('Like', 'Likes', $like_count, 'noun');
//if (feature_enabled($conv->get_profile_owner(),'dislike')) {
$dislike_count = x($dlike, $link_item['mid']) ? $dlike[$link_item['mid']] : '';
$dislike_list = x($dlike, $link_item['mid']) ? $dlike[$link_item['mid'] . '-l'] : '';
$dislike_button_label = tt('Dislike', 'Dislikes', $dislike_count, 'noun');
if (count($dislike_list) > MAX_LIKERS) {
$dislike_list_part = array_slice($dislike_list, 0, MAX_LIKERS);
array_push($dislike_list_part, '<a href="#" data-toggle="modal" data-target="#dislikeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
} else {
$dislike_list_part = '';
}
//}
$like = isset($alike[$link_item['mid']]) ? format_like($alike[$link_item['mid']], $alike[$link_item['mid'] . '-l'], 'like', $link_item['mid']) : '';
$dislike = isset($dlike[$link_item['mid']]) ? format_like($dlike[$link_item['mid']], $dlike[$link_item['mid'] . '-l'], 'dislike', $link_item['mid']) : '';
// display comments
foreach ($r as $item) {
$comment = '';
$template = $tpl;
$sparkle = '';
if ((activity_match($item['verb'], ACTIVITY_LIKE) || activity_match($item['verb'], ACTIVITY_DISLIKE)) && $item['id'] != $item['parent']) {
continue;
}
$redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'];
$profile_url = zid($item['author']['xchan_url']);
$sparkle = '';
$profile_name = $item['author']['xchan_name'];
$profile_avatar = $item['author']['xchan_photo_m'];
$profile_link = $profile_url;
$drop = '';
if ($observer['xchan_hash'] === $item['author_xchan'] || $observer['xchan_hash'] === $item['owner_xchan']) {
$drop = replace_macros(get_markup_template('photo_drop.tpl'), array('$id' => $item['id'], '$delete' => t('Delete')));
}
$name_e = $profile_name;
$title_e = $item['title'];
unobscure($item);
$body_e = prepare_text($item['body'], $item['mimetype']);
$comments .= replace_macros($template, array('$id' => $item['id'], '$mode' => 'photos', '$profile_url' => $profile_link, '$name' => $name_e, '$thumb' => $profile_avatar, '$sparkle' => $sparkle, '$title' => $title_e, '$body' => $body_e, '$ago' => relative_date($item['created']), '$indent' => $item['parent'] != $item['id'] ? ' comment' : '', '$drop' => $drop, '$comment' => $comment));
}
if ($can_post || $can_comment) {
$commentbox = replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $observer['xchan_url'], '$mytitle' => t('This is you'), '$myphoto' => $observer['xchan_photo_s'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$ww' => ''));
}
}
$paginate = paginate($a);
}
$album_e = array($album_link, $ph[0]['album']);
$like_e = $like;
$dislike_e = $dislike;
$response_verbs = array('like');
if (feature_enabled($owner_uid, 'dislike')) {
$response_verbs[] = 'dislike';
}
$responses = get_responses($conv_responses, $response_verbs, '', $link_item);
$photo_tpl = get_markup_template('photo_view.tpl');
$o .= replace_macros($photo_tpl, array('$id' => $ph[0]['id'], '$album' => $album_e, '$tools' => $tools, '$lock' => $lockstate[1], '$photo' => $photo, '$prevlink' => $prevlink, '$nextlink' => $nextlink, '$desc' => $ph[0]['description'], '$filename' => $ph[0]['filename'], '$unknown' => t('Unknown'), '$tag_hdr' => t('In This Photo:'), '$tags' => $tags, 'responses' => $responses, '$edit' => $edit, '$map' => $map, '$map_text' => t('Map'), '$likebuttons' => $likebuttons, '$like' => $like_e, '$dislike' => $dislike_e, '$like_count' => $like_count, '$like_list' => $like_list, '$like_list_part' => $like_list_part, '$like_button_label' => $like_button_label, '$like_modal_title' => t('Likes', 'noun'), '$dislike_modal_title' => t('Dislikes', 'noun'), '$dislike_count' => $dislike_count, '$dislike_list' => $dislike_list, '$dislike_list_part' => $dislike_list_part, '$dislike_button_label' => $dislike_button_label, '$modal_dismiss' => t('Close'), '$comments' => $comments, '$commentbox' => $commentbox, '$paginate' => $paginate));
$a->data['photo_html'] = $o;
return $o;
}
// Default - show recent photos with upload link (if applicable)
//$o = '';
$r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' \n\t\tand photo_usage in ( %d, %d ) and is_nsfw = %d {$sql_extra} GROUP BY `resource_id`", intval($a->data['channel']['channel_id']), dbesc('Contact Photos'), dbesc(t('Contact Photos')), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval($unsafe));
if (count($r)) {
$a->set_pager_total(count($r));
$a->set_pager_itemspage(60);
}
$r = q("SELECT p.resource_id, p.id, p.filename, p.type, p.album, p.scale, p.created FROM photo p INNER JOIN \n\t\t(SELECT resource_id, max(scale) scale FROM photo \n\t\t\tWHERE uid=%d AND album != '%s' AND album != '%s' \n\t\t\tAND photo_usage IN ( %d, %d ) and is_nsfw = %d {$sql_extra} group by resource_id) ph \n\t\tON (p.resource_id = ph.resource_id and p.scale = ph.scale) ORDER by p.created DESC LIMIT %d OFFSET %d", intval($a->data['channel']['channel_id']), dbesc('Contact Photos'), dbesc(t('Contact Photos')), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval($unsafe), intval($a->pager['itemspage']), intval($a->pager['start']));
$photos = array();
if (count($r)) {
$twist = 'rotright';
foreach ($r as $rr) {
if ($twist == 'rotright') {
$twist = 'rotleft';
} else {
$twist = 'rotright';
}
$ext = $phototypes[$rr['type']];
if ($a->get_template_engine() === 'internal') {
$alt_e = template_escape($rr['filename']);
$name_e = template_escape($rr['album']);
} else {
$alt_e = $rr['filename'];
$name_e = $rr['album'];
}
$photos[] = array('id' => $rr['id'], 'twist' => ' ' . $twist . rand(2, 4), 'link' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $rr['resource_id'], 'title' => t('View Photo'), 'src' => $a->get_baseurl() . '/photo/' . $rr['resource_id'] . '-' . ($rr['scale'] == 6 ? 4 : $rr['scale']) . '.' . $ext, 'alt' => $alt_e, 'album' => array('link' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($rr['album']), 'name' => $name_e, 'alt' => t('View Album')));
}
}
if ($_REQUEST['aj']) {
if ($photos) {
$o = replace_macros(get_markup_template('photosajax.tpl'), array('$photos' => $photos));
} else {
$o = '<div id="content-complete"></div>';
}
echo $o;
killme();
} else {
$o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
$tpl = get_markup_template('photos_recent.tpl');
$o .= replace_macros($tpl, array('$title' => t('Recent Photos'), '$can_post' => $can_post, '$upload' => array(t('Upload'), $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/upload'), '$photos' => $photos, '$upload_form' => $upload_form, '$usage' => $usage_message));
}
if (!$photos && $_REQUEST['aj']) {
$o .= '<div id="content-complete"></div>';
echo $o;
killme();
}
// paginate($a);
return $o;
}
function item_check_service_class($channel_id, $iswebpage)
{
$ret = array('success' => false, 'message' => '');
if ($iswebpage) {
$r = q("select count(i.id) as total from item i \n\t\t\tright join channel c on (i.author_xchan=c.channel_hash and i.uid=c.channel_id ) \n\t\t\tand i.parent=i.id and i.item_type = %d and i.item_deleted = 0 and i.uid= %d ", intval(ITEM_TYPE_WEBPAGE), intval($channel_id));
} else {
$r = q("select count(id) as total from item where parent = id and item_wall = 1 and uid = %d " . item_normal(), intval($channel_id));
}
if (!$r) {
$ret['message'] = t('Unable to obtain post information from database.');
return $ret;
}
if (!$iswebpage) {
$max = service_class_fetch($channel_id, 'total_items');
if (!service_class_allows($channel_id, 'total_items', $r[0]['total'])) {
$result['message'] .= upgrade_message() . sprintf(t('You have reached your limit of %1$.0f top level posts.'), $max);
return $result;
}
} else {
$max = service_class_fetch($channel_id, 'total_pages');
if (!service_class_allows($channel_id, 'total_pages', $r[0]['total'])) {
$result['message'] .= upgrade_message() . sprintf(t('You have reached your limit of %1$.0f webpages.'), $max);
return $result;
}
}
$ret['success'] = true;
return $ret;
}
/**
* @brief Return quota usage.
*
* @fixme Should guests relly see the used/free values from filesystem of the
* complete store directory?
*
* @return array with used and free values in bytes.
*/
public function getQuotaInfo()
{
// values from the filesystem of the complete <i>store/</i> directory
$limit = disk_total_space('store');
$free = disk_free_space('store');
if ($this->auth->owner_id) {
$c = q("select * from channel where channel_id = %d and channel_removed = 0 limit 1", intval($this->auth->owner_id));
$ulimit = engr_units_to_bytes(service_class_fetch($c[0]['channel_id'], 'attach_upload_limit'));
$limit = $ulimit ? $ulimit : $limit;
$x = q("select sum(filesize) as total from attach where aid = %d", intval($c[0]['channel_account_id']));
$free = $x ? $limit - $x[0]['total'] : 0;
}
return array($limit - $free, $free);
}
function photos_content(&$a)
{
// URLs:
// photos/name
// photos/name/upload
// photos/name/upload/xxxxx (xxxxx is album name)
// photos/name/album/xxxxx
// photos/name/album/xxxxx/edit
// photos/name/image/xxxxx
// photos/name/image/xxxxx/edit
if (get_config('system', 'block_public') && !local_user() && !remote_user()) {
notice(t('Public access denied.') . EOL);
return;
}
require_once 'include/bbcode.php';
require_once 'include/security.php';
require_once 'include/conversation.php';
if (!x($a->data, 'channel')) {
notice(t('No photos selected') . EOL);
return;
}
$ph = photo_factory('');
$phototypes = $ph->supportedTypes();
$_SESSION['photo_return'] = $a->cmd;
//
// Parse arguments
//
$can_comment = perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'post_comments');
if (argc() > 3) {
$datatype = argv(2);
$datum = argv(3);
} elseif (argc() > 2 && argv(2) === 'upload') {
$datatype = 'upload';
} else {
$datatype = 'summary';
}
if (argc() > 4) {
$cmd = argv(4);
} else {
$cmd = 'view';
}
//
// Setup permissions structures
//
$can_post = false;
$visitor = 0;
$owner_uid = $a->data['channel']['channel_id'];
$owner_aid = $a->data['channel']['channel_account_id'];
$observer = $a->get_observer();
$can_post = perm_is_allowed($owner_uid, $observer['xchan_hash'], 'post_photos');
$can_view = perm_is_allowed($owner_uid, $observer['xchan_hash'], 'view_photos');
if (!$can_view) {
notice(t('Access to this item is restricted.') . EOL);
return;
}
$sql_extra = permissions_sql($owner_uid);
$o = "";
$o .= "<script> var profile_uid = " . $a->profile['profile_uid'] . "; var netargs = '?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n";
// tabs
$_is_owner = local_user() && local_user() == $owner_uid;
$o .= profile_tabs($a, $_is_owner, $a->data['channel']['channel_address']);
//
// dispatch request
//
/**
* Display upload form
*/
if ($datatype === 'upload') {
if (!$can_post) {
notice(t('Permission denied.'));
return;
}
if (array_key_exists('albums', $a->data)) {
$albums = get_app()->data['albums'];
} else {
$albums = photos_albums_list($a->data['channel'], $a->data['observer']);
}
$selname = $datum ? hex2bin($datum) : '';
$albumselect = '<select id="photos-upload-album-select" name="album" size="4">';
$albumselect .= '<option value="" ' . (!$selname ? ' selected="selected" ' : '') . '> </option>';
if (count($albums['albums'])) {
foreach ($albums['albums'] as $album) {
if (!$album['text']) {
continue;
}
$selected = $selname === $album['text'] ? ' selected="selected" ' : '';
$albumselect .= '<option value="' . $album['text'] . '"' . $selected . '>' . $album['text'] . '</option>';
}
}
$albumselect .= '</select>';
$uploader = '';
$ret = array('post_url' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'], 'addon_text' => $uploader, 'default_upload' => true);
call_hooks('photo_upload_form', $ret);
$default_upload = '<input id="photos-upload-choose" type="file" name="userfile" /> <div class="photos-upload-submit-wrapper" >
<input type="submit" name="submit" value="' . t('Submit') . '" id="photos-upload-submit" /> </div>';
/* Show space usage */
$r = q("select sum(size) as total from photo where aid = %d and scale = 0 ", intval($a->data['channel']['channel_account_id']));
$limit = service_class_fetch($a->data['channel']['channel_id'], 'photo_upload_limit');
if ($limit !== false) {
$usage_message = sprintf(t("You have used %1\$.2f Mbytes of %2\$.2f Mbytes photo storage."), $r[0]['total'] / 1024000, $limit / 1024000);
} else {
$usage_message = sprintf(t('You have used %1$.2f Mbytes of photo storage.'), $r[0]['total'] / 1024000);
}
if ($_is_owner) {
$channel = $a->get_channel();
$channel_acl = array('allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], 'deny_cid' => $channel['channel_deny_cid'], 'deny_gid' => $channel['channel_deny_gid']);
}
$albumselect_e = $albumselect;
$aclselect_e = $_is_owner ? populate_acl($channel_acl, false) : '';
$tpl = get_markup_template('photos_upload.tpl');
$o .= replace_macros($tpl, array('$pagename' => t('Upload Photos'), '$sessid' => session_id(), '$usage' => $usage_message, '$nickname' => $a->data['channel']['channel_address'], '$newalbum' => t('New album name: '), '$existalbumtext' => t('or existing album name: '), '$nosharetext' => t('Do not show a status post for this upload'), '$albumselect' => $albumselect_e, '$permissions' => t('Permissions'), '$aclselect' => $aclselect_e, '$uploader' => $ret['addon_text'], '$default' => $ret['default_upload'] ? $default_upload : '', '$uploadurl' => $ret['post_url']));
return $o;
}
/*
* Display a single photo album
*/
if ($datatype === 'album') {
if (strlen($datum) & 1 || !ctype_xdigit($datum)) {
notice(t('Album name could not be decoded') . EOL);
logger('mod_photos: illegal album encoding: ' . $datum);
$datum = '';
}
$album = hex2bin($datum);
$r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' \n\t\t\tAND `scale` <= 4 and (photo_flags = %d or photo_flags = %d ) {$sql_extra} GROUP BY `resource_id`", intval($owner_uid), dbesc($album), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE));
if (count($r)) {
$a->set_pager_total(count($r));
$a->set_pager_itemspage(60);
}
if ($_GET['order'] === 'posted') {
$order = 'ASC';
} else {
$order = 'DESC';
}
$r = q("SELECT `resource_id`, `id`, `filename`, type, max(`scale`) AS `scale`, `description` FROM `photo` WHERE `uid` = %d AND `album` = '%s' \n\t\t\tAND `scale` <= 4 and (photo_flags = %d or photo_flags = %d ) {$sql_extra} GROUP BY `resource_id` ORDER BY `created` {$order} LIMIT %d , %d", intval($owner_uid), dbesc($album), intvaL(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval($a->pager['start']), intval($a->pager['itemspage']));
$o .= '<h3>' . $album . '</h3>';
if ($cmd === 'edit') {
if ($album !== t('Profile Photos') && $album !== 'Contact Photos' && $album !== t('Contact Photos')) {
if ($can_post) {
if ($a->get_template_engine() === 'internal') {
$album_e = template_escape($album);
} else {
$album_e = $album;
}
$edit_tpl = get_markup_template('album_edit.tpl');
$o .= replace_macros($edit_tpl, array('$nametext' => t('New album name: '), '$nickname' => $a->data['channel']['channel_address'], '$album' => $album_e, '$hexalbum' => bin2hex($album), '$submit' => t('Submit'), '$dropsubmit' => t('Delete Album')));
}
}
} else {
if ($album !== t('Profile Photos') && $album !== 'Contact Photos' && $album !== t('Contact Photos')) {
if ($can_post) {
$o .= '<div id="album-edit-link"><a href="' . $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($album) . '/edit' . '">' . t('Edit Album') . '</a></div>';
}
}
}
if ($_GET['order'] === 'posted') {
$o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($album) . '" >' . t('Show Newest First') . '</a></div>';
} else {
$o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($album) . '?f=&order=posted" >' . t('Show Oldest First') . '</a></div>';
}
if ($can_post) {
$o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/upload/' . bin2hex($album) . '" >' . t('Upload New Photos') . '</a></div>';
}
$ajaxout = '';
$tpl = get_markup_template('photo_album.tpl');
if (count($r)) {
$twist = 'rotright';
$o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
$o .= '<div id="photo-album-contents">';
foreach ($r as $rr) {
if ($twist == 'rotright') {
$twist = 'rotleft';
} else {
$twist = 'rotright';
}
$ext = $phototypes[$rr['type']];
$imgalt_e = $rr['filename'];
$desc_e = $rr['description'];
// prettyphoto has potential license issues, so we can no longer include it in core
// The following lines would need to be modified so that they are provided in theme specific files
// instead of core modules for themes that wish to make use of prettyphoto. I would suggest
// the feature as a per-theme display option and putting the rel line inside a template.
// if(feature_enabled($a->data['channel']['channel_id'],'prettyphoto')){
// $imagelink = ($a->get_baseurl() . '/photo/' . $rr['resource_id'] . '.' . $ext );
// $rel=("prettyPhoto[pp_gal]");
// }
// else {
$imagelink = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $rr['resource_id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : '');
$rel = "photo";
// }
$tmp = replace_macros($tpl, array('$id' => $rr['id'], '$twist' => ' ' . $twist . rand(2, 4), '$photolink' => $imagelink, '$rel' => $rel, '$phototitle' => t('View Photo'), '$imgsrc' => $a->get_baseurl() . '/photo/' . $rr['resource_id'] . '-' . $rr['scale'] . '.' . $ext, '$imgalt' => $imgalt_e, '$desc' => $desc_e, '$ext' => $ext, '$hash' => $rr['resource_id']));
if ($_REQUEST['aj']) {
$ajaxout .= $tmp;
} else {
$o .= $tmp;
}
}
}
if ($_REQUEST['aj']) {
if (!$r) {
$ajaxout .= '<div id="content-complete"></div>';
}
echo $ajaxout;
killme();
}
$o .= '<div id="page-end"></div>';
$o .= '</div>';
// photo-album-contents
$o .= '<div id="photo-album-end"></div>';
$o .= '<script>$(document).ready(function() { loadingPage = false;});</script>';
$o .= '<div id="page-spinner"></div>';
// $o .= paginate($a);
return $o;
}
/**
* Display one photo
*/
if ($datatype === 'image') {
// fetch image, item containing image, then comments
$ph = q("SELECT aid,uid,xchan,resource_id,created,edited,title,`description`,album,filename,`type`,height,width,`size`,scale,profile,photo_flags,allow_cid,allow_gid,deny_cid,deny_gid FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s' \n\t\t\tand (photo_flags = %d or photo_flags = %d ) {$sql_extra} ORDER BY `scale` ASC ", intval($owner_uid), dbesc($datum), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE));
if (!$ph) {
/* Check again - this time without specifying permissions */
$ph = q("SELECT id FROM photo WHERE uid = %d AND resource_id = '%s' \n\t\t\t\tand ( photo_flags = %d or photo_flags = %d )\n\t\t\t\tLIMIT 1", intval($owner_uid), dbesc($datum), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE));
if ($ph) {
notice(t('Permission denied. Access to this item may be restricted.') . EOL);
} else {
notice(t('Photo not available') . EOL);
}
return;
}
$prevlink = '';
$nextlink = '';
if ($_GET['order'] === 'posted') {
$order = 'ASC';
} else {
$order = 'DESC';
}
$prvnxt = q("SELECT `resource_id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0 \n\t\t\tand ( photo_flags = %d or photo_flags = %d ) {$sql_extra} ORDER BY `created` {$order} ", dbesc($ph[0]['album']), intval($owner_uid), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE));
if (count($prvnxt)) {
for ($z = 0; $z < count($prvnxt); $z++) {
if ($prvnxt[$z]['resource_id'] == $ph[0]['resource_id']) {
$prv = $z - 1;
$nxt = $z + 1;
if ($prv < 0) {
$prv = count($prvnxt) - 1;
}
if ($nxt >= count($prvnxt)) {
$nxt = 0;
}
break;
}
}
$prevlink = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $prvnxt[$prv]['resource_id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : '');
$nextlink = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $prvnxt[$nxt]['resource_id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : '');
}
if (count($ph) == 1) {
$hires = $lores = $ph[0];
}
if (count($ph) > 1) {
if ($ph[1]['scale'] == 2) {
// original is 640 or less, we can display it directly
$hires = $lores = $ph[0];
} else {
$hires = $ph[0];
$lores = $ph[1];
}
}
$album_link = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($ph[0]['album']);
$tools = Null;
$lock = Null;
if ($can_post && $ph[0]['uid'] == $owner_uid) {
$tools = array('profile' => array($a->get_baseurl() . '/profile_photo/use/' . $ph[0]['resource_id'], t('Use as profile photo')));
// lock
$lock = $ph[0]['uid'] == local_user() && (strlen($ph[0]['allow_cid']) || strlen($ph[0]['allow_gid']) || strlen($ph[0]['deny_cid']) || strlen($ph[0]['deny_gid'])) ? t('Private Message') : Null;
}
$a->page['htmlhead'] .= '<script>$(document).keydown(function(event) {' . "\n";
if ($prevlink) {
$a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 37) { event.preventDefault(); window.location.href = \'' . $prevlink . '\'; }' . "\n";
}
if ($nextlink) {
$a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 39) { event.preventDefault(); window.location.href = \'' . $nextlink . '\'; }' . "\n";
}
$a->page['htmlhead'] .= '});</script>';
if ($prevlink) {
$prevlink = array($prevlink, '<i class="icon-backward photo-icons""></i>');
}
$photo = array('href' => $a->get_baseurl() . '/photo/' . $hires['resource_id'] . '-' . $hires['scale'] . '.' . $phototypes[$hires['type']], 'title' => t('View Full Size'), 'src' => $a->get_baseurl() . '/photo/' . $lores['resource_id'] . '-' . $lores['scale'] . '.' . $phototypes[$lores['type']] . '?f=&_u=' . datetime_convert('', '', '', 'ymdhis'));
if ($nextlink) {
$nextlink = array($nextlink, '<i class="icon-forward photo-icons"></i>');
}
// Do we have an item for this photo?
$linked_items = q("SELECT * FROM item WHERE resource_id = '%s' and resource_type = 'photo' \n\t\t\t{$sql_extra} LIMIT 1", dbesc($datum));
if ($linked_items) {
xchan_query($linked_items);
$linked_items = fetch_post_tags($linked_items, true);
$link_item = $linked_items[0];
$r = q("select * from item where parent_mid = '%s' \n\t\t\t\tand item_restrict = 0 and uid = %d {$sql_extra} ", dbesc($link_item['mid']), intval($link_item['uid']));
if ($r) {
xchan_query($r);
$r = fetch_post_tags($r, true);
$r = conv_sort($r, 'commented');
}
$tags = array();
if ($link_item['term']) {
$cnt = 0;
foreach ($link_item['term'] as $t) {
$tags[$cnt] = array(0 => format_term_for_display($t));
}
if ($can_post && $ph[0]['uid'] == $owner_uid) {
$tags[$cnt][1] = 'tagrm?f=&item=' . $link_item['id'];
$tags[$cnt][2] = t('Remove');
}
$cnt++;
}
if (local_user() && local_user() == $link_item['uid']) {
q("UPDATE `item` SET item_flags = (item_flags ^ %d) WHERE parent = %d and uid = %d and (item_flags & %d)", intval(ITEM_UNSEEN), intval($link_item['parent']), intval(local_user()), intval(ITEM_UNSEEN));
}
}
// logger('mod_photo: link_item' . print_r($link_item,true));
// FIXME - remove this when we move to conversation module
$r = $r[0]['children'];
$edit = null;
if ($can_post) {
if (array_key_exists('albums', $a->data)) {
$albums = get_app()->data['albums'];
} else {
$albums = photos_albums_list($a->data['channel'], $a->data['observer']);
}
$album_e = $ph[0]['album'];
$caption_e = $ph[0]['description'];
$aclselect_e = populate_acl($ph[0]);
$edit = array('edit' => t('Edit photo'), 'id' => $ph[0]['id'], 'rotatecw' => t('Rotate CW (right)'), 'rotateccw' => t('Rotate CCW (left)'), 'albums' => $albums['albums'], 'album' => $album_e, 'newalbum' => t('New album name'), 'nickname' => $a->data['channel']['channel_address'], 'resource_id' => $ph[0]['resource_id'], 'capt_label' => t('Caption'), 'caption' => $caption_e, 'tag_label' => t('Add a Tag'), 'permissions' => t('Permissions'), 'aclselect' => $aclselect_e, 'help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com, #California, #camping'), 'item_id' => count($linked_items) ? $link_item['id'] : 0, 'submit' => t('Submit'), 'delete' => t('Delete Photo'));
}
if (count($linked_items)) {
$cmnt_tpl = get_markup_template('comment_item.tpl');
$tpl = get_markup_template('photo_item.tpl');
$return_url = $a->cmd;
$like_tpl = get_markup_template('like_noshare.tpl');
$likebuttons = '';
if ($can_post || $can_comment) {
$likebuttons = replace_macros($like_tpl, array('$id' => $link_item['id'], '$likethis' => t("I like this (toggle)"), '$nolike' => t("I don't like this (toggle)"), '$share' => t('Share'), '$wait' => t('Please wait')));
}
$comments = '';
if (!count($r)) {
if ($can_post || $can_comment) {
$comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$mode' => 'photos', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $observer['xchan_url'], '$mytitle' => t('This is you'), '$myphoto' => $observer['xchan_photo_s'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), '$ww' => '', '$feature_encrypt' => false));
}
}
$alike = array();
$dlike = array();
$like = '';
$dislike = '';
// display comments
if ($r) {
foreach ($r as $item) {
like_puller($a, $item, $alike, 'like');
like_puller($a, $item, $dlike, 'dislike');
}
$like = isset($alike[$link_item['id']]) ? format_like($alike[$link_item['id']], $alike[$link_item['id'] . '-l'], 'like', $link_item['id']) : '';
$dislike = isset($dlike[$link_item['id']]) ? format_like($dlike[$link_item['id']], $dlike[$link_item['id'] . '-l'], 'dislike', $link_item['id']) : '';
foreach ($r as $item) {
$comment = '';
$template = $tpl;
$sparkle = '';
if ((activity_match($item['verb'], ACTIVITY_LIKE) || activity_match($item['verb'], ACTIVITY_DISLIKE)) && $item['id'] != $item['parent']) {
continue;
}
$redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'];
$profile_url = zid($item['author']['xchan_url']);
$sparkle = '';
$profile_name = $item['author']['xchan_name'];
$profile_avatar = $item['author']['xchan_photo_m'];
$profile_link = $profile_url;
$drop = '';
if ($observer['xchan_hash'] === $item['author_xchan'] || $observer['xchan_hash'] === $item['owner_xchan']) {
$drop = replace_macros(get_markup_template('photo_drop.tpl'), array('$id' => $item['id'], '$delete' => t('Delete')));
}
$name_e = $profile_name;
$title_e = $item['title'];
unobscure($item);
$body_e = prepare_text($item['body'], $item['mimetype']);
$comments .= replace_macros($template, array('$id' => $item['item_id'], '$mode' => 'photos', '$profile_url' => $profile_link, '$name' => $name_e, '$thumb' => $profile_avatar, '$sparkle' => $sparkle, '$title' => $title_e, '$body' => $body_e, '$ago' => relative_date($item['created']), '$indent' => $item['parent'] != $item['item_id'] ? ' comment' : '', '$drop' => $drop, '$comment' => $comment));
}
if ($can_post || $can_comment) {
$comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $observer['xchan_url'], '$mytitle' => t('This is you'), '$myphoto' => $observer['xchan_photo_s'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$ww' => ''));
}
}
$paginate = paginate($a);
}
$album_e = array($album_link, $ph[0]['album']);
$like_e = $like;
$dislike_e = $dislike;
$photo_tpl = get_markup_template('photo_view.tpl');
$o .= replace_macros($photo_tpl, array('$id' => $ph[0]['id'], '$album' => $album_e, '$tools' => $tools, '$lock' => $lock, '$photo' => $photo, '$prevlink' => $prevlink, '$nextlink' => $nextlink, '$desc' => $ph[0]['description'], '$tag_hdr' => t('In This Photo:'), '$tags' => $tags, '$edit' => $edit, '$likebuttons' => $likebuttons, '$like' => $like_e, '$dislike' => $dislike_e, '$comments' => $comments, '$paginate' => $paginate));
$a->data['photo_html'] = $o;
return $o;
}
// Default - show recent photos with upload link (if applicable)
//$o = '';
$r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' \n\t\tand ( photo_flags = %d or photo_flags = %d ) {$sql_extra} GROUP BY `resource_id`", intval($a->data['channel']['channel_id']), dbesc('Contact Photos'), dbesc(t('Contact Photos')), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE));
if (count($r)) {
$a->set_pager_total(count($r));
$a->set_pager_itemspage(60);
}
$r = q("SELECT `resource_id`, `id`, `filename`, type, `album`, max(`scale`) AS `scale` FROM `photo`\n\t\tWHERE `uid` = %d AND `album` != '%s' AND `album` != '%s'\n\t\tand ( photo_flags = %d or photo_flags = %d ) \n\t\t{$sql_extra} GROUP BY `resource_id` ORDER BY `created` DESC LIMIT %d , %d", intval($a->data['channel']['channel_id']), dbesc('Contact Photos'), dbesc(t('Contact Photos')), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval($a->pager['start']), intval($a->pager['itemspage']));
$photos = array();
if (count($r)) {
$twist = 'rotright';
foreach ($r as $rr) {
if ($twist == 'rotright') {
$twist = 'rotleft';
} else {
$twist = 'rotright';
}
$ext = $phototypes[$rr['type']];
if ($a->get_template_engine() === 'internal') {
$alt_e = template_escape($rr['filename']);
$name_e = template_escape($rr['album']);
} else {
$alt_e = $rr['filename'];
$name_e = $rr['album'];
}
$photos[] = array('id' => $rr['id'], 'twist' => ' ' . $twist . rand(2, 4), 'link' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $rr['resource_id'], 'title' => t('View Photo'), 'src' => $a->get_baseurl() . '/photo/' . $rr['resource_id'] . '-' . ($rr['scale'] == 6 ? 4 : $rr['scale']) . '.' . $ext, 'alt' => $alt_e, 'album' => array('link' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($rr['album']), 'name' => $name_e, 'alt' => t('View Album')));
}
}
if ($_REQUEST['aj']) {
if ($photos) {
$o = replace_macros(get_markup_template('photosajax.tpl'), array('$photos' => $photos));
} else {
$o = '<div id="content-complete"></div>';
}
echo $o;
killme();
} else {
$o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
$tpl = get_markup_template('photos_recent.tpl');
$o .= replace_macros($tpl, array('$title' => t('Recent Photos'), '$can_post' => $can_post, '$upload' => array(t('Upload New Photos'), $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/upload'), '$photos' => $photos));
}
if (!$photos && $_REQUEST['aj']) {
$o .= '<div id="content-complete"></div>';
echo $o;
killme();
}
// $o .= paginate($a);
return $o;
}
/**
* @brief
*
* @param array $channel
* @param array $observer
* @param array $args
* @return array
*/
function photo_upload($channel, $observer, $args)
{
$ret = array('success' => false);
$channel_id = $channel['channel_id'];
$account_id = $channel['channel_account_id'];
if (!perm_is_allowed($channel_id, $observer['xchan_hash'], 'write_storage')) {
$ret['message'] = t('Permission denied.');
return $ret;
}
// call_hooks('photo_upload_begin', $args);
/*
* Determine the album to use
*/
$album = $args['album'];
if (intval($args['visible']) || $args['visible'] === 'true') {
$visible = 1;
} else {
$visible = 0;
}
$deliver = true;
if (array_key_exists('deliver', $args)) {
$deliver = intval($args['deliver']);
}
// Set to default channel permissions. If the parent directory (album) has permissions set,
// use those instead. If we have specific permissions supplied, they take precedence over
// all other settings. 'allow_cid' being passed from an external source takes priority over channel settings.
// ...messy... needs re-factoring once the photos/files integration stabilises
$acl = new Zotlabs\Access\AccessList($channel);
if (array_key_exists('directory', $args) && $args['directory']) {
$acl->set($args['directory']);
}
if (array_key_exists('allow_cid', $args)) {
$acl->set($args);
}
if (array_key_exists('group_allow', $args) || array_key_exists('contact_allow', $args) || array_key_exists('group_deny', $args) || array_key_exists('contact_deny', $args)) {
$acl->set_from_array($args);
}
$ac = $acl->get();
$os_storage = 0;
if ($args['os_path'] && $args['getimagesize']) {
$imagedata = @file_get_contents($args['os_path']);
$filename = $args['filename'];
$filesize = strlen($imagedata);
// this is going to be deleted if it exists
$src = '/tmp/deletemenow';
$type = $args['getimagesize']['mime'];
$os_storage = 1;
} elseif ($args['data'] || $args['content']) {
// allow an import from a binary string representing the image.
// This bypasses the upload step and max size limit checking
$imagedata = $args['content'] ? $args['content'] : $args['data'];
$filename = $args['filename'];
$filesize = strlen($imagedata);
// this is going to be deleted if it exists
$src = '/tmp/deletemenow';
$type = $args['mimetype'] ? $args['mimetype'] : $args['type'];
} else {
$f = array('src' => '', 'filename' => '', 'filesize' => 0, 'type' => '');
// call_hooks('photo_upload_file',$f);
if (x($f, 'src') && x($f, 'filesize')) {
$src = $f['src'];
$filename = $f['filename'];
$filesize = $f['filesize'];
$type = $f['type'];
} else {
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$type = $_FILES['userfile']['type'];
}
if (!$type) {
$type = guess_image_type($filename);
}
logger('photo_upload: received file: ' . $filename . ' as ' . $src . ' (' . $type . ') ' . $filesize . ' bytes', LOGGER_DEBUG);
$maximagesize = get_config('system', 'maximagesize');
if ($maximagesize && $filesize > $maximagesize) {
$ret['message'] = sprintf(t('Image exceeds website size limit of %lu bytes'), $maximagesize);
@unlink($src);
call_hooks('photo_upload_end', $ret);
return $ret;
}
if (!$filesize) {
$ret['message'] = t('Image file is empty.');
@unlink($src);
call_hooks('photo_post_end', $ret);
return $ret;
}
logger('photo_upload: loading the contents of ' . $src, LOGGER_DEBUG);
$imagedata = @file_get_contents($src);
}
$r = q("select sum(filesize) as total from photo where aid = %d and imgscale = 0 ", intval($account_id));
$limit = engr_units_to_bytes(service_class_fetch($channel_id, 'photo_upload_limit'));
if ($r && $limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) {
$ret['message'] = upgrade_message();
@unlink($src);
call_hooks('photo_post_end', $ret);
return $ret;
}
$ph = photo_factory($imagedata, $type);
if (!$ph->is_valid()) {
$ret['message'] = t('Unable to process image');
logger('photo_upload: unable to process image');
@unlink($src);
call_hooks('photo_upload_end', $ret);
return $ret;
}
$exif = $ph->orient($args['os_path'] ? $args['os_path'] : $src);
@unlink($src);
$max_length = get_config('system', 'max_image_length');
if (!$max_length) {
$max_length = MAX_IMAGE_LENGTH;
}
if ($max_length > 0) {
$ph->scaleImage($max_length);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$smallest = 0;
$photo_hash = $args['resource_id'] ? $args['resource_id'] : photo_new_resource();
$visitor = '';
if ($channel['channel_hash'] !== $observer['xchan_hash']) {
$visitor = $observer['xchan_hash'];
}
$errors = false;
$p = array('aid' => $account_id, 'uid' => $channel_id, 'xchan' => $visitor, 'resource_id' => $photo_hash, 'filename' => $filename, 'album' => $album, 'imgscale' => 0, 'photo_usage' => PHOTO_NORMAL, 'allow_cid' => $ac['allow_cid'], 'allow_gid' => $ac['allow_gid'], 'deny_cid' => $ac['deny_cid'], 'deny_gid' => $ac['deny_gid'], 'os_storage' => $os_storage, 'os_path' => $args['os_path']);
if ($args['created']) {
$p['created'] = $args['created'];
}
if ($args['edited']) {
$p['edited'] = $args['edited'];
}
if ($args['title']) {
$p['title'] = $args['title'];
}
if ($args['description']) {
$p['description'] = $args['description'];
}
$link = array();
$r0 = $ph->save($p);
$link[0] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/photo/' . $photo_hash . '-0.' . $ph->getExt(), 'width' => $ph->getWidth(), 'height' => $ph->getHeight());
if (!$r0) {
$errors = true;
}
unset($p['os_storage']);
unset($p['os_path']);
if (($width > 1024 || $height > 1024) && !$errors) {
$ph->scaleImage(1024);
}
$p['imgscale'] = 1;
$r1 = $ph->save($p);
$link[1] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/photo/' . $photo_hash . '-1.' . $ph->getExt(), 'width' => $ph->getWidth(), 'height' => $ph->getHeight());
if (!$r1) {
$errors = true;
}
if (($width > 640 || $height > 640) && !$errors) {
$ph->scaleImage(640);
}
$p['imgscale'] = 2;
$r2 = $ph->save($p);
$link[2] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/photo/' . $photo_hash . '-2.' . $ph->getExt(), 'width' => $ph->getWidth(), 'height' => $ph->getHeight());
if (!$r2) {
$errors = true;
}
if (($width > 320 || $height > 320) && !$errors) {
$ph->scaleImage(320);
}
$p['imgscale'] = 3;
$r3 = $ph->save($p);
$link[3] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/photo/' . $photo_hash . '-3.' . $ph->getExt(), 'width' => $ph->getWidth(), 'height' => $ph->getHeight());
if (!$r3) {
$errors = true;
}
if ($errors) {
q("delete from photo where resource_id = '%s' and uid = %d", dbesc($photo_hash), intval($channel_id));
$ret['message'] = t('Photo storage failed.');
logger('photo_upload: photo store failed.');
call_hooks('photo_upload_end', $ret);
return $ret;
}
$item_hidden = $visible ? 0 : 1;
$lat = $lon = null;
if ($exif && $exif['GPS']) {
if (feature_enabled($channel_id, 'photo_location')) {
$lat = getGps($exif['GPS']['GPSLatitude'], $exif['GPS']['GPSLatitudeRef']);
$lon = getGps($exif['GPS']['GPSLongitude'], $exif['GPS']['GPSLongitudeRef']);
}
}
$title = $args['description'] ? $args['description'] : $args['filename'];
$large_photos = feature_enabled($channel['channel_id'], 'large_photos');
linkify_tags($a, $args['body'], $channel_id);
if ($large_photos) {
$scale = 1;
$width = $link[1]['width'];
$height = $link[1]['height'];
$tag = $r1 ? '[zmg=' . $width . 'x' . $height . ']' : '[zmg]';
} else {
$scale = 2;
$width = $link[2]['width'];
$height = $link[2]['height'];
$tag = $r2 ? '[zmg=' . $width . 'x' . $height . ']' : '[zmg]';
}
$author_link = '[zrl=' . z_root() . '/channel/' . $channel['channel_address'] . ']' . $channel['channel_name'] . '[/zrl]';
$photo_link = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . t('a new photo') . '[/zrl]';
$album_link = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/album/' . bin2hex($album) . ']' . (strlen($album) ? $album : '/') . '[/zrl]';
$activity_format = sprintf(t('%1$s posted %2$s to %3$s', 'photo_upload'), $author_link, $photo_link, $album_link);
$summary = ($args['body'] ? $args['body'] : '') . '[footer]' . $activity_format . '[/footer]';
$obj_body = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . $tag . z_root() . "/photo/{$photo_hash}-{$scale}." . $ph->getExt() . '[/zmg]' . '[/zrl]';
// Create item object
$object = array('type' => ACTIVITY_OBJ_PHOTO, 'title' => $title, 'created' => $p['created'], 'edited' => $p['edited'], 'id' => z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash, 'link' => $link, 'body' => $obj_body);
$target = array('type' => ACTIVITY_OBJ_ALBUM, 'title' => $album ? $album : '/', 'id' => z_root() . '/photos/' . $channel['channel_address'] . '/album/' . bin2hex($album));
// Create item container
if ($args['item']) {
foreach ($args['item'] as $i) {
$item = get_item_elements($i);
$force = false;
if ($item['mid'] === $item['parent_mid']) {
$item['body'] = $summary;
$item['obj_type'] = ACTIVITY_OBJ_PHOTO;
$item['obj'] = json_encode($object);
$item['tgt_type'] = ACTIVITY_OBJ_ALBUM;
$item['target'] = json_encode($target);
if ($item['author_xchan'] === $channel['channel_hash']) {
$item['sig'] = base64url_encode(rsa_sign($item['body'], $channel['channel_prvkey']));
$item['item_verified'] = 1;
} else {
$item['sig'] = '';
}
$force = true;
}
$r = q("select id, edited from item where mid = '%s' and uid = %d limit 1", dbesc($item['mid']), intval($channel['channel_id']));
if ($r) {
if ($item['edited'] > $r[0]['edited'] || $force) {
$item['id'] = $r[0]['id'];
$item['uid'] = $channel['channel_id'];
item_store_update($item, false, $deliver);
continue;
}
} else {
$item['aid'] = $channel['channel_account_id'];
$item['uid'] = $channel['channel_id'];
$item_result = item_store($item, false, $deliver);
}
}
} else {
$mid = item_message_id();
$arr = array();
if ($lat && $lon) {
$arr['coord'] = $lat . ' ' . $lon;
}
$arr['aid'] = $account_id;
$arr['uid'] = $channel_id;
$arr['mid'] = $mid;
$arr['parent_mid'] = $mid;
$arr['item_hidden'] = $item_hidden;
$arr['resource_type'] = 'photo';
$arr['resource_id'] = $photo_hash;
$arr['owner_xchan'] = $channel['channel_hash'];
$arr['author_xchan'] = $observer['xchan_hash'];
$arr['title'] = $title;
$arr['allow_cid'] = $ac['allow_cid'];
$arr['allow_gid'] = $ac['allow_gid'];
$arr['deny_cid'] = $ac['deny_cid'];
$arr['deny_gid'] = $ac['deny_gid'];
$arr['verb'] = ACTIVITY_POST;
$arr['obj_type'] = ACTIVITY_OBJ_PHOTO;
$arr['obj'] = json_encode($object);
$arr['tgt_type'] = ACTIVITY_OBJ_ALBUM;
$arr['target'] = json_encode($target);
$arr['item_wall'] = 1;
$arr['item_origin'] = 1;
$arr['item_thread_top'] = 1;
$arr['item_private'] = intval($acl->is_private());
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
$arr['body'] = $summary;
// this one is tricky because the item and the photo have the same permissions, those of the photo.
// Use the channel read_stream permissions to get the correct public_policy for the item and recalculate the
// private flag accordingly. This may cause subtle bugs due to custom permissions roles. We want to use
// public policy when federating items to other sites, but should probably ignore them when accessing the item
// in the photos pages - using the photos permissions instead. We need the public policy to keep the photo
// linked item from leaking into the feed when somebody has a channel with read_stream restrictions.
$arr['public_policy'] = map_scope($channel['channel_r_stream'], true);
if ($arr['public_policy']) {
$arr['item_private'] = 1;
}
$result = item_store($arr, false, $deliver);
$item_id = $result['item_id'];
if ($visible && $deliver) {
Zotlabs\Daemon\Master::Summon(array('Notifier', 'wall-new', $item_id));
}
}
$ret['success'] = true;
$ret['item'] = $arr;
$ret['body'] = $obj_body;
$ret['resource_id'] = $photo_hash;
$ret['photoitem_id'] = $item_id;
call_hooks('photo_upload_end', $ret);
return $ret;
}
/**
* @brief Creates the directory listing for the given path.
*
* @param string $path which should be displayed
*/
public function generateDirectoryIndex($path)
{
// (owner_id = channel_id) is visitor owner of this directory?
$is_owner = local_channel() && $this->auth->owner_id == local_channel() ? true : false;
if ($this->auth->getTimezone()) {
date_default_timezone_set($this->auth->getTimezone());
}
require_once 'include/conversation.php';
require_once 'include/text.php';
if ($this->auth->owner_nick) {
$html = profile_tabs(get_app(), $is_owner ? true : false, $this->auth->owner_nick);
}
$files = $this->server->getPropertiesForPath($path, array('{DAV:}displayname', '{DAV:}resourcetype', '{DAV:}getcontenttype', '{DAV:}getcontentlength', '{DAV:}getlastmodified'), 1);
$parent = $this->server->tree->getNodeForPath($path);
$parentpath = array();
// only show parent if not leaving /cloud/; TODO how to improve this?
if ($path && $path != "cloud") {
list($parentUri) = DAV\URLUtil::splitPath($path);
$fullPath = DAV\URLUtil::encodePath($this->server->getBaseUri() . $parentUri);
$parentpath['icon'] = $this->enableAssets ? '<a href="' . $fullPath . '"><img src="' . $this->getAssetUrl('icons/parent' . $this->iconExtension) . '" width="24" alt="' . t('parent') . '"></a>' : '';
$parentpath['path'] = $fullPath;
}
$f = array();
foreach ($files as $file) {
$ft = array();
$type = null;
// This is the current directory, we can skip it
if (rtrim($file['href'], '/') == $path) {
continue;
}
list(, $name) = DAV\URLUtil::splitPath($file['href']);
if (isset($file[200]['{DAV:}resourcetype'])) {
$type = $file[200]['{DAV:}resourcetype']->getValue();
// resourcetype can have multiple values
if (!is_array($type)) {
$type = array($type);
}
foreach ($type as $k => $v) {
// Some name mapping is preferred
switch ($v) {
case '{DAV:}collection':
$type[$k] = t('Collection');
break;
case '{DAV:}principal':
$type[$k] = t('Principal');
break;
case '{urn:ietf:params:xml:ns:carddav}addressbook':
$type[$k] = t('Addressbook');
break;
case '{urn:ietf:params:xml:ns:caldav}calendar':
$type[$k] = t('Calendar');
break;
case '{urn:ietf:params:xml:ns:caldav}schedule-inbox':
$type[$k] = t('Schedule Inbox');
break;
case '{urn:ietf:params:xml:ns:caldav}schedule-outbox':
$type[$k] = t('Schedule Outbox');
break;
case '{http://calendarserver.org/ns/}calendar-proxy-read':
$type[$k] = 'Proxy-Read';
break;
case '{http://calendarserver.org/ns/}calendar-proxy-write':
$type[$k] = 'Proxy-Write';
break;
}
}
$type = implode(', ', $type);
}
// If no resourcetype was found, we attempt to use
// the contenttype property
if (!$type && isset($file[200]['{DAV:}getcontenttype'])) {
$type = $file[200]['{DAV:}getcontenttype'];
}
if (!$type) {
$type = t('Unknown');
}
$size = isset($file[200]['{DAV:}getcontentlength']) ? (int) $file[200]['{DAV:}getcontentlength'] : '';
$lastmodified = isset($file[200]['{DAV:}getlastmodified']) ? $file[200]['{DAV:}getlastmodified']->getTime()->format('Y-m-d H:i:s') : '';
$fullPath = DAV\URLUtil::encodePath('/' . trim($this->server->getBaseUri() . ($path ? $path . '/' : '') . $name, '/'));
$displayName = isset($file[200]['{DAV:}displayname']) ? $file[200]['{DAV:}displayname'] : $name;
$displayName = $this->escapeHTML($displayName);
$type = $this->escapeHTML($type);
$icon = '';
if ($this->enableAssets) {
$node = $this->server->tree->getNodeForPath(($path ? $path . '/' : '') . $name);
foreach (array_reverse($this->iconMap) as $class => $iconName) {
if ($node instanceof $class) {
$icon = '<a href="' . $fullPath . '"><img src="' . $this->getAssetUrl($iconName . $this->iconExtension) . '" alt="" width="24"></a>';
break;
}
}
}
$parentHash = '';
$owner = $this->auth->owner_id;
$splitPath = split('/', $fullPath);
if (count($splitPath) > 3) {
for ($i = 3; $i < count($splitPath); $i++) {
$attachName = urldecode($splitPath[$i]);
$attachHash = $this->findAttachHash($owner, $parentHash, $attachName);
$parentHash = $attachHash;
}
}
$attachIcon = "";
// "<a href=\"attach/".$attachHash."\" title=\"".$displayName."\"><i class=\"icon-download\"></i></a>";
// put the array for this file together
$ft['attachId'] = $this->findAttachIdByHash($attachHash);
$ft['fileStorageUrl'] = substr($fullPath, 0, strpos($fullPath, "cloud/")) . "filestorage/" . $this->auth->getCurrentUser();
$ft['icon'] = $icon;
$ft['attachIcon'] = $size ? $attachIcon : '';
// @todo Should this be an item value, not a global one?
$ft['is_owner'] = $is_owner;
$ft['fullPath'] = $fullPath;
$ft['displayName'] = $displayName;
$ft['type'] = $type;
$ft['size'] = $size;
$ft['sizeFormatted'] = userReadableSize($size);
$ft['lastmodified'] = $lastmodified ? datetime_convert('UTC', date_default_timezone_get(), $lastmodified) : '';
$ft['iconFromType'] = getIconFromType($type);
$f[] = $ft;
}
// Storage and quota for the account (all channels of the owner of this directory)!
$limit = service_class_fetch($owner, 'attach_upload_limit');
$r = q("SELECT SUM(filesize) AS total FROM attach WHERE aid = %d", intval($this->auth->channel_account_id));
$used = $r[0]['total'];
if ($used) {
$quotaDesc = t('%1$s used');
$quotaDesc = sprintf($quotaDesc, userReadableSize($used));
}
if ($limit && $used) {
$quotaDesc = t('%1$s used of %2$s (%3$s%)');
$quotaDesc = sprintf($quotaDesc, userReadableSize($used), userReadableSize($limit), round($used / $limit, 1));
}
// prepare quota for template
$quota = array();
$quota['used'] = $used;
$quota['limit'] = $limit;
$quota['desc'] = $quotaDesc;
$output = '';
if ($this->enablePost) {
$this->server->broadcastEvent('onHTMLActionsPanel', array($parent, &$output));
}
$html .= replace_macros(get_markup_template('cloud.tpl'), array('$header' => t('Files') . ": " . $this->escapeHTML($path) . "/", '$quota' => $quota, '$total' => t('Total'), '$actionspanel' => $output, '$shared' => t('Shared'), '$create' => t('Create'), '$upload' => t('Upload'), '$is_owner' => $is_owner, '$parentpath' => $parentpath, '$entries' => $f, '$name' => t('Name'), '$type' => t('Type'), '$size' => t('Size'), '$lastmod' => t('Last Modified'), '$parent' => t('parent'), '$edit' => t('Edit'), '$delete' => t('Delete'), '$nick' => $this->auth->getCurrentUser()));
$a = get_app();
$a->page['content'] = $html;
load_pdl($a);
$theme_info_file = "view/theme/" . current_theme() . "/php/theme.php";
if (file_exists($theme_info_file)) {
require_once $theme_info_file;
if (function_exists(str_replace('-', '_', current_theme()) . '_init')) {
$func = str_replace('-', '_', current_theme()) . '_init';
$func($a);
}
}
construct_page($a);
}
/**
* @brief
*
* @param array $channel
* @param array $observer
* @param array $args
* @return array
*/
function photo_upload($channel, $observer, $args)
{
$ret = array('success' => false);
$channel_id = $channel['channel_id'];
$account_id = $channel['channel_account_id'];
if (!perm_is_allowed($channel_id, $observer['xchan_hash'], 'post_photos')) {
$ret['message'] = t('Permission denied.');
return $ret;
}
call_hooks('photo_upload_begin', $args);
/*
* Determine the album to use
*/
$album = $args['album'];
$newalbum = $args['newalbum'];
logger('photo_upload: album= ' . $album . ' newalbum= ' . $newalbum, LOGGER_DEBUG);
if (!$album) {
if ($newalbum) {
$album = $newalbum;
} else {
$album = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y-m');
}
}
if (intval($args['visible']) || $args['visible'] === 'true') {
$visible = 1;
} else {
$visible = 0;
}
$str_group_allow = perms2str(is_array($args['group_allow']) ? $args['group_allow'] : explode(',', $args['group_allow']));
$str_contact_allow = perms2str(is_array($args['contact_allow']) ? $args['contact_allow'] : explode(',', $args['contact_allow']));
$str_group_deny = perms2str(is_array($args['group_deny']) ? $args['group_deny'] : explode(',', $args['group_deny']));
$str_contact_deny = perms2str(is_array($args['contact_deny']) ? $args['contact_deny'] : explode(',', $args['contact_deny']));
if ($args['data']) {
// allow an import from a binary string representing the image.
// This bypasses the upload step and max size limit checking
$imagedata = $args['data'];
$filename = $args['filename'];
$filesize = strlen($imagedata);
// this is going to be deleted if it exists
$src = '/tmp/deletemenow';
$type = $args['type'];
} else {
$f = array('src' => '', 'filename' => '', 'filesize' => 0, 'type' => '');
call_hooks('photo_upload_file', $f);
if (x($f, 'src') && x($f, 'filesize')) {
$src = $f['src'];
$filename = $f['filename'];
$filesize = $f['filesize'];
$type = $f['type'];
} else {
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$type = $_FILES['userfile']['type'];
}
if (!$type) {
$type = guess_image_type($filename);
}
logger('photo_upload: received file: ' . $filename . ' as ' . $src . ' (' . $type . ') ' . $filesize . ' bytes', LOGGER_DEBUG);
$maximagesize = get_config('system', 'maximagesize');
if ($maximagesize && $filesize > $maximagesize) {
$ret['message'] = sprintf(t('Image exceeds website size limit of %lu bytes'), $maximagesize);
@unlink($src);
call_hooks('photo_upload_end', $ret);
return $ret;
}
if (!$filesize) {
$ret['message'] = t('Image file is empty.');
@unlink($src);
call_hooks('photo_post_end', $ret);
return $ret;
}
logger('photo_upload: loading the contents of ' . $src, LOGGER_DEBUG);
$imagedata = @file_get_contents($src);
}
$r = q("select sum(size) as total from photo where aid = %d and scale = 0 ", intval($account_id));
$limit = service_class_fetch($channel_id, 'photo_upload_limit');
if ($r && $limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) {
$ret['message'] = upgrade_message();
@unlink($src);
call_hooks('photo_post_end', $ret);
return $ret;
}
$ph = photo_factory($imagedata, $type);
if (!$ph->is_valid()) {
$ret['message'] = t('Unable to process image');
logger('photo_upload: unable to process image');
@unlink($src);
call_hooks('photo_upload_end', $ret);
return $ret;
}
$exif = $ph->orient($src);
@unlink($src);
$max_length = get_config('system', 'max_image_length');
if (!$max_length) {
$max_length = MAX_IMAGE_LENGTH;
}
if ($max_length > 0) {
$ph->scaleImage($max_length);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$smallest = 0;
$photo_hash = $args['resource_id'] ? $args['resource_id'] : photo_new_resource();
$visitor = '';
if ($channel['channel_hash'] !== $observer['xchan_hash']) {
$visitor = $observer['xchan_hash'];
}
$errors = false;
$p = array('aid' => $account_id, 'uid' => $channel_id, 'xchan' => $visitor, 'resource_id' => $photo_hash, 'filename' => $filename, 'album' => $album, 'scale' => 0, 'photo_flags' => PHOTO_NORMAL, 'allow_cid' => $str_contact_allow, 'allow_gid' => $str_group_allow, 'deny_cid' => $str_contact_deny, 'deny_gid' => $str_group_deny);
if ($args['created']) {
$p['created'] = $args['created'];
}
if ($args['edited']) {
$p['edited'] = $args['edited'];
}
if ($args['title']) {
$p['title'] = $args['title'];
}
if ($args['description']) {
$p['description'] = $args['description'];
}
$r1 = $ph->save($p);
if (!$r1) {
$errors = true;
}
if (($width > 640 || $height > 640) && !$errors) {
$ph->scaleImage(640);
$p['scale'] = 1;
$r2 = $ph->save($p);
$smallest = 1;
if (!$r2) {
$errors = true;
}
}
if (($width > 320 || $height > 320) && !$errors) {
$ph->scaleImage(320);
$p['scale'] = 2;
$r3 = $ph->save($p);
$smallest = 2;
if (!$r3) {
$errors = true;
}
}
if ($errors) {
q("delete from photo where resource_id = '%s' and uid = %d", dbesc($photo_hash), intval($channel_id));
$ret['message'] = t('Photo storage failed.');
logger('photo_upload: photo store failed.');
call_hooks('photo_upload_end', $ret);
return $ret;
}
// This will be the width and height of the smallest representation
$width_x_height = $ph->getWidth() . 'x' . $ph->getHeight();
$mid = item_message_id();
// Create item container
$lat = $lon = null;
if ($exif && $exif['GPS']) {
if (feature_enabled($channel_id, 'photo_location')) {
$lat = getGps($exif['GPS']['GPSLatitude'], $exif['GPS']['GPSLatitudeRef']);
$lon = getGps($exif['GPS']['GPSLongitude'], $exif['GPS']['GPSLongitudeRef']);
}
}
$item_flags = ITEM_WALL | ITEM_ORIGIN | ITEM_THREAD_TOP;
$item_restrict = $visible ? ITEM_VISIBLE : ITEM_HIDDEN;
$title = '';
$mid = item_message_id();
$arr = array();
if ($lat && $lon) {
$arr['coord'] = $lat . ' ' . $lon;
}
$arr['aid'] = $account_id;
$arr['uid'] = $channel_id;
$arr['mid'] = $mid;
$arr['parent_mid'] = $mid;
$arr['item_flags'] = $item_flags;
$arr['item_restrict'] = $item_restrict;
$arr['resource_type'] = 'photo';
$arr['resource_id'] = $photo_hash;
$arr['owner_xchan'] = $channel['channel_hash'];
$arr['author_xchan'] = $observer['xchan_hash'];
$arr['title'] = $title;
$arr['allow_cid'] = $str_contact_allow;
$arr['allow_gid'] = $str_group_allow;
$arr['deny_cid'] = $str_contact_deny;
$arr['deny_gid'] = $str_group_deny;
$arr['verb'] = ACTIVITY_POST;
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
// We should also put a width_x_height on large photos. Left as an exercise for
// devs looking fo simple stuff to fix.
$larger = feature_enabled($channel['channel_id'], 'large_photos');
if ($larger) {
$tag = '[zmg]';
if ($r2) {
$smallest = 1;
} else {
$smallest = 0;
}
} else {
if ($width_x_height) {
$tag = '[zmg=' . $width_x_height . ']';
} else {
$tag = '[zmg]';
}
}
$arr['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . $tag . z_root() . "/photo/{$photo_hash}-{$smallest}." . $ph->getExt() . '[/zmg]' . '[/zrl]';
$result = item_store($arr);
$item_id = $result['item_id'];
if ($visible) {
proc_run('php', "include/notifier.php", 'wall-new', $item_id);
}
$ret['success'] = true;
$ret['item'] = $arr;
$ret['body'] = $arr['body'];
$ret['resource_id'] = $photo_hash;
$ret['photoitem_id'] = $item_id;
call_hooks('photo_upload_end', $ret);
return $ret;
}
function poller_run($argv, $argc)
{
cli_startup();
$a = get_app();
$maxsysload = intval(get_config('system', 'maxloadavg'));
if ($maxsysload < 1) {
$maxsysload = 50;
}
if (function_exists('sys_getloadavg')) {
$load = sys_getloadavg();
if (intval($load[0]) > $maxsysload) {
logger('system: load ' . $load . ' too high. Poller deferred to next scheduled run.');
return;
}
}
$interval = intval(get_config('system', 'poll_interval'));
if (!$interval) {
$interval = get_config('system', 'delivery_interval') === false ? 3 : intval(get_config('system', 'delivery_interval'));
}
// Check for a lockfile. If it exists, but is over an hour old, it's stale. Ignore it.
$lockfile = 'store/[data]/poller';
if (file_exists($lockfile) && filemtime($lockfile) > time() - 3600 && !get_config('system', 'override_poll_lockfile')) {
logger("poller: Already running");
return;
}
// Create a lockfile. Needs two vars, but $x doesn't need to contain anything.
file_put_contents($lockfile, $x);
logger('poller: start');
// run queue delivery process in the background
proc_run('php', "include/queue.php");
// maintenance for mod sharedwithme - check for updated items and remove them
require_once 'include/sharedwithme.php';
apply_updates();
// expire any expired mail
q("delete from mail where expires != '%s' and expires < %s ", dbesc(NULL_DATE), db_utcnow());
// expire any expired items
$r = q("select id from item where expires != '%s' and expires < %s \n\t\tand item_deleted = 0 ", dbesc(NULL_DATE), db_utcnow());
if ($r) {
require_once 'include/items.php';
foreach ($r as $rr) {
drop_item($rr['id'], false);
}
}
// Ensure that every channel pings a directory server once a month. This way we can discover
// channels and sites that quietly vanished and prevent the directory from accumulating stale
// or dead entries.
$r = q("select channel_id from channel where channel_dirdate < %s - INTERVAL %s", db_utcnow(), db_quoteinterval('30 DAY'));
if ($r) {
foreach ($r as $rr) {
proc_run('php', 'include/directory.php', $rr['channel_id'], 'force');
if ($interval) {
@time_sleep_until(microtime(true) + (double) $interval);
}
}
}
// publish any applicable items that were set to be published in the future
// (time travel posts). Restrict to items that have come of age in the last
// couple of days to limit the query to something reasonable.
$r = q("select id from item where item_delayed = 1 and created <= %s and created > '%s' ", db_utcnow(), dbesc(datetime_convert('UTC', 'UTC', 'now - 2 days')));
if ($r) {
foreach ($r as $rr) {
$x = q("update item set item_delayed = 0 where id = %d", intval($rr['id']));
if ($x) {
proc_run('php', 'include/notifier.php', 'wall-new', $rr['id']);
}
}
}
$abandon_days = intval(get_config('system', 'account_abandon_days'));
if ($abandon_days < 1) {
$abandon_days = 0;
}
// once daily run birthday_updates and then expire in background
// FIXME: add birthday updates, both locally and for xprof for use
// by directory servers
$d1 = intval(get_config('system', 'last_expire_day'));
$d2 = intval(datetime_convert('UTC', 'UTC', 'now', 'd'));
// Allow somebody to staggger daily activities if they have more than one site on their server,
// or if it happens at an inconvenient (busy) hour.
$h1 = intval(get_config('system', 'cron_hour'));
$h2 = intval(datetime_convert('UTC', 'UTC', 'now', 'G'));
$dirmode = get_config('system', 'directory_mode');
/**
* Cron Daily
*
* Actions in the following block are executed once per day, not on every poller run
*
*/
if ($d2 != $d1 && $h1 == $h2) {
require_once 'include/dir_fns.php';
check_upstream_directory();
call_hooks('cron_daily', datetime_convert());
$d3 = intval(datetime_convert('UTC', 'UTC', 'now', 'N'));
if ($d3 == 7) {
/**
* Cron Weekly
*
* Actions in the following block are executed once per day only on Sunday (once per week).
*
*/
call_hooks('cron_weekly', datetime_convert());
z_check_cert();
require_once 'include/hubloc.php';
prune_hub_reinstalls();
require_once 'include/Contact.php';
mark_orphan_hubsxchans();
// get rid of really old poco records
q("delete from xlink where xlink_updated < %s - INTERVAL %s and xlink_static = 0 ", db_utcnow(), db_quoteinterval('14 DAY'));
$dirmode = intval(get_config('system', 'directory_mode'));
if ($dirmode === DIRECTORY_MODE_SECONDARY || $dirmode === DIRECTORY_MODE_PRIMARY) {
logger('regdir: ' . print_r(z_fetch_url(get_directory_primary() . '/regdir?f=&url=' . urlencode(z_root()) . '&realm=' . urlencode(get_directory_realm())), true));
}
// Check for dead sites
proc_run('php', 'include/checksites.php');
// update searchable doc indexes
proc_run('php', 'include/importdoc.php');
/**
* End Cron Weekly
*/
}
update_birthdays();
//update statistics in config
require_once 'include/statistics_fns.php';
update_channels_total_stat();
update_channels_active_halfyear_stat();
update_channels_active_monthly_stat();
update_local_posts_stat();
// expire any read notifications over a month old
q("delete from notify where seen = 1 and date < %s - INTERVAL %s", db_utcnow(), db_quoteinterval('30 DAY'));
// expire old delivery reports
$keep_reports = intval(get_config('system', 'expire_delivery_reports'));
if ($keep_reports === 0) {
$keep_reports = 30;
}
q("delete from dreport where dreport_time < %s - INTERVAL %s", db_utcnow(), db_quoteinterval($keep_reports . ' DAY'));
// expire any expired accounts
downgrade_accounts();
// If this is a directory server, request a sync with an upstream
// directory at least once a day, up to once every poll interval.
// Pull remote changes and push local changes.
// potential issue: how do we keep from creating an endless update loop?
if ($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) {
require_once 'include/dir_fns.php';
sync_directories($dirmode);
}
set_config('system', 'last_expire_day', $d2);
proc_run('php', 'include/expire.php');
proc_run('php', 'include/cli_suggest.php');
require_once 'include/hubloc.php';
remove_obsolete_hublocs();
/**
* End Cron Daily
*/
}
// update any photos which didn't get imported properly
// This should be rare
$r = q("select xchan_photo_l, xchan_hash from xchan where xchan_photo_l != '' and xchan_photo_m = '' \n\t\tand xchan_photo_date < %s - INTERVAL %s", db_utcnow(), db_quoteinterval('1 DAY'));
if ($r) {
require_once 'include/photo/photo_driver.php';
foreach ($r as $rr) {
$photos = import_xchan_photo($rr['xchan_photo_l'], $rr['xchan_hash']);
$x = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s'\n\t\t\t\twhere xchan_hash = '%s'", dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), dbesc($photos[3]), dbesc($rr['xchan_hash']));
}
}
// pull in some public posts
if (!get_config('system', 'disable_discover_tab')) {
proc_run('php', 'include/externals.php');
}
$manual_id = 0;
$generation = 0;
$force = false;
$restart = false;
if ($argc > 1 && $argv[1] == 'force') {
$force = true;
}
if ($argc > 1 && $argv[1] == 'restart') {
$restart = true;
$generation = intval($argv[2]);
if (!$generation) {
killme();
}
}
if ($argc > 1 && intval($argv[1])) {
$manual_id = intval($argv[1]);
$force = true;
}
$sql_extra = $manual_id ? " AND abook_id = " . intval($manual_id) . " " : "";
reload_plugins();
$d = datetime_convert();
// TODO check to see if there are any cronhooks before wasting a process
if (!$restart) {
proc_run('php', 'include/cronhooks.php');
}
// Only poll from those with suitable relationships
$abandon_sql = $abandon_days ? sprintf(" AND account_lastlog > %s - INTERVAL %s ", db_utcnow(), db_quoteinterval(intval($abandon_days) . ' DAY')) : '';
$randfunc = db_getfunc('RAND');
$contacts = q("SELECT * FROM abook LEFT JOIN xchan on abook_xchan = xchan_hash \n\t\tLEFT JOIN account on abook_account = account_id\n\t\twhere abook_self = 0\n\t\t{$sql_extra} \n\t\tAND (( account_flags = %d ) OR ( account_flags = %d )) {$abandon_sql} ORDER BY {$randfunc}", intval(ACCOUNT_OK), intval(ACCOUNT_UNVERIFIED));
if ($contacts) {
foreach ($contacts as $contact) {
$update = false;
$t = $contact['abook_updated'];
$c = $contact['abook_connected'];
if (intval($contact['abook_feed'])) {
$min = service_class_fetch($contact['abook_channel'], 'minimum_feedcheck_minutes');
if (!$min) {
$min = intval(get_config('system', 'minimum_feedcheck_minutes'));
}
if (!$min) {
$min = 60;
}
$x = datetime_convert('UTC', 'UTC', "now - {$min} minutes");
if ($c < $x) {
proc_run('php', 'include/onepoll.php', $contact['abook_id']);
if ($interval) {
@time_sleep_until(microtime(true) + (double) $interval);
}
}
continue;
}
if ($contact['xchan_network'] !== 'zot') {
continue;
}
if ($c == $t) {
if (datetime_convert('UTC', 'UTC', 'now') > datetime_convert('UTC', 'UTC', $t . " + 1 day")) {
$update = true;
}
} else {
// if we've never connected with them, start the mark for death countdown from now
if ($c == NULL_DATE) {
$r = q("update abook set abook_connected = '%s' where abook_id = %d", dbesc(datetime_convert()), intval($contact['abook_id']));
$c = datetime_convert();
$update = true;
}
// He's dead, Jim
if (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $c . " + 30 day")) > 0) {
$r = q("update abook set abook_archived = 1 where abook_id = %d", intval($contact['abook_id']));
$update = false;
continue;
}
if (intval($contact['abook_archived'])) {
$update = false;
continue;
}
// might be dead, so maybe don't poll quite so often
// recently deceased, so keep up the regular schedule for 3 days
if (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $c . " + 3 day")) > 0 && strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $t . " + 1 day")) > 0) {
$update = true;
}
// After that back off and put them on a morphine drip
if (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $t . " + 2 day")) > 0) {
$update = true;
}
}
if (intval($contact['abook_pending']) || intval($contact['abook_archived']) || intval($contact['abook_ignored']) || intval($contact['abook_blocked'])) {
continue;
}
if (!$update && !$force) {
continue;
}
proc_run('php', 'include/onepoll.php', $contact['abook_id']);
if ($interval) {
@time_sleep_until(microtime(true) + (double) $interval);
}
}
}
if ($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) {
$r = q("SELECT u.ud_addr, u.ud_id, u.ud_last FROM updates AS u INNER JOIN (SELECT ud_addr, max(ud_id) AS ud_id FROM updates WHERE ( ud_flags & %d ) = 0 AND ud_addr != '' AND ( ud_last = '%s' OR ud_last > %s - INTERVAL %s ) GROUP BY ud_addr) AS s ON s.ud_id = u.ud_id ", intval(UPDATE_FLAGS_UPDATED), dbesc(NULL_DATE), db_utcnow(), db_quoteinterval('7 DAY'));
if ($r) {
foreach ($r as $rr) {
// If they didn't respond when we attempted before, back off to once a day
// After 7 days we won't bother anymore
if ($rr['ud_last'] != NULL_DATE) {
if ($rr['ud_last'] > datetime_convert('UTC', 'UTC', 'now - 1 day')) {
continue;
}
}
proc_run('php', 'include/onedirsync.php', $rr['ud_id']);
if ($interval) {
@time_sleep_until(microtime(true) + (double) $interval);
}
}
}
}
set_config('system', 'lastpoll', datetime_convert());
//All done - clear the lockfile
@unlink($lockfile);
return;
}
/**
* @brief Updates the data of the file.
*
* @param resource $data
* @return void
*/
public function put($data)
{
logger('put file: ' . basename($this->name), LOGGER_DEBUG);
$size = 0;
// @todo only 3 values are needed
$c = q("SELECT * FROM channel WHERE channel_id = %d AND (channel_pageflags & %d) = 0 LIMIT 1", intval($this->auth->owner_id), intval(PAGE_REMOVED));
$r = q("SELECT flags, folder, data FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($this->data['hash']), intval($c[0]['channel_id']));
if ($r) {
if ($r[0]['flags'] & ATTACH_FLAG_OS) {
$fname = dbunescbin($r[0]['data']);
$f = 'store/' . $this->auth->owner_nick . '/' . ($fname ? $fname : '');
// @todo check return value and set $size directly
@file_put_contents($f, $data);
$size = @filesize($f);
logger('filename: ' . $f . ' size: ' . $size, LOGGER_DEBUG);
} else {
$r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d", dbescbin(stream_get_contents($data)), dbesc($this->data['hash']), intval($this->data['uid']));
$r = q("SELECT length(data) AS fsize FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($this->data['hash']), intval($this->data['uid']));
if ($r) {
$size = $r[0]['fsize'];
}
}
}
// returns now()
$edited = datetime_convert();
$d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($size), dbesc($edited), dbesc($this->data['hash']), intval($c[0]['channel_id']));
// update the folder's lastmodified timestamp
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($edited), dbesc($r[0]['folder']), intval($c[0]['channel_id']));
// @todo do we really want to remove the whole file if an update fails
// because of maxfilesize or quota?
// There is an Exception "InsufficientStorage" or "PaymentRequired" for
// our service class from SabreDAV we could use.
$maxfilesize = get_config('system', 'maxfilesize');
if ($maxfilesize && $size > $maxfilesize) {
attach_delete($c[0]['channel_id'], $this->data['hash']);
return;
}
$limit = service_class_fetch($c[0]['channel_id'], 'attach_upload_limit');
if ($limit !== false) {
$x = q("select sum(filesize) as total from attach where aid = %d ", intval($c[0]['channel_account_id']));
if ($x && $x[0]['total'] + $size > $limit) {
logger('service class limit exceeded for ' . $c[0]['channel_name'] . ' total usage is ' . $x[0]['total'] . ' limit is ' . $limit);
attach_delete($c[0]['channel_id'], $this->data['hash']);
return;
}
}
}
/**
* @brief Creates a form to add new folders and upload files.
*
* @param \Sabre\DAV\INode $node
* @param string &$output
*/
public function htmlActionsPanel(DAV\INode $node, &$output, $path)
{
if (!$node instanceof DAV\ICollection) {
return;
}
// We also know fairly certain that if an object is a non-extended
// SimpleCollection, we won't need to show the panel either.
if (get_class($node) === 'Sabre\\DAV\\SimpleCollection') {
return;
}
require_once 'include/acl_selectors.php';
$aclselect = null;
$lockstate = '';
if ($this->auth->owner_id) {
$channel = channelx_by_n($this->auth->owner_id);
if ($channel) {
$acl = new \Zotlabs\Access\AccessList($channel);
$channel_acl = $acl->get();
$lockstate = $acl->is_private() ? 'lock' : 'unlock';
$aclselect = local_channel() == $this->auth->owner_id ? populate_acl($channel_acl, false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_storage')) : '';
}
}
// Storage and quota for the account (all channels of the owner of this directory)!
$limit = engr_units_to_bytes(service_class_fetch($owner, 'attach_upload_limit'));
$r = q("SELECT SUM(filesize) AS total FROM attach WHERE aid = %d", intval($this->auth->channel_account_id));
$used = $r[0]['total'];
if ($used) {
$quotaDesc = t('You are using %1$s of your available file storage.');
$quotaDesc = sprintf($quotaDesc, userReadableSize($used));
}
if ($limit && $used) {
$quotaDesc = t('You are using %1$s of %2$s available file storage. (%3$s%)');
$quotaDesc = sprintf($quotaDesc, userReadableSize($used), userReadableSize($limit), round($used / $limit, 1) * 100);
}
// prepare quota for template
$quota = array();
$quota['used'] = $used;
$quota['limit'] = $limit;
$quota['desc'] = $quotaDesc;
$quota['warning'] = $limit && round($used / $limit, 1) * 100 >= 90 ? t('WARNING:') : '';
// 10485760 bytes = 100MB
$path = trim(str_replace('cloud/' . $this->auth->owner_nick, '', $path), '/');
$output .= replace_macros(get_markup_template('cloud_actionspanel.tpl'), array('$folder_header' => t('Create new folder'), '$folder_submit' => t('Create'), '$upload_header' => t('Upload file'), '$upload_submit' => t('Upload'), '$quota' => $quota, '$channick' => $this->auth->owner_nick, '$aclselect' => $aclselect, '$allow_cid' => acl2json($channel_acl['allow_cid']), '$allow_gid' => acl2json($channel_acl['allow_gid']), '$deny_cid' => acl2json($channel_acl['deny_cid']), '$deny_gid' => acl2json($channel_acl['deny_gid']), '$lockstate' => $lockstate, '$return_url' => \App::$cmd, '$path' => $path, '$folder' => find_folder_hash_by_path($this->auth->owner_id, $path), '$dragdroptext' => t('Drop files here to immediately upload')));
}
/**
* @brief Updates the data of the file.
*
* @param resource $data
* @return void
*/
public function put($data)
{
logger('put file: ' . basename($this->name), LOGGER_DEBUG);
$size = 0;
// @todo only 3 values are needed
$c = q("SELECT * FROM channel WHERE channel_id = %d AND channel_removed = 0 LIMIT 1", intval($this->auth->owner_id));
$is_photo = false;
$album = '';
$r = q("SELECT flags, folder, os_storage, filename, is_photo FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($this->data['hash']), intval($c[0]['channel_id']));
if ($r) {
if (intval($r[0]['os_storage'])) {
$d = q("select folder, data from attach where hash = '%s' and uid = %d limit 1", dbesc($this->data['hash']), intval($c[0]['channel_id']));
if ($d) {
if ($d[0]['folder']) {
$f1 = q("select * from attach where is_dir = 1 and hash = '%s' and uid = %d limit 1", dbesc($d[0]['folder']), intval($c[0]['channel_id']));
if ($f1) {
$album = $f1[0]['filename'];
$direct = $f1[0];
}
}
$fname = dbunescbin($d[0]['data']);
$f = 'store/' . $this->auth->owner_nick . '/' . ($fname ? $fname : '');
// @todo check return value and set $size directly
@file_put_contents($f, $data);
$size = @filesize($f);
logger('filename: ' . $f . ' size: ' . $size, LOGGER_DEBUG);
}
$gis = @getimagesize($f);
logger('getimagesize: ' . print_r($gis, true), LOGGER_DATA);
if ($gis && ($gis[2] === IMAGETYPE_GIF || $gis[2] === IMAGETYPE_JPEG || $gis[2] === IMAGETYPE_PNG)) {
$is_photo = 1;
}
} else {
// this shouldn't happen any more
$r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d", dbescbin(stream_get_contents($data)), dbesc($this->data['hash']), intval($this->data['uid']));
$r = q("SELECT length(data) AS fsize FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($this->data['hash']), intval($this->data['uid']));
if ($r) {
$size = $r[0]['fsize'];
}
}
}
// returns now()
$edited = datetime_convert();
$d = q("UPDATE attach SET filesize = '%s', is_photo = %d, edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($size), intval($is_photo), dbesc($edited), dbesc($this->data['hash']), intval($c[0]['channel_id']));
if ($is_photo) {
require_once 'include/photos.php';
$args = array('resource_id' => $this->data['hash'], 'album' => $album, 'os_path' => $f, 'filename' => $r[0]['filename'], 'getimagesize' => $gis, 'directory' => $direct);
$p = photo_upload($c[0], get_app()->get_observer(), $args);
}
// update the folder's lastmodified timestamp
$e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($edited), dbesc($r[0]['folder']), intval($c[0]['channel_id']));
// @todo do we really want to remove the whole file if an update fails
// because of maxfilesize or quota?
// There is an Exception "InsufficientStorage" or "PaymentRequired" for
// our service class from SabreDAV we could use.
$maxfilesize = get_config('system', 'maxfilesize');
if ($maxfilesize && $size > $maxfilesize) {
attach_delete($c[0]['channel_id'], $this->data['hash']);
return;
}
$limit = service_class_fetch($c[0]['channel_id'], 'attach_upload_limit');
if ($limit !== false) {
$x = q("select sum(filesize) as total from attach where aid = %d ", intval($c[0]['channel_account_id']));
if ($x && $x[0]['total'] + $size > $limit) {
logger('service class limit exceeded for ' . $c[0]['channel_name'] . ' total usage is ' . $x[0]['total'] . ' limit is ' . $limit);
attach_delete($c[0]['channel_id'], $this->data['hash']);
return;
}
}
}
function wall_upload_post(&$a)
{
logger("wall upload: starting new upload", LOGGER_DEBUG);
if ($a->argc > 1) {
if (!x($_FILES, 'media')) {
$nick = $a->argv[1];
$r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($nick));
if (!count($r)) {
return;
}
} else {
$user_info = api_get_user($a);
$r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($user_info['screen_name']));
}
} else {
return;
}
$can_post = false;
$visitor = 0;
$page_owner_uid = $r[0]['uid'];
$default_cid = $r[0]['id'];
$page_owner_nick = $r[0]['nickname'];
$community_page = $r[0]['page-flags'] == PAGE_COMMUNITY ? true : false;
if (local_user() && local_user() == $page_owner_uid) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
$cid = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $page_owner_uid) {
$cid = $v['cid'];
break;
}
}
}
if ($cid) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($cid), intval($page_owner_uid));
if (count($r)) {
$can_post = true;
$visitor = $cid;
}
}
}
}
if (!$can_post) {
notice(t('Permission denied.') . EOL);
killme();
}
if (!x($_FILES, 'userfile') && !x($_FILES, 'media')) {
killme();
}
if (x($_FILES, 'userfile')) {
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$filetype = $_FILES['userfile']['type'];
} elseif (x($_FILES, 'media')) {
$src = $_FILES['media']['tmp_name'];
$filename = basename($_FILES['media']['name']);
$filesize = intval($_FILES['media']['size']);
$filetype = $_FILES['media']['type'];
}
if ($filetype == "") {
$filetype = guess_image_type($filename);
}
$maximagesize = get_config('system', 'maximagesize');
if ($maximagesize && $filesize > $maximagesize) {
echo sprintf(t('Image exceeds size limit of %d'), $maximagesize) . EOL;
@unlink($src);
killme();
}
$r = q("select sum(octet_length(data)) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ", intval($page_owner_uid));
$limit = service_class_fetch($page_owner_uid, 'photo_upload_limit');
if ($limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) {
echo upgrade_message(true) . EOL;
@unlink($src);
killme();
}
$imagedata = @file_get_contents($src);
$ph = new Photo($imagedata, $filetype);
if (!$ph->is_valid()) {
echo t('Unable to process image.') . EOL;
@unlink($src);
killme();
}
$ph->orient($src);
@unlink($src);
$max_length = get_config('system', 'max_image_length');
if (!$max_length) {
$max_length = MAX_IMAGE_LENGTH;
}
if ($max_length > 0) {
$ph->scaleImage($max_length);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$hash = photo_new_resource();
$smallest = 0;
$defperm = '<' . $default_cid . '>';
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, $defperm);
if (!$r) {
echo t('Image upload failed.') . EOL;
killme();
}
if ($width > 640 || $height > 640) {
$ph->scaleImage(640);
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, $defperm);
if ($r) {
$smallest = 1;
}
}
if ($width > 320 || $height > 320) {
$ph->scaleImage(320);
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, $defperm);
if ($r) {
$smallest = 2;
}
}
$basename = basename($filename);
/* mod Waitman Gobble NO WARRANTY */
//if we get the signal then return the image url info in BBCODE, otherwise this outputs the info and bails (for the ajax image uploader on wall post)
if ($_REQUEST['hush'] != 'yeah') {
if (local_user() && (!feature_enabled(local_user(), 'richtext') || x($_REQUEST['nomce']))) {
echo "\n\n" . '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "[/img][/url]\n\n";
} else {
echo '<br /><br /><a href="' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '" ><img src="' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "\" alt=\"{$basename}\" /></a><br /><br />";
}
} else {
$m = '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "[/img][/url]";
return $m;
}
/* mod Waitman Gobble NO WARRANTY */
killme();
// NOTREACHED
}
/**
* @brief
*
* @param $channel channel array of owner
* @param $observer_hash hash of current observer
* @param $options (optional)
* @param $arr (optional)
*/
function attach_store($channel, $observer_hash, $options = '', $arr = null)
{
$ret = array('success' => false);
$channel_id = $channel['channel_id'];
$sql_options = '';
if (!perm_is_allowed($channel_id, get_observer_hash(), 'write_storage')) {
$ret['message'] = t('Permission denied.');
return $ret;
}
// The 'update' option sets db values without uploading a new attachment
// 'replace' replaces the existing uploaded data
// 'revision' creates a new revision with new upload data
// Default is to upload a new file
// revise or update must provide $arr['hash'] of the thing to revise/update
if ($options !== 'update') {
if (!x($_FILES, 'userfile')) {
$ret['message'] = t('No source file.');
return $ret;
}
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
}
$existing_size = 0;
if ($options === 'replace') {
$x = q("select id, hash, filesize from attach where id = %d and uid = %d limit 1", intval($replace), intval($channel_id));
if (!$x) {
$ret['message'] = t('Cannot locate file to replace');
return $ret;
}
$existing_id = $x[0]['id'];
$existing_size = intval($x[0]['filesize']);
$hash = $x[0]['hash'];
}
if ($options === 'revise' || $options === 'update') {
$sql_options = " order by revision desc ";
if ($options === 'update' && $arr && array_key_exists('revision', $arr)) {
$sql_options = " and revision = " . intval($arr['revision']) . " ";
}
$x = q("select id, aid, uid, filename, filetype, filesize, hash, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where hash = '%s' and uid = %d {$sql_options} limit 1", dbesc($arr['hash']), intval($channel_id));
if (!$x) {
$ret['message'] = t('Cannot locate file to revise/update');
return $ret;
}
$hash = $x[0]['hash'];
}
// Check storage limits
if ($options !== 'update') {
$maxfilesize = get_config('system', 'maxfilesize');
if ($maxfilesize && $filesize > $maxfilesize) {
$ret['message'] = sprintf(t('File exceeds size limit of %d'), $maxfilesize);
@unlink($src);
return $ret;
}
$limit = service_class_fetch($channel_id, 'attach_upload_limit');
if ($limit !== false) {
$r = q("select sum(filesize) as total from attach where aid = %d ", intval($channel['channel_account_id']));
if ($r && $r[0]['total'] + $filesize > $limit - $existing_size) {
$ret['message'] = upgrade_message(true) . sprintf(t("You have reached your limit of %1\$.0f Mbytes attachment storage."), $limit / 1024000);
@unlink($src);
return $ret;
}
}
$mimetype = z_mime_content_type($filename);
}
if (!isset($hash)) {
$hash = random_string();
}
$created = datetime_convert();
if ($options === 'replace') {
$r = q("update attach set filename = '%s', filetype = '%s', filesize = %d, data = '%s', edited = '%s' where id = %d and uid = %d limit 1", dbesc($filename), dbesc($mimetype), intval($filesize), dbesc(@file_get_contents($src)), dbesc($created), intval($existing_id), intval($channel_id));
} elseif ($options === 'revise') {
$r = q("insert into attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($x[0]['aid']), intval($channel_id), dbesc($x[0]['hash']), dbesc(get_observer_hash()), dbesc($filename), dbesc($mimetype), intval($filesize), intval($x[0]['revision'] + 1), dbesc(@file_get_contents($src)), dbesc($created), dbesc($created), dbesc($x[0]['allow_cid']), dbesc($x[0]['allow_gid']), dbesc($x[0]['deny_cid']), dbesc($x[0]['deny_gid']));
} elseif ($options === 'update') {
$r = q("update attach set filename = '%s', filetype = '%s', edited = '%s', \n\t\t\tallow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d limit 1", dbesc(array_key_exists('filename', $arr) ? $arr['filename'] : $x[0]['filename']), dbesc(array_key_exists('filetype', $arr) ? $arr['filetype'] : $x[0]['filetype']), dbesc($created), dbesc(array_key_exists('allow_cid', $arr) ? $arr['allow_cid'] : $x[0]['allow_cid']), dbesc(array_key_exists('allow_gid', $arr) ? $arr['allow_gid'] : $x[0]['allow_gid']), dbesc(array_key_exists('deny_cid', $arr) ? $arr['deny_cid'] : $x[0]['deny_cid']), dbesc(array_key_exists('deny_gid', $arr) ? $arr['deny_gid'] : $x[0]['deny_gid']), intval($x[0]['id']), intval($x[0]['uid']));
} else {
$r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid,deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel_id), dbesc($hash), dbesc(get_observer_hash()), dbesc($filename), dbesc($mimetype), intval($filesize), intval(0), dbesc(@file_get_contents($src)), dbesc($created), dbesc($created), dbesc($arr && array_key_exists('allow_cid', $arr) ? $arr['allow_cid'] : '<' . $channel['channel_hash'] . '>'), dbesc($arr && array_key_exists('allow_gid', $arr) ? $arr['allow_gid'] : ''), dbesc($arr && array_key_exists('deny_cid', $arr) ? $arr['deny_cid'] : ''), dbesc($arr && array_key_exists('deny_gid', $arr) ? $arr['deny_gid'] : ''));
}
if ($options !== 'update') {
@unlink($src);
}
if (!$r) {
$ret['message'] = t('File upload failed. Possible system limit or action terminated.');
return $ret;
}
// Caution: This re-uses $sql_options set further above
$r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' {$sql_options} limit 1", intval($channel_id), dbesc($hash));
if (!$r) {
$ret['message'] = t('Stored file could not be verified. Upload failed.');
return $ret;
}
$ret['success'] = true;
$ret['data'] = $r[0];
return $ret;
}
public static function run($argc, $argv)
{
cli_startup();
// perform final cleanup on previously delete items
$r = q("select id from item where item_deleted = 1 and item_pending_remove = 0 and changed < %s - INTERVAL %s", db_utcnow(), db_quoteinterval('10 DAY'));
if ($r) {
foreach ($r as $rr) {
drop_item($rr['id'], false, DROPITEM_PHASE2);
}
}
// physically remove anything that has been deleted for more than two months
/** @FIXME - this is a wretchedly inefficient query */
$r = q("delete from item where item_pending_remove = 1 and changed < %s - INTERVAL %s", db_utcnow(), db_quoteinterval('36 DAY'));
/** @FIXME make this optional as it could have a performance impact on large sites */
if (intval(get_config('system', 'optimize_items'))) {
q("optimize table item");
}
logger('expire: start', LOGGER_DEBUG);
$site_expire = get_config('system', 'default_expire_days');
logger('site_expire: ' . $site_expire);
$r = q("SELECT channel_id, channel_system, channel_address, channel_expire_days from channel where true");
if ($r) {
foreach ($r as $rr) {
// expire the sys channel separately
if (intval($rr['channel_system'])) {
continue;
}
// service class default (if non-zero) over-rides the site default
$service_class_expire = service_class_fetch($rr['channel_id'], 'expire_days');
if (intval($service_class_expire)) {
$channel_expire = $service_class_expire;
} else {
$channel_expire = $site_expire;
}
if (intval($channel_expire) && intval($channel_expire) < intval($rr['channel_expire_days']) || intval($rr['channel_expire_days'] == 0)) {
$expire_days = $channel_expire;
} else {
$expire_days = $rr['channel_expire_days'];
}
// if the site or service class expiration is non-zero and less than person expiration, use that
logger('Expire: ' . $rr['channel_address'] . ' interval: ' . $expire_days, LOGGER_DEBUG);
item_expire($rr['channel_id'], $expire_days);
}
}
$x = get_sys_channel();
if ($x) {
// this should probably just fetch the channel_expire_days from the sys channel,
// but there's no convenient way to set it.
$expire_days = get_config('system', 'sys_expire_days');
if ($expire_days === false) {
$expire_days = 30;
}
if (intval($site_expire) && intval($site_expire) < intval($expire_days)) {
$expire_days = $site_expire;
}
logger('Expire: sys interval: ' . $expire_days, LOGGER_DEBUG);
if ($expire_days) {
item_expire($x['channel_id'], $expire_days);
}
logger('Expire: sys: done', LOGGER_DEBUG);
}
}
function item_check_service_class($channel_id, $iswebpage)
{
$ret = array('success' => false, 'message' => '');
if ($iswebpage) {
// note: we aren't counting comanche templates and blocks, only webpages
$r = q("select count(id) as total from item where parent = id \n\t\t\tand ( item_restrict & %d ) > 0 and ( item_restrict & %d ) = 0 and uid = %d ", intval(ITEM_WEBPAGE), intval(ITEM_DELETED), intval($channel_id));
} else {
$r = q("select count(id) as total from item where parent = id and item_restrict = 0 and (item_flags & %d) > 0 and uid = %d ", intval(ITEM_WALL), intval($channel_id));
}
if (!$r) {
$ret['message'] = t('Unable to obtain post information from database.');
return $ret;
}
if (!$iswebpage) {
$max = service_class_fetch($channel_id, 'total_items');
if (!service_class_allows($channel_id, 'total_items', $r[0]['total'])) {
$result['message'] .= upgrade_message() . sprintf(t('You have reached your limit of %1$.0f top level posts.'), $max);
return $result;
}
} else {
$max = service_class_fetch($channel_id, 'total_pages');
if (!service_class_allows($channel_id, 'total_pages', $r[0]['total'])) {
$result['message'] .= upgrade_message() . sprintf(t('You have reached your limit of %1$.0f webpages.'), $max);
return $result;
}
}
$ret['success'] = true;
return $ret;
}
function post()
{
if (!local_channel()) {
return;
}
if ($_SESSION['delegate']) {
return;
}
$channel = \App::get_channel();
logger('mod_settings: ' . print_r($_REQUEST, true));
if (argc() > 1 && argv(1) === 'oauth' && x($_POST, 'remove')) {
check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
$key = $_POST['remove'];
q("DELETE FROM tokens WHERE id='%s' AND uid=%d", dbesc($key), local_channel());
goaway(z_root() . "/settings/oauth/");
return;
}
if (argc() > 2 && argv(1) === 'oauth' && (argv(2) === 'edit' || argv(2) === 'add') && x($_POST, 'submit')) {
check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
$name = x($_POST, 'name') ? $_POST['name'] : '';
$key = x($_POST, 'key') ? $_POST['key'] : '';
$secret = x($_POST, 'secret') ? $_POST['secret'] : '';
$redirect = x($_POST, 'redirect') ? $_POST['redirect'] : '';
$icon = x($_POST, 'icon') ? $_POST['icon'] : '';
$ok = true;
if ($name == '') {
$ok = false;
notice(t('Name is required') . EOL);
}
if ($key == '' || $secret == '') {
$ok = false;
notice(t('Key and Secret are required') . EOL);
}
if ($ok) {
if ($_POST['submit'] == t("Update")) {
$r = q("UPDATE clients SET\n\t\t\t\t\t\t\t\tclient_id='%s',\n\t\t\t\t\t\t\t\tpw='%s',\n\t\t\t\t\t\t\t\tclname='%s',\n\t\t\t\t\t\t\t\tredirect_uri='%s',\n\t\t\t\t\t\t\t\ticon='%s',\n\t\t\t\t\t\t\t\tuid=%d\n\t\t\t\t\t\t\tWHERE client_id='%s'", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), intval(local_channel()), dbesc($key));
} else {
$r = q("INSERT INTO clients (client_id, pw, clname, redirect_uri, icon, uid)\n\t\t\t\t\t\tVALUES ('%s','%s','%s','%s','%s',%d)", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), intval(local_channel()));
$r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ", dbesc($key), intval(local_channel()), dbesc('all'));
}
}
goaway(z_root() . "/settings/oauth/");
return;
}
if (argc() > 1 && argv(1) == 'featured') {
check_form_security_token_redirectOnErr('/settings/featured', 'settings_featured');
call_hooks('feature_settings_post', $_POST);
build_sync_packet();
return;
}
if (argc() > 1 && argv(1) == 'tokens') {
check_form_security_token_redirectOnErr('/settings/tokens', 'settings_tokens');
$token_errs = 0;
if (array_key_exists('token', $_POST)) {
$atoken_id = $_POST['atoken_id'] ? intval($_POST['atoken_id']) : 0;
$name = trim(escape_tags($_POST['name']));
$token = trim($_POST['token']);
if (!$name || !$token) {
$token_errs++;
}
if (trim($_POST['expires'])) {
$expires = datetime_convert(date_default_timezone_get(), 'UTC', $_POST['expires']);
} else {
$expires = NULL_DATE;
}
$max_atokens = service_class_fetch(local_channel(), 'access_tokens');
if ($max_atokens) {
$r = q("select count(atoken_id) as total where atoken_uid = %d", intval(local_channel()));
if ($r && intval($r[0]['total']) >= $max_tokens) {
notice(sprintf(t('This channel is limited to %d tokens'), $max_tokens) . EOL);
return;
}
}
}
if ($token_errs) {
notice(t('Name and Password are required.') . EOL);
return;
}
if ($atoken_id) {
$r = q("update atoken set atoken_name = '%s', atoken_token = '%s' atoken_expires = '%s' \n\t\t\t\t\twhere atoken_id = %d and atoken_uid = %d", dbesc($name), dbesc($token), dbesc($expires), intval($atoken_id), intval($channel['channel_id']));
} else {
$r = q("insert into atoken ( atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expires )\n\t\t\t\t\tvalues ( %d, %d, '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel['channel_id']), dbesc($name), dbesc($token), dbesc($expires));
}
info(t('Token saved.') . EOL);
return;
}
if (argc() > 1 && argv(1) === 'features') {
check_form_security_token_redirectOnErr('/settings/features', 'settings_features');
// Build list of features and check which are set
$features = get_features();
$all_features = array();
foreach ($features as $k => $v) {
foreach ($v as $f) {
$all_features[] = $f[0];
}
}
foreach ($all_features as $k) {
if (x($_POST, "feature_{$k}")) {
set_pconfig(local_channel(), 'feature', $k, 1);
} else {
set_pconfig(local_channel(), 'feature', $k, 0);
}
}
build_sync_packet();
return;
}
if (argc() > 1 && argv(1) == 'display') {
check_form_security_token_redirectOnErr('/settings/display', 'settings_display');
$theme = x($_POST, 'theme') ? notags(trim($_POST['theme'])) : \App::$channel['channel_theme'];
$mobile_theme = x($_POST, 'mobile_theme') ? notags(trim($_POST['mobile_theme'])) : '';
$preload_images = x($_POST, 'preload_images') ? intval($_POST['preload_images']) : 0;
$user_scalable = x($_POST, 'user_scalable') ? intval($_POST['user_scalable']) : 0;
$nosmile = x($_POST, 'nosmile') ? intval($_POST['nosmile']) : 0;
$title_tosource = x($_POST, 'title_tosource') ? intval($_POST['title_tosource']) : 0;
$channel_list_mode = x($_POST, 'channel_list_mode') ? intval($_POST['channel_list_mode']) : 0;
$network_list_mode = x($_POST, 'network_list_mode') ? intval($_POST['network_list_mode']) : 0;
$channel_divmore_height = x($_POST, 'channel_divmore_height') ? intval($_POST['channel_divmore_height']) : 400;
if ($channel_divmore_height < 50) {
$channel_divmore_height = 50;
}
$network_divmore_height = x($_POST, 'network_divmore_height') ? intval($_POST['network_divmore_height']) : 400;
if ($network_divmore_height < 50) {
$network_divmore_height = 50;
}
$browser_update = x($_POST, 'browser_update') ? intval($_POST['browser_update']) : 0;
$browser_update = $browser_update * 1000;
if ($browser_update < 10000) {
$browser_update = 10000;
}
$itemspage = x($_POST, 'itemspage') ? intval($_POST['itemspage']) : 20;
if ($itemspage > 100) {
$itemspage = 100;
}
if ($mobile_theme == "---") {
del_pconfig(local_channel(), 'system', 'mobile_theme');
} else {
set_pconfig(local_channel(), 'system', 'mobile_theme', $mobile_theme);
}
set_pconfig(local_channel(), 'system', 'preload_images', $preload_images);
set_pconfig(local_channel(), 'system', 'user_scalable', $user_scalable);
set_pconfig(local_channel(), 'system', 'update_interval', $browser_update);
set_pconfig(local_channel(), 'system', 'itemspage', $itemspage);
set_pconfig(local_channel(), 'system', 'no_smilies', 1 - intval($nosmile));
set_pconfig(local_channel(), 'system', 'title_tosource', $title_tosource);
set_pconfig(local_channel(), 'system', 'channel_list_mode', $channel_list_mode);
set_pconfig(local_channel(), 'system', 'network_list_mode', $network_list_mode);
set_pconfig(local_channel(), 'system', 'channel_divmore_height', $channel_divmore_height);
set_pconfig(local_channel(), 'system', 'network_divmore_height', $network_divmore_height);
if ($theme == \App::$channel['channel_theme']) {
// call theme_post only if theme has not been changed
if (($themeconfigfile = $this->get_theme_config_file($theme)) != null) {
require_once $themeconfigfile;
theme_post($a);
}
}
$r = q("UPDATE channel SET channel_theme = '%s' WHERE channel_id = %d", dbesc($theme), intval(local_channel()));
call_hooks('display_settings_post', $_POST);
build_sync_packet();
goaway(z_root() . '/settings/display');
return;
// NOTREACHED
}
if (argc() > 1 && argv(1) === 'account') {
check_form_security_token_redirectOnErr('/settings/account', 'settings_account');
call_hooks('account_settings_post', $_POST);
// call_hooks('settings_account', $_POST);
$errs = array();
$email = x($_POST, 'email') ? trim(notags($_POST['email'])) : '';
$account = \App::get_account();
if ($email != $account['account_email']) {
if (!valid_email($email)) {
$errs[] = t('Not valid email.');
}
$adm = trim(get_config('system', 'admin_email'));
if ($adm && strcasecmp($email, $adm) == 0) {
$errs[] = t('Protected email address. Cannot change to that email.');
$email = \App::$user['email'];
}
if (!$errs) {
$r = q("update account set account_email = '%s' where account_id = %d", dbesc($email), intval($account['account_id']));
if (!$r) {
$errs[] = t('System failure storing new email. Please try again.');
}
}
}
if ($errs) {
foreach ($errs as $err) {
notice($err . EOL);
}
$errs = array();
}
if (x($_POST, 'npassword') || x($_POST, 'confirm')) {
$origpass = trim($_POST['origpass']);
require_once 'include/auth.php';
if (!account_verify_password($email, $origpass)) {
$errs[] = t('Password verification failed.');
}
$newpass = trim($_POST['npassword']);
$confirm = trim($_POST['confirm']);
if ($newpass != $confirm) {
$errs[] = t('Passwords do not match. Password unchanged.');
}
if (!x($newpass) || !x($confirm)) {
$errs[] = t('Empty passwords are not allowed. Password unchanged.');
}
if (!$errs) {
$salt = random_string(32);
$password_encoded = hash('whirlpool', $salt . $newpass);
$r = q("update account set account_salt = '%s', account_password = '******', account_password_changed = '%s' \n\t\t\t\t\t\twhere account_id = %d", dbesc($salt), dbesc($password_encoded), dbesc(datetime_convert()), intval(get_account_id()));
if ($r) {
info(t('Password changed.') . EOL);
} else {
$errs[] = t('Password update failed. Please try again.');
}
}
}
if ($errs) {
foreach ($errs as $err) {
notice($err . EOL);
}
}
goaway(z_root() . '/settings/account');
}
check_form_security_token_redirectOnErr('/settings', 'settings');
call_hooks('settings_post', $_POST);
$set_perms = '';
$role = x($_POST, 'permissions_role') ? notags(trim($_POST['permissions_role'])) : '';
$oldrole = get_pconfig(local_channel(), 'system', 'permissions_role');
if ($role != $oldrole || $role === 'custom') {
if ($role === 'custom') {
$hide_presence = x($_POST, 'hide_presence') && intval($_POST['hide_presence']) == 1 ? 1 : 0;
$publish = x($_POST, 'profile_in_directory') && intval($_POST['profile_in_directory']) == 1 ? 1 : 0;
$def_group = x($_POST, 'group-selection') ? notags(trim($_POST['group-selection'])) : '';
$r = q("update channel set channel_default_group = '%s' where channel_id = %d", dbesc($def_group), intval(local_channel()));
$global_perms = get_perms();
foreach ($global_perms as $k => $v) {
$set_perms .= ', ' . $v[0] . ' = ' . intval($_POST[$k]) . ' ';
}
$acl = new \Zotlabs\Access\AccessList($channel);
$acl->set_from_array($_POST);
$x = $acl->get();
$r = q("update channel set channel_allow_cid = '%s', channel_allow_gid = '%s', \n\t\t\t\t\tchannel_deny_cid = '%s', channel_deny_gid = '%s' where channel_id = %d", dbesc($x['allow_cid']), dbesc($x['allow_gid']), dbesc($x['deny_cid']), dbesc($x['deny_gid']), intval(local_channel()));
} else {
$role_permissions = get_role_perms($_POST['permissions_role']);
if (!$role_permissions) {
notice('Permissions category could not be found.');
return;
}
$hide_presence = 1 - intval($role_permissions['online']);
if ($role_permissions['default_collection']) {
$r = q("select hash from groups where uid = %d and gname = '%s' limit 1", intval(local_channel()), dbesc(t('Friends')));
if (!$r) {
require_once 'include/group.php';
group_add(local_channel(), t('Friends'));
group_add_member(local_channel(), t('Friends'), $channel['channel_hash']);
$r = q("select hash from groups where uid = %d and gname = '%s' limit 1", intval(local_channel()), dbesc(t('Friends')));
}
if ($r) {
q("update channel set channel_default_group = '%s', channel_allow_gid = '%s', channel_allow_cid = '', channel_deny_gid = '', channel_deny_cid = '' where channel_id = %d", dbesc($r[0]['hash']), dbesc('<' . $r[0]['hash'] . '>'), intval(local_channel()));
} else {
notice(sprintf('Default privacy group \'%s\' not found. Please create and re-submit permission change.', t('Friends')) . EOL);
return;
}
} else {
q("update channel set channel_default_group = '', channel_allow_gid = '', channel_allow_cid = '', channel_deny_gid = '', \n\t\t\t\t\t\tchannel_deny_cid = '' where channel_id = %d", intval(local_channel()));
}
$r = q("update abook set abook_my_perms = %d where abook_channel = %d and abook_self = 1", intval(array_key_exists('perms_accept', $role_permissions) ? $role_permissions['perms_accept'] : 0), intval(local_channel()));
set_pconfig(local_channel(), 'system', 'autoperms', $role_permissions['perms_auto'] ? intval($role_permissions['perms_accept']) : 0);
foreach ($role_permissions as $p => $v) {
if (strpos($p, 'channel_') !== false) {
$set_perms .= ', ' . $p . ' = ' . intval($v) . ' ';
}
if ($p === 'directory_publish') {
$publish = intval($v);
}
}
}
set_pconfig(local_channel(), 'system', 'hide_online_status', $hide_presence);
set_pconfig(local_channel(), 'system', 'permissions_role', $role);
}
$username = x($_POST, 'username') ? notags(trim($_POST['username'])) : '';
$timezone = x($_POST, 'timezone_select') ? notags(trim($_POST['timezone_select'])) : '';
$defloc = x($_POST, 'defloc') ? notags(trim($_POST['defloc'])) : '';
$openid = x($_POST, 'openid_url') ? notags(trim($_POST['openid_url'])) : '';
$maxreq = x($_POST, 'maxreq') ? intval($_POST['maxreq']) : 0;
$expire = x($_POST, 'expire') ? intval($_POST['expire']) : 0;
$evdays = x($_POST, 'evdays') ? intval($_POST['evdays']) : 3;
$photo_path = x($_POST, 'photo_path') ? escape_tags(trim($_POST['photo_path'])) : '';
$attach_path = x($_POST, 'attach_path') ? escape_tags(trim($_POST['attach_path'])) : '';
$channel_menu = x($_POST['channel_menu']) ? htmlspecialchars_decode(trim($_POST['channel_menu']), ENT_QUOTES) : '';
$expire_items = x($_POST, 'expire_items') ? intval($_POST['expire_items']) : 0;
$expire_starred = x($_POST, 'expire_starred') ? intval($_POST['expire_starred']) : 0;
$expire_photos = x($_POST, 'expire_photos') ? intval($_POST['expire_photos']) : 0;
$expire_network_only = x($_POST, 'expire_network_only') ? intval($_POST['expire_network_only']) : 0;
$allow_location = x($_POST, 'allow_location') && intval($_POST['allow_location']) == 1 ? 1 : 0;
$blocktags = x($_POST, 'blocktags') && intval($_POST['blocktags']) == 1 ? 0 : 1;
// this setting is inverted!
$unkmail = x($_POST, 'unkmail') && intval($_POST['unkmail']) == 1 ? 1 : 0;
$cntunkmail = x($_POST, 'cntunkmail') ? intval($_POST['cntunkmail']) : 0;
$suggestme = x($_POST, 'suggestme') ? intval($_POST['suggestme']) : 0;
$post_newfriend = $_POST['post_newfriend'] == 1 ? 1 : 0;
$post_joingroup = $_POST['post_joingroup'] == 1 ? 1 : 0;
$post_profilechange = $_POST['post_profilechange'] == 1 ? 1 : 0;
$adult = $_POST['adult'] == 1 ? 1 : 0;
$cal_first_day = x($_POST, 'first_day') && intval($_POST['first_day']) == 1 ? 1 : 0;
$channel = \App::get_channel();
$pageflags = $channel['channel_pageflags'];
$existing_adult = $pageflags & PAGE_ADULT ? 1 : 0;
if ($adult != $existing_adult) {
$pageflags = $pageflags ^ PAGE_ADULT;
}
$notify = 0;
if (x($_POST, 'notify1')) {
$notify += intval($_POST['notify1']);
}
if (x($_POST, 'notify2')) {
$notify += intval($_POST['notify2']);
}
if (x($_POST, 'notify3')) {
$notify += intval($_POST['notify3']);
}
if (x($_POST, 'notify4')) {
$notify += intval($_POST['notify4']);
}
if (x($_POST, 'notify5')) {
$notify += intval($_POST['notify5']);
}
if (x($_POST, 'notify6')) {
$notify += intval($_POST['notify6']);
}
if (x($_POST, 'notify7')) {
$notify += intval($_POST['notify7']);
}
if (x($_POST, 'notify8')) {
$notify += intval($_POST['notify8']);
}
$vnotify = 0;
if (x($_POST, 'vnotify1')) {
$vnotify += intval($_POST['vnotify1']);
}
if (x($_POST, 'vnotify2')) {
$vnotify += intval($_POST['vnotify2']);
}
if (x($_POST, 'vnotify3')) {
$vnotify += intval($_POST['vnotify3']);
}
if (x($_POST, 'vnotify4')) {
$vnotify += intval($_POST['vnotify4']);
}
if (x($_POST, 'vnotify5')) {
$vnotify += intval($_POST['vnotify5']);
}
if (x($_POST, 'vnotify6')) {
$vnotify += intval($_POST['vnotify6']);
}
if (x($_POST, 'vnotify7')) {
$vnotify += intval($_POST['vnotify7']);
}
if (x($_POST, 'vnotify8')) {
$vnotify += intval($_POST['vnotify8']);
}
if (x($_POST, 'vnotify9')) {
$vnotify += intval($_POST['vnotify9']);
}
if (x($_POST, 'vnotify10')) {
$vnotify += intval($_POST['vnotify10']);
}
if (x($_POST, 'vnotify11')) {
$vnotify += intval($_POST['vnotify11']);
}
$always_show_in_notices = x($_POST, 'always_show_in_notices') ? 1 : 0;
$channel = \App::get_channel();
$err = '';
$name_change = false;
if ($username != $channel['channel_name']) {
$name_change = true;
require_once 'include/channel.php';
$err = validate_channelname($username);
if ($err) {
notice($err);
return;
}
}
if ($timezone != $channel['channel_timezone']) {
if (strlen($timezone)) {
date_default_timezone_set($timezone);
}
}
set_pconfig(local_channel(), 'system', 'use_browser_location', $allow_location);
set_pconfig(local_channel(), 'system', 'suggestme', $suggestme);
set_pconfig(local_channel(), 'system', 'post_newfriend', $post_newfriend);
set_pconfig(local_channel(), 'system', 'post_joingroup', $post_joingroup);
set_pconfig(local_channel(), 'system', 'post_profilechange', $post_profilechange);
set_pconfig(local_channel(), 'system', 'blocktags', $blocktags);
set_pconfig(local_channel(), 'system', 'channel_menu', $channel_menu);
set_pconfig(local_channel(), 'system', 'vnotify', $vnotify);
set_pconfig(local_channel(), 'system', 'always_show_in_notices', $always_show_in_notices);
set_pconfig(local_channel(), 'system', 'evdays', $evdays);
set_pconfig(local_channel(), 'system', 'photo_path', $photo_path);
set_pconfig(local_channel(), 'system', 'attach_path', $attach_path);
set_pconfig(local_channel(), 'system', 'cal_first_day', $cal_first_day);
$r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d {$set_perms} where channel_id = %d", dbesc($username), intval($pageflags), dbesc($timezone), dbesc($defloc), intval($notify), intval($unkmail), intval($maxreq), intval($expire), intval(local_channel()));
if ($r) {
info(t('Settings updated.') . EOL);
}
if (!is_null($publish)) {
$r = q("UPDATE profile SET publish = %d WHERE is_default = 1 AND uid = %d", intval($publish), intval(local_channel()));
}
if ($name_change) {
$r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s' where xchan_hash = '%s'", dbesc($username), dbesc(datetime_convert()), dbesc($channel['channel_hash']));
$r = q("update profile set fullname = '%s' where uid = %d and is_default = 1", dbesc($username), intval($channel['channel_id']));
}
\Zotlabs\Daemon\Master::Summon(array('Directory', local_channel()));
build_sync_packet();
//$_SESSION['theme'] = $theme;
if ($email_changed && \App::$config['system']['register_policy'] == REGISTER_VERIFY) {
// FIXME - set to un-verified, blocked and redirect to logout
// Why? Are we verifying people or email addresses?
}
goaway(z_root() . '/settings');
return;
// NOTREACHED
}
function wall_upload_post(&$a, $desktopmode = true)
{
logger("wall upload: starting new upload", LOGGER_DEBUG);
$r_json = x($_GET, 'response') && $_GET['response'] == 'json';
if ($a->argc > 1) {
if (!x($_FILES, 'media')) {
$nick = $a->argv[1];
$r = q("SELECT `user`.*, `contact`.`id` FROM `user` INNER JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($nick));
if (!count($r)) {
if ($r_json) {
echo json_encode(['error' => t('Invalid request.')]);
killme();
}
return;
}
} else {
$user_info = api_get_user($a);
$r = q("SELECT `user`.*, `contact`.`id` FROM `user` INNER JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($user_info['screen_name']));
}
} else {
if ($r_json) {
echo json_encode(['error' => t('Invalid request.')]);
killme();
}
return;
}
$can_post = false;
$visitor = 0;
$page_owner_uid = $r[0]['uid'];
$default_cid = $r[0]['id'];
$page_owner_nick = $r[0]['nickname'];
$community_page = $r[0]['page-flags'] == PAGE_COMMUNITY ? true : false;
if (local_user() && local_user() == $page_owner_uid) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
$cid = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $page_owner_uid) {
$cid = $v['cid'];
break;
}
}
}
if ($cid) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($cid), intval($page_owner_uid));
if (count($r)) {
$can_post = true;
$visitor = $cid;
}
}
}
}
if (!$can_post) {
if ($r_json) {
echo json_encode(['error' => t('Permission denied.')]);
killme();
}
notice(t('Permission denied.') . EOL);
killme();
}
if (!x($_FILES, 'userfile') && !x($_FILES, 'media')) {
if ($r_json) {
echo json_encode(['error' => t('Invalid request.')]);
killme();
}
killme();
}
$src = "";
if (x($_FILES, 'userfile')) {
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$filetype = $_FILES['userfile']['type'];
} elseif (x($_FILES, 'media')) {
if (is_array($_FILES['media']['tmp_name'])) {
$src = $_FILES['media']['tmp_name'][0];
} else {
$src = $_FILES['media']['tmp_name'];
}
if (is_array($_FILES['media']['name'])) {
$filename = basename($_FILES['media']['name'][0]);
} else {
$filename = basename($_FILES['media']['name']);
}
if (is_array($_FILES['media']['size'])) {
$filesize = intval($_FILES['media']['size'][0]);
} else {
$filesize = intval($_FILES['media']['size']);
}
if (is_array($_FILES['media']['type'])) {
$filetype = $_FILES['media']['type'][0];
} else {
$filetype = $_FILES['media']['type'];
}
}
if ($src == "") {
if ($r_json) {
echo json_encode(['error' => t('Invalid request.')]);
killme();
}
notice(t('Invalid request.') . EOL);
killme();
}
// This is a special treatment for picture upload from Twidere
if ($filename == "octet-stream" and $filetype != "") {
$filename = $filetype;
$filetype = "";
}
if ($filetype == "") {
$filetype = guess_image_type($filename);
}
// If there is a temp name, then do a manual check
// This is more reliable than the provided value
$imagedata = getimagesize($src);
if ($imagedata) {
$filetype = $imagedata['mime'];
}
logger("File upload src: " . $src . " - filename: " . $filename . " - size: " . $filesize . " - type: " . $filetype, LOGGER_DEBUG);
$maximagesize = get_config('system', 'maximagesize');
if ($maximagesize && $filesize > $maximagesize) {
$msg = sprintf(t('Image exceeds size limit of %s'), formatBytes($maximagesize));
if ($r_json) {
echo json_encode(['error' => $msg]);
} else {
echo $msg . EOL;
}
@unlink($src);
killme();
}
$r = q("select sum(octet_length(data)) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ", intval($page_owner_uid));
$limit = service_class_fetch($page_owner_uid, 'photo_upload_limit');
if ($limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) {
$msg = upgrade_message(true);
if ($r_json) {
echo json_encode(['error' => $msg]);
} else {
echo $msg . EOL;
}
@unlink($src);
killme();
}
$imagedata = @file_get_contents($src);
$ph = new Photo($imagedata, $filetype);
if (!$ph->is_valid()) {
$msg = t('Unable to process image.');
if ($r_json) {
echo json_encode(['error' => $msg]);
} else {
echo $msg . EOL;
}
@unlink($src);
killme();
}
$ph->orient($src);
@unlink($src);
$max_length = get_config('system', 'max_image_length');
if (!$max_length) {
$max_length = MAX_IMAGE_LENGTH;
}
if ($max_length > 0) {
$ph->scaleImage($max_length);
logger("File upload: Scaling picture to new size " . $max_length, LOGGER_DEBUG);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$hash = photo_new_resource();
$smallest = 0;
$defperm = '<' . $default_cid . '>';
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, $defperm);
if (!$r) {
$msg = t('Image upload failed.');
if ($r_json) {
echo json_encode(['error' => $msg]);
} else {
echo $msg . EOL;
}
killme();
}
if ($width > 640 || $height > 640) {
$ph->scaleImage(640);
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, $defperm);
if ($r) {
$smallest = 1;
}
}
if ($width > 320 || $height > 320) {
$ph->scaleImage(320);
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, $defperm);
if ($r and $smallest == 0) {
$smallest = 2;
}
}
$basename = basename($filename);
if (!$desktopmode) {
$r = q("SELECT `id`, `datasize`, `width`, `height`, `type` FROM `photo` WHERE `resource-id` = '%s' ORDER BY `width` DESC LIMIT 1", $hash);
if (!$r) {
if ($r_json) {
echo json_encode(['error' => '']);
killme();
}
return false;
}
$picture = array();
$picture["id"] = $r[0]["id"];
$picture["size"] = $r[0]["datasize"];
$picture["width"] = $r[0]["width"];
$picture["height"] = $r[0]["height"];
$picture["type"] = $r[0]["type"];
$picture["albumpage"] = $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash;
$picture["picture"] = $a->get_baseurl() . "/photo/{$hash}-0." . $ph->getExt();
$picture["preview"] = $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt();
if ($r_json) {
echo json_encode(['picture' => $picture]);
killme();
}
return $picture;
}
if ($r_json) {
echo json_encode(['ok' => true]);
killme();
}
/* mod Waitman Gobble NO WARRANTY */
//if we get the signal then return the image url info in BBCODE, otherwise this outputs the info and bails (for the ajax image uploader on wall post)
if ($_REQUEST['hush'] != 'yeah') {
if (local_user() && (!feature_enabled(local_user(), 'richtext') || x($_REQUEST['nomce']))) {
echo "\n\n" . '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "[/img][/url]\n\n";
} else {
echo '<br /><br /><a href="' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '" ><img src="' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "\" alt=\"{$basename}\" /></a><br /><br />";
}
} else {
$m = '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "[/img][/url]";
return $m;
}
/* mod Waitman Gobble NO WARRANTY */
killme();
// NOTREACHED
}
function photos_content(&$a)
{
// URLs:
// photos/name
// photos/name/upload
// photos/name/upload/xxxxx (xxxxx is album name)
// photos/name/album/xxxxx
// photos/name/album/xxxxx/edit
// photos/name/image/xxxxx
// photos/name/image/xxxxx/edit
if (get_config('system', 'block_public') && !local_user() && !remote_user()) {
notice(t('Public access denied.') . EOL);
return;
}
require_once 'include/bbcode.php';
require_once 'include/security.php';
require_once 'include/conversation.php';
if (!x($a->data, 'user')) {
notice(t('No photos selected') . EOL);
return;
}
$phototypes = Photo::supportedTypes();
$_SESSION['photo_return'] = $a->cmd;
//
// Parse arguments
//
if ($a->argc > 3) {
$datatype = $a->argv[2];
$datum = $a->argv[3];
} elseif ($a->argc > 2 && $a->argv[2] === 'upload') {
$datatype = 'upload';
} else {
$datatype = 'summary';
}
if ($a->argc > 4) {
$cmd = $a->argv[4];
} else {
$cmd = 'view';
}
//
// Setup permissions structures
//
$can_post = false;
$visitor = 0;
$contact = null;
$remote_contact = false;
$contact_id = 0;
$owner_uid = $a->data['user']['uid'];
$community_page = $a->data['user']['page-flags'] == PAGE_COMMUNITY ? true : false;
if (local_user() && local_user() == $owner_uid) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($owner_uid));
if (count($r)) {
$can_post = true;
$contact = $r[0];
$remote_contact = true;
$visitor = $cid;
}
}
}
}
// perhaps they're visiting - but not a community page, so they wouldn't have write access
if (remote_user() && !$visitor) {
$contact_id = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id) {
$groups = init_groups_visitor($contact_id);
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($owner_uid));
if (count($r)) {
$contact = $r[0];
$remote_contact = true;
}
}
}
if (!$remote_contact) {
if (local_user()) {
$contact_id = $_SESSION['cid'];
$contact = $a->contact;
}
}
if ($a->data['user']['hidewall'] && local_user() != $owner_uid && !$remote_contact) {
notice(t('Access to this item is restricted.') . EOL);
return;
}
$sql_extra = permissions_sql($owner_uid, $remote_contact, $groups);
$o = "";
// tabs
$_is_owner = local_user() && local_user() == $owner_uid;
$o .= profile_tabs($a, $_is_owner, $a->data['user']['nickname']);
//
// dispatch request
//
if ($datatype === 'upload') {
if (!$can_post) {
notice(t('Permission denied.'));
return;
}
$selname = $datum ? hex2bin($datum) : '';
$albumselect = '';
$albumselect .= '<option value="" ' . (!$selname ? ' selected="selected" ' : '') . '> </option>';
if (count($a->data['albums'])) {
foreach ($a->data['albums'] as $album) {
if ($album['album'] === '' || $album['album'] === 'Contact Photos' || $album['album'] === t('Contact Photos')) {
continue;
}
$selected = $selname === $album['album'] ? ' selected="selected" ' : '';
$albumselect .= '<option value="' . $album['album'] . '"' . $selected . '>' . $album['album'] . '</option>';
}
}
$celeb = $a->user['page-flags'] == PAGE_SOAPBOX || $a->user['page-flags'] == PAGE_COMMUNITY ? true : false;
$uploader = '';
$ret = array('post_url' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'], 'addon_text' => $uploader, 'default_upload' => true);
call_hooks('photo_upload_form', $ret);
$default_upload_box = replace_macros(get_markup_template('photos_default_uploader_box.tpl'), array());
$default_upload_submit = replace_macros(get_markup_template('photos_default_uploader_submit.tpl'), array('$submit' => t('Submit')));
$usage_message = '';
$limit = service_class_fetch($a->data['user']['uid'], 'photo_upload_limit');
if ($limit !== false) {
$r = q("select sum(datasize) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ", intval($a->data['user']['uid']));
$usage_message = sprintf(t("You have used %1\$.2f Mbytes of %2\$.2f Mbytes photo storage."), $r[0]['total'] / 1024000, $limit / 1024000);
}
// Private/public post links for the non-JS ACL form
$private_post = 1;
if ($_REQUEST['public']) {
$private_post = 0;
}
$query_str = $a->query_string;
if (strpos($query_str, 'public=1') !== false) {
$query_str = str_replace(array('?public=1', '&public=1'), array('', ''), $query_str);
}
// I think $a->query_string may never have ? in it, but I could be wrong
// It looks like it's from the index.php?q=[etc] rewrite that the web
// server does, which converts any ? to &, e.g. suggest&ignore=61 for suggest?ignore=61
if (strpos($query_str, '?') === false) {
$public_post_link = '?public=1';
} else {
$public_post_link = '&public=1';
}
$tpl = get_markup_template('photos_upload.tpl');
if ($a->theme['template_engine'] === 'internal') {
$albumselect_e = template_escape($albumselect);
$aclselect_e = $visitor ? '' : template_escape(populate_acl($a->user, $celeb));
} else {
$albumselect_e = $albumselect;
$aclselect_e = $visitor ? '' : populate_acl($a->user, $celeb);
}
$o .= replace_macros($tpl, array('$pagename' => t('Upload Photos'), '$sessid' => session_id(), '$usage' => $usage_message, '$nickname' => $a->data['user']['nickname'], '$newalbum' => t('New album name: '), '$existalbumtext' => t('or existing album name: '), '$nosharetext' => t('Do not show a status post for this upload'), '$albumselect' => $albumselect_e, '$permissions' => t('Permissions'), '$aclselect' => $aclselect_e, '$alt_uploader' => $ret['addon_text'], '$default_upload_box' => $ret['default_upload'] ? $default_upload_box : '', '$default_upload_submit' => $ret['default_upload'] ? $default_upload_submit : '', '$uploadurl' => $ret['post_url'], '$acl_data' => construct_acl_data($a, $a->user), '$group_perms' => t('Show to Groups'), '$contact_perms' => t('Show to Contacts'), '$private' => t('Private Photo'), '$public' => t('Public Photo'), '$is_private' => $private_post, '$return_path' => $query_str, '$public_link' => $public_post_link));
return $o;
}
if ($datatype === 'album') {
$album = hex2bin($datum);
$r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' \n\t\t\tAND `scale` <= 4 {$sql_extra} GROUP BY `resource-id`", intval($owner_uid), dbesc($album));
if (count($r)) {
$a->set_pager_total(count($r));
$a->set_pager_itemspage(20);
}
if ($_GET['order'] === 'posted') {
$order = 'ASC';
} else {
$order = 'DESC';
}
$r = q("SELECT `resource-id`, `id`, `filename`, type, max(`scale`) AS `scale`, `desc` FROM `photo` WHERE `uid` = %d AND `album` = '%s' \n\t\t\tAND `scale` <= 4 {$sql_extra} GROUP BY `resource-id` ORDER BY `created` {$order} LIMIT %d , %d", intval($owner_uid), dbesc($album), intval($a->pager['start']), intval($a->pager['itemspage']));
$o .= '<h3 id="photo-album-title">' . $album . '</h3>';
if ($cmd === 'edit') {
if ($album !== t('Profile Photos') && $album !== 'Contact Photos' && $album !== t('Contact Photos')) {
if ($can_post) {
$edit_tpl = get_markup_template('album_edit.tpl');
if ($a->theme['template_engine'] === 'internal') {
$album_e = template_escape($album);
} else {
$album_e = $album;
}
$o .= replace_macros($edit_tpl, array('$nametext' => t('New album name: '), '$nickname' => $a->data['user']['nickname'], '$album' => $album_e, '$hexalbum' => bin2hex($album), '$submit' => t('Submit'), '$dropsubmit' => t('Delete Album')));
}
}
} else {
if ($album !== t('Profile Photos') && $album !== 'Contact Photos' && $album !== t('Contact Photos')) {
if ($can_post) {
$o .= '<div id="album-edit-link"><a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '/edit' . '">' . t('Edit Album') . '</a></div>';
}
}
}
if ($_GET['order'] === 'posted') {
$o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '" >' . t('Show Newest First') . '</a></div>';
} else {
$o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '?f=&order=posted" >' . t('Show Oldest First') . '</a></div>';
}
if ($can_post) {
$o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/upload/' . bin2hex($album) . '" >' . t('Upload New Photos') . '</a></div>';
}
$tpl = get_markup_template('photo_album.tpl');
if (count($r)) {
$twist = 'rotright';
}
foreach ($r as $rr) {
if ($twist == 'rotright') {
$twist = 'rotleft';
} else {
$twist = 'rotright';
}
$ext = $phototypes[$rr['type']];
if ($a->theme['template_engine'] === 'internal') {
$imgalt_e = template_escape($rr['filename']);
$desc_e = template_escape($rr['desc']);
} else {
$imgalt_e = $rr['filename'];
$desc_e = $rr['desc'];
}
$o .= replace_macros($tpl, array('$id' => $rr['id'], '$twist' => ' ' . $twist . rand(2, 4), '$photolink' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $rr['resource-id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : ''), '$phototitle' => t('View Photo'), '$imgsrc' => $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . $rr['scale'] . '.' . $ext, '$imgalt' => $imgalt_e, '$desc' => $desc_e));
}
$o .= '<div id="photo-album-end"></div>';
$o .= paginate($a);
return $o;
}
if ($datatype === 'image') {
//$o = '';
// fetch image, item containing image, then comments
$ph = q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' \n\t\t\t{$sql_extra} ORDER BY `scale` ASC ", intval($owner_uid), dbesc($datum));
if (!count($ph)) {
$ph = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'\n\t\t\t\tLIMIT 1", intval($owner_uid), dbesc($datum));
if (count($ph)) {
notice(t('Permission denied. Access to this item may be restricted.'));
} else {
notice(t('Photo not available') . EOL);
}
return;
}
$prevlink = '';
$nextlink = '';
if ($_GET['order'] === 'posted') {
$order = 'ASC';
} else {
$order = 'DESC';
}
$prvnxt = q("SELECT `resource-id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0\n\t\t\t{$sql_extra} ORDER BY `created` {$order} ", dbesc($ph[0]['album']), intval($owner_uid));
if (count($prvnxt)) {
for ($z = 0; $z < count($prvnxt); $z++) {
if ($prvnxt[$z]['resource-id'] == $ph[0]['resource-id']) {
$prv = $z - 1;
$nxt = $z + 1;
if ($prv < 0) {
$prv = count($prvnxt) - 1;
}
if ($nxt >= count($prvnxt)) {
$nxt = 0;
}
break;
}
}
$edit_suffix = $cmd === 'edit' && $can_post ? '/edit' : '';
$prevlink = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$prv]['resource-id'] . $edit_suffix . ($_GET['order'] === 'posted' ? '?f=&order=posted' : '');
$nextlink = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$nxt]['resource-id'] . $edit_suffix . ($_GET['order'] === 'posted' ? '?f=&order=posted' : '');
}
if (count($ph) == 1) {
$hires = $lores = $ph[0];
}
if (count($ph) > 1) {
if ($ph[1]['scale'] == 2) {
// original is 640 or less, we can display it directly
$hires = $lores = $ph[0];
} else {
$hires = $ph[0];
$lores = $ph[1];
}
}
$album_link = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($ph[0]['album']);
$tools = Null;
$lock = Null;
if ($can_post && $ph[0]['uid'] == $owner_uid) {
$tools = array('edit' => array($a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $datum . ($cmd === 'edit' ? '' : '/edit'), $cmd === 'edit' ? t('View photo') : t('Edit photo')), 'profile' => array($a->get_baseurl() . '/profile_photo/use/' . $ph[0]['resource-id'], t('Use as profile photo')));
// lock
$lock = $ph[0]['uid'] == local_user() && (strlen($ph[0]['allow_cid']) || strlen($ph[0]['allow_gid']) || strlen($ph[0]['deny_cid']) || strlen($ph[0]['deny_gid'])) ? t('Private Message') : Null;
}
if ($cmd === 'edit') {
$tpl = get_markup_template('photo_edit_head.tpl');
$a->page['htmlhead'] .= replace_macros($tpl, array('$prevlink' => $prevlink, '$nextlink' => $nextlink));
}
if ($prevlink) {
$prevlink = array($prevlink, '<div class="icon prev"></div>');
}
$photo = array('href' => $a->get_baseurl() . '/photo/' . $hires['resource-id'] . '-' . $hires['scale'] . '.' . $phototypes[$hires['type']], 'title' => t('View Full Size'), 'src' => $a->get_baseurl() . '/photo/' . $lores['resource-id'] . '-' . $lores['scale'] . '.' . $phototypes[$lores['type']] . '?f=&_u=' . datetime_convert('', '', '', 'ymdhis'), 'height' => $hires['height'], 'width' => $hires['width'], 'album' => $hires['album'], 'filename' => $hires['filename']);
if ($nextlink) {
$nextlink = array($nextlink, '<div class="icon next"></div>');
}
// Do we have an item for this photo?
// FIXME! - replace following code to display the conversation with our normal
// conversation functions so that it works correctly and tracks changes
// in the evolving conversation code.
// The difference is that we won't be displaying the conversation head item
// as a "post" but displaying instead the photo it is linked to
$linked_items = q("SELECT * FROM `item` WHERE `resource-id` = '%s' {$sql_extra} LIMIT 1", dbesc($datum));
if (count($linked_items)) {
$link_item = $linked_items[0];
$r = q("SELECT COUNT(*) AS `total`\n\t\t\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\t\t\tWHERE `parent-uri` = '%s' AND `uri` != '%s' AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\t\tAND `item`.`uid` = %d\n\t\t\t\t{$sql_extra} ", dbesc($link_item['uri']), dbesc($link_item['uri']), intval($link_item['uid']));
if (count($r)) {
$a->set_pager_total($r[0]['total']);
}
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,\n\t\t\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`network`,\n\t\t\t\t`contact`.`rel`, `contact`.`thumb`, `contact`.`self`,\n\t\t\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`\n\t\t\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\t\t\tWHERE `parent-uri` = '%s' AND `uri` != '%s' AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\t\tAND `item`.`uid` = %d\n\t\t\t\t{$sql_extra}\n\t\t\t\tORDER BY `parent` DESC, `id` ASC LIMIT %d ,%d ", dbesc($link_item['uri']), dbesc($link_item['uri']), intval($link_item['uid']), intval($a->pager['start']), intval($a->pager['itemspage']));
if (local_user() && local_user() == $link_item['uid']) {
q("UPDATE `item` SET `unseen` = 0 WHERE `parent` = %d and `uid` = %d", intval($link_item['parent']), intval(local_user()));
update_thread($link_item['parent']);
}
}
$tags = Null;
if (count($linked_items) && strlen($link_item['tag'])) {
$arr = explode(',', $link_item['tag']);
// parse tags and add links
$tag_str = '';
foreach ($arr as $t) {
if (strlen($tag_str)) {
$tag_str .= ', ';
}
$tag_str .= bbcode($t);
}
$tags = array(t('Tags: '), $tag_str);
if ($cmd === 'edit') {
$tags[] = $a->get_baseurl() . '/tagrm/' . $link_item['id'];
$tags[] = t('[Remove any tag]');
}
}
$edit = Null;
if ($cmd === 'edit' && $can_post) {
$edit_tpl = get_markup_template('photo_edit.tpl');
// Private/public post links for the non-JS ACL form
$private_post = 1;
if ($_REQUEST['public']) {
$private_post = 0;
}
$query_str = $a->query_string;
if (strpos($query_str, 'public=1') !== false) {
$query_str = str_replace(array('?public=1', '&public=1'), array('', ''), $query_str);
}
// I think $a->query_string may never have ? in it, but I could be wrong
// It looks like it's from the index.php?q=[etc] rewrite that the web
// server does, which converts any ? to &, e.g. suggest&ignore=61 for suggest?ignore=61
if (strpos($query_str, '?') === false) {
$public_post_link = '?public=1';
} else {
$public_post_link = '&public=1';
}
if ($a->theme['template_engine'] === 'internal') {
$album_e = template_escape($ph[0]['album']);
$caption_e = template_escape($ph[0]['desc']);
$aclselect_e = template_escape(populate_acl($ph[0]));
} else {
$album_e = $ph[0]['album'];
$caption_e = $ph[0]['desc'];
$aclselect_e = populate_acl($ph[0]);
}
$edit = replace_macros($edit_tpl, array('$id' => $ph[0]['id'], '$rotatecw' => t('Rotate CW (right)'), '$rotateccw' => t('Rotate CCW (left)'), '$album' => $album_e, '$newalbum' => t('New album name'), '$nickname' => $a->data['user']['nickname'], '$resource_id' => $ph[0]['resource-id'], '$capt_label' => t('Caption'), '$caption' => $caption_e, '$tag_label' => t('Add a Tag'), '$tags' => $link_item['tag'], '$permissions' => t('Permissions'), '$aclselect' => $aclselect_e, '$help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com, #California, #camping'), '$item_id' => count($linked_items) ? $link_item['id'] : 0, '$submit' => t('Submit'), '$delete' => t('Delete Photo'), '$acl_data' => construct_acl_data($a, $ph[0]), '$group_perms' => t('Show to Groups'), '$contact_perms' => t('Show to Contacts'), '$private' => t('Private photo'), '$public' => t('Public photo'), '$is_private' => $private_post, '$return_path' => $query_str, '$public_link' => $public_post_link));
}
if (count($linked_items)) {
$cmnt_tpl = get_markup_template('comment_item.tpl');
$tpl = get_markup_template('photo_item.tpl');
$return_url = $a->cmd;
$like_tpl = get_markup_template('like_noshare.tpl');
$likebuttons = '';
if ($can_post || can_write_wall($a, $owner_uid)) {
$likebuttons = replace_macros($like_tpl, array('$id' => $link_item['id'], '$likethis' => t("I like this (toggle)"), '$nolike' => feature_enabled(local_user(), 'dislike') ? t("I don't like this (toggle)") : '', '$share' => t('Share'), '$wait' => t('Please wait'), '$return_path' => $a->query_string));
}
$comments = '';
if (!count($r)) {
if ($can_post || can_write_wall($a, $owner_uid)) {
if ($link_item['last-child']) {
$comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $contact['url'], '$mytitle' => t('This is you'), '$myphoto' => $contact['thumb'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), '$sourceapp' => t($a->sourcename), '$ww' => '', '$rand_num' => random_digits(12)));
}
}
}
$alike = array();
$dlike = array();
$like = '';
$dislike = '';
// display comments
if (count($r)) {
foreach ($r as $item) {
like_puller($a, $item, $alike, 'like');
like_puller($a, $item, $dlike, 'dislike');
}
$like = isset($alike[$link_item['id']]) ? format_like($alike[$link_item['id']], $alike[$link_item['id'] . '-l'], 'like', $link_item['id']) : '';
$dislike = isset($dlike[$link_item['id']]) ? format_like($dlike[$link_item['id']], $dlike[$link_item['id'] . '-l'], 'dislike', $link_item['id']) : '';
if ($can_post || can_write_wall($a, $owner_uid)) {
if ($link_item['last-child']) {
$comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $contact['url'], '$mytitle' => t('This is you'), '$myphoto' => $contact['thumb'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), '$sourceapp' => t($a->sourcename), '$ww' => '', '$rand_num' => random_digits(12)));
}
}
foreach ($r as $item) {
$comment = '';
$template = $tpl;
$sparkle = '';
if ((activity_match($item['verb'], ACTIVITY_LIKE) || activity_match($item['verb'], ACTIVITY_DISLIKE)) && $item['id'] != $item['parent']) {
continue;
}
$redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'];
if (local_user() && $item['contact-uid'] == local_user() && $item['network'] == 'dfrn' && !$item['self']) {
$profile_url = $redirect_url;
$sparkle = ' sparkle';
} else {
$profile_url = $item['url'];
$sparkle = '';
}
$diff_author = $item['url'] !== $item['author-link'] ? true : false;
$profile_name = strlen($item['author-name']) && $diff_author ? $item['author-name'] : $item['name'];
$profile_avatar = strlen($item['author-avatar']) && $diff_author ? $item['author-avatar'] : $item['thumb'];
$profile_link = $profile_url;
$dropping = $item['contact-id'] == $contact_id || $item['uid'] == local_user();
$drop = array('dropping' => $dropping, 'pagedrop' => false, 'select' => t('Select'), 'delete' => t('Delete'));
if ($a->theme['template_engine'] === 'internal') {
$name_e = template_escape($profile_name);
$title_e = template_escape($item['title']);
$body_e = template_escape(bbcode($item['body']));
} else {
$name_e = $profile_name;
$title_e = $item['title'];
$body_e = bbcode($item['body']);
}
$comments .= replace_macros($template, array('$id' => $item['item_id'], '$profile_url' => $profile_link, '$name' => $name_e, '$thumb' => $profile_avatar, '$sparkle' => $sparkle, '$title' => $title_e, '$body' => $body_e, '$ago' => relative_date($item['created']), '$indent' => $item['parent'] != $item['item_id'] ? ' comment' : '', '$drop' => $drop, '$comment' => $comment));
if ($can_post || can_write_wall($a, $owner_uid)) {
if ($item['last-child']) {
$comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $item['item_id'], '$parent' => $item['parent'], '$profile_uid' => $owner_uid, '$mylink' => $contact['url'], '$mytitle' => t('This is you'), '$myphoto' => $contact['thumb'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), '$sourceapp' => t($a->sourcename), '$ww' => '', '$rand_num' => random_digits(12)));
}
}
}
}
$paginate = paginate($a);
}
$photo_tpl = get_markup_template('photo_view.tpl');
if ($a->theme['template_engine'] === 'internal') {
$album_e = array($album_link, template_escape($ph[0]['album']));
$tags_e = template_escape($tags);
$like_e = template_escape($like);
$dislike_e = template_escape($dislike);
} else {
$album_e = array($album_link, $ph[0]['album']);
$tags_e = $tags;
$like_e = $like;
$dislike_e = $dislike;
}
$o .= replace_macros($photo_tpl, array('$id' => $ph[0]['id'], '$album' => $album_e, '$tools' => $tools, '$lock' => $lock, '$photo' => $photo, '$prevlink' => $prevlink, '$nextlink' => $nextlink, '$desc' => $ph[0]['desc'], '$tags' => $tags_e, '$edit' => $edit, '$likebuttons' => $likebuttons, '$like' => $like_e, '$dislike' => $dikslike_e, '$comments' => $comments, '$paginate' => $paginate));
$a->page['htmlhead'] .= "\n" . '<meta name="twitter:card" content="photo" />' . "\n";
$a->page['htmlhead'] .= '<meta name="twitter:title" content="' . $photo["album"] . '" />' . "\n";
$a->page['htmlhead'] .= '<meta name="twitter:image" content="' . $photo["href"] . '" />' . "\n";
$a->page['htmlhead'] .= '<meta name="twitter:image:width" content="' . $photo["width"] . '" />' . "\n";
$a->page['htmlhead'] .= '<meta name="twitter:image:height" content="' . $photo["height"] . '" />' . "\n";
return $o;
}
// Default - show recent photos with upload link (if applicable)
//$o = '';
$r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' \n\t\t{$sql_extra} GROUP BY `resource-id`", intval($a->data['user']['uid']), dbesc('Contact Photos'), dbesc(t('Contact Photos')));
if (count($r)) {
$a->set_pager_total(count($r));
$a->set_pager_itemspage(20);
}
$r = q("SELECT `resource-id`, `id`, `filename`, type, `album`, max(`scale`) AS `scale` FROM `photo`\n\t\tWHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' \n\t\t{$sql_extra} GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d", intval($a->data['user']['uid']), dbesc('Contact Photos'), dbesc(t('Contact Photos')), intval($a->pager['start']), intval($a->pager['itemspage']));
$photos = array();
if (count($r)) {
$twist = 'rotright';
foreach ($r as $rr) {
if ($twist == 'rotright') {
$twist = 'rotleft';
} else {
$twist = 'rotright';
}
$ext = $phototypes[$rr['type']];
if ($a->theme['template_engine'] === 'internal') {
$alt_e = template_escape($rr['filename']);
$name_e = template_escape($rr['album']);
} else {
$alt_e = $rr['filename'];
$name_e = $rr['album'];
}
$photos[] = array('id' => $rr['id'], 'twist' => ' ' . $twist . rand(2, 4), 'link' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $rr['resource-id'], 'title' => t('View Photo'), 'src' => $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . ($rr['scale'] == 6 ? 4 : $rr['scale']) . '.' . $ext, 'alt' => $alt_e, 'album' => array('link' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($rr['album']), 'name' => $name_e, 'alt' => t('View Album')));
}
}
$tpl = get_markup_template('photos_recent.tpl');
$o .= replace_macros($tpl, array('$title' => t('Recent Photos'), '$can_post' => $can_post, '$upload' => array(t('Upload New Photos'), $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/upload'), '$photos' => $photos));
$o .= paginate($a);
return $o;
}
/**
* @brief
*
* @param array $sender
* @param array $arr
* @param array $deliveries
* @return array
*/
function process_channel_sync_delivery($sender, $arr, $deliveries)
{
require_once 'include/import.php';
/** @FIXME this will sync red structures (channel, pconfig and abook). Eventually we need to make this application agnostic. */
$result = array();
foreach ($deliveries as $d) {
$r = q("select * from channel where channel_hash = '%s' limit 1", dbesc($d['hash']));
if (!$r) {
$result[] = array($d['hash'], 'not found');
continue;
}
$channel = $r[0];
$max_friends = service_class_fetch($channel['channel_id'], 'total_channels');
$max_feeds = account_service_class_fetch($channel['channel_account_id'], 'total_feeds');
if ($channel['channel_hash'] != $sender['hash']) {
logger('process_channel_sync_delivery: possible forgery. Sender ' . $sender['hash'] . ' is not ' . $channel['channel_hash']);
$result[] = array($d['hash'], 'channel mismatch', $channel['channel_name'], '');
continue;
}
if (array_key_exists('config', $arr) && is_array($arr['config']) && count($arr['config'])) {
foreach ($arr['config'] as $cat => $k) {
foreach ($arr['config'][$cat] as $k => $v) {
set_pconfig($channel['channel_id'], $cat, $k, $v);
}
}
}
if (array_key_exists('obj', $arr) && $arr['obj']) {
sync_objs($channel, $arr['obj']);
}
if (array_key_exists('likes', $arr) && $arr['likes']) {
import_likes($channel, $arr['likes']);
}
if (array_key_exists('app', $arr) && $arr['app']) {
sync_apps($channel, $arr['app']);
}
if (array_key_exists('chatroom', $arr) && $arr['chatroom']) {
sync_chatrooms($channel, $arr['chatroom']);
}
if (array_key_exists('conv', $arr) && $arr['conv']) {
import_conv($channel, $arr['conv']);
}
if (array_key_exists('mail', $arr) && $arr['mail']) {
import_mail($channel, $arr['mail']);
}
if (array_key_exists('event', $arr) && $arr['event']) {
sync_events($channel, $arr['event']);
}
if (array_key_exists('event_item', $arr) && $arr['event_item']) {
sync_items($channel, $arr['event_item']);
}
if (array_key_exists('item', $arr) && $arr['item']) {
sync_items($channel, $arr['item']);
}
if (array_key_exists('item_id', $arr) && $arr['item_id']) {
sync_items($channel, $arr['item_id']);
}
if (array_key_exists('menu', $arr) && $arr['menu']) {
sync_menus($channel, $arr['menu']);
}
if (array_key_exists('channel', $arr) && is_array($arr['channel']) && count($arr['channel'])) {
if (array_key_exists('channel_pageflags', $arr['channel']) && intval($arr['channel']['channel_pageflags'])) {
// These flags cannot be sync'd.
// remove the bits from the incoming flags.
// These correspond to PAGE_REMOVED and PAGE_SYSTEM on redmatrix
if ($arr['channel']['channel_pageflags'] & 0x8000) {
$arr['channel']['channel_pageflags'] = $arr['channel']['channel_pageflags'] - 0x8000;
}
if ($arr['channel']['channel_pageflags'] & 0x1000) {
$arr['channel']['channel_pageflags'] = $arr['channel']['channel_pageflags'] - 0x1000;
}
}
$disallowed = array('channel_id', 'channel_account_id', 'channel_primary', 'channel_prvkey', 'channel_address', 'channel_notifyflags', 'channel_removed', 'channel_deleted', 'channel_system');
$clean = array();
foreach ($arr['channel'] as $k => $v) {
if (in_array($k, $disallowed)) {
continue;
}
$clean[$k] = $v;
}
if (count($clean)) {
foreach ($clean as $k => $v) {
$r = dbq("UPDATE channel set " . dbesc($k) . " = '" . dbesc($v) . "' where channel_id = " . intval($channel['channel_id']));
}
}
}
if (array_key_exists('abook', $arr) && is_array($arr['abook']) && count($arr['abook'])) {
$total_friends = 0;
$total_feeds = 0;
$r = q("select abook_id, abook_feed from abook where abook_channel = %d", intval($channel['channel_id']));
if ($r) {
// don't count yourself
$total_friends = count($r) > 0 ? count($r) - 1 : 0;
foreach ($r as $rr) {
if (intval($rr['abook_feed'])) {
$total_feeds++;
}
}
}
$disallowed = array('abook_id', 'abook_account', 'abook_channel', 'abook_rating', 'abook_rating_text');
foreach ($arr['abook'] as $abook) {
if (!array_key_exists('abook_blocked', $abook)) {
// convert from redmatrix
$abook['abook_blocked'] = $abook['abook_flags'] & 0x1 ? 1 : 0;
$abook['abook_ignored'] = $abook['abook_flags'] & 0x2 ? 1 : 0;
$abook['abook_hidden'] = $abook['abook_flags'] & 0x4 ? 1 : 0;
$abook['abook_archived'] = $abook['abook_flags'] & 0x8 ? 1 : 0;
$abook['abook_pending'] = $abook['abook_flags'] & 0x10 ? 1 : 0;
$abook['abook_unconnected'] = $abook['abook_flags'] & 0x20 ? 1 : 0;
$abook['abook_self'] = $abook['abook_flags'] & 0x80 ? 1 : 0;
$abook['abook_feed'] = $abook['abook_flags'] & 0x100 ? 1 : 0;
}
$clean = array();
if ($abook['abook_xchan'] && $abook['entry_deleted']) {
logger('process_channel_sync_delivery: removing abook entry for ' . $abook['abook_xchan']);
require_once 'include/Contact.php';
$r = q("select abook_id, abook_feed from abook where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 limit 1", dbesc($abook['abook_xchan']), intval($channel['channel_id']));
if ($r) {
contact_remove($channel['channel_id'], $r[0]['abook_id']);
if ($total_friends) {
$total_friends--;
}
if (intval($r[0]['abook_feed'])) {
$total_feeds--;
}
}
continue;
}
// Perform discovery if the referenced xchan hasn't ever been seen on this hub.
// This relies on the undocumented behaviour that red sites send xchan info with the abook
// and import_author_xchan will look them up on all federated networks
if ($abook['abook_xchan'] && $abook['xchan_addr']) {
$h = zot_get_hublocs($abook['abook_xchan']);
if (!$h) {
$xhash = import_author_xchan(encode_item_xchan($abook));
if (!$xhash) {
logger('process_channel_sync_delivery: import of ' . $abook['xchan_addr'] . ' failed.');
continue;
}
}
}
foreach ($abook as $k => $v) {
if (in_array($k, $disallowed) || strpos($k, 'abook') !== 0) {
continue;
}
$clean[$k] = $v;
}
if (!array_key_exists('abook_xchan', $clean)) {
continue;
}
$r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($clean['abook_xchan']), intval($channel['channel_id']));
// make sure we have an abook entry for this xchan on this system
if (!$r) {
if ($max_friends !== false && $total_friends > $max_friends) {
logger('process_channel_sync_delivery: total_channels service class limit exceeded');
continue;
}
if ($max_feeds !== false && intval($clean['abook_feed']) && $total_feeds > $max_feeds) {
logger('process_channel_sync_delivery: total_feeds service class limit exceeded');
continue;
}
q("insert into abook ( abook_xchan, abook_channel ) values ('%s', %d ) ", dbesc($clean['abook_xchan']), intval($channel['channel_id']));
$total_friends++;
if (intval($clean['abook_feed'])) {
$total_feeds++;
}
}
if (count($clean)) {
foreach ($clean as $k => $v) {
if ($k == 'abook_dob') {
$v = dbescdate($v);
}
$r = dbq("UPDATE abook set " . dbesc($k) . " = '" . dbesc($v) . "' where abook_xchan = '" . dbesc($clean['abook_xchan']) . "' and abook_channel = " . intval($channel['channel_id']));
}
}
}
}
// sync collections (privacy groups) oh joy...
if (array_key_exists('collections', $arr) && is_array($arr['collections']) && count($arr['collections'])) {
$x = q("select * from groups where uid = %d", intval($channel['channel_id']));
foreach ($arr['collections'] as $cl) {
$found = false;
if ($x) {
foreach ($x as $y) {
if ($cl['collection'] == $y['hash']) {
$found = true;
break;
}
}
if ($found) {
if ($y['name'] != $cl['name'] || $y['visible'] != $cl['visible'] || $y['deleted'] != $cl['deleted']) {
q("update groups set name = '%s', visible = %d, deleted = %d where hash = '%s' and uid = %d", dbesc($cl['name']), intval($cl['visible']), intval($cl['deleted']), dbesc($cl['hash']), intval($channel['channel_id']));
}
if (intval($cl['deleted']) && !intval($y['deleted'])) {
q("delete from group_member where gid = %d", intval($y['id']));
}
}
}
if (!$found) {
$r = q("INSERT INTO `groups` ( hash, uid, visible, deleted, name )\n\t\t\t\t\t\tVALUES( '%s', %d, %d, %d, '%s' ) ", dbesc($cl['collection']), intval($channel['channel_id']), intval($cl['visible']), intval($cl['deleted']), dbesc($cl['name']));
}
// now look for any collections locally which weren't in the list we just received.
// They need to be removed by marking deleted and removing the members.
// This shouldn't happen except for clones created before this function was written.
if ($x) {
$found_local = false;
foreach ($x as $y) {
foreach ($arr['collections'] as $cl) {
if ($cl['collection'] == $y['hash']) {
$found_local = true;
break;
}
}
if (!$found_local) {
q("delete from group_member where gid = %d", intval($y['id']));
q("update groups set deleted = 1 where id = %d and uid = %d", intval($y['id']), intval($channel['channel_id']));
}
}
}
}
// reload the group list with any updates
$x = q("select * from groups where uid = %d", intval($channel['channel_id']));
// now sync the members
if (array_key_exists('collection_members', $arr) && is_array($arr['collection_members']) && count($arr['collection_members'])) {
// first sort into groups keyed by the group hash
$members = array();
foreach ($arr['collection_members'] as $cm) {
if (!array_key_exists($cm['collection'], $members)) {
$members[$cm['collection']] = array();
}
$members[$cm['collection']][] = $cm['member'];
}
// our group list is already synchronised
if ($x) {
foreach ($x as $y) {
// for each group, loop on members list we just received
foreach ($members[$y['hash']] as $member) {
$found = false;
$z = q("select xchan from group_member where gid = %d and uid = %d and xchan = '%s' limit 1", intval($y['id']), intval($channel['channel_id']), dbesc($member));
if ($z) {
$found = true;
}
// if somebody is in the group that wasn't before - add them
if (!$found) {
q("INSERT INTO `group_member` (`uid`, `gid`, `xchan`)\n\t\t\t\t\t\t\t\t\tVALUES( %d, %d, '%s' ) ", intval($channel['channel_id']), intval($y['id']), dbesc($member));
}
}
// now retrieve a list of members we have on this site
$m = q("select xchan from group_member where gid = %d and uid = %d", intval($y['id']), intval($channel['channel_id']));
if ($m) {
foreach ($m as $mm) {
// if the local existing member isn't in the list we just received - remove them
if (!in_array($mm['xchan'], $members[$y['hash']])) {
q("delete from group_member where xchan = '%s' and gid = %d and uid = %d", dbesc($mm['xchan']), intval($y['id']), intval($channel['channel_id']));
}
}
}
}
}
}
}
if (array_key_exists('profile', $arr) && is_array($arr['profile']) && count($arr['profile'])) {
$disallowed = array('id', 'aid', 'uid');
foreach ($arr['profile'] as $profile) {
$x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1", dbesc($profile['profile_guid']), intval($channel['channel_id']));
if (!$x) {
q("insert into profile ( profile_guid, aid, uid ) values ('%s', %d, %d)", dbesc($profile['profile_guid']), intval($channel['channel_account_id']), intval($channel['channel_id']));
$x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1", dbesc($profile['profile_guid']), intval($channel['channel_id']));
if (!$x) {
continue;
}
}
$clean = array();
foreach ($profile as $k => $v) {
if (in_array($k, $disallowed)) {
continue;
}
$clean[$k] = $v;
/**
* @TODO check if these are allowed, otherwise we'll error
* We also need to import local photos if a custom photo is selected
*/
}
if (count($clean)) {
foreach ($clean as $k => $v) {
$r = dbq("UPDATE profile set `" . dbesc($k) . "` = '" . dbesc($v) . "' where profile_guid = '" . dbesc($profile['profile_guid']) . "' and uid = " . intval($channel['channel_id']));
}
}
}
}
if (array_key_exists('item', $arr) && $arr['item']) {
sync_items($channel, $arr['item']);
}
if (array_key_exists('item_id', $arr) && $arr['item_id']) {
sync_items($channel, $arr['item_id']);
}
$addon = array('channel' => $channel, 'data' => $arr);
call_hooks('process_channel_sync_delivery', $addon);
// we should probably do this for all items, but usually we only send one.
require_once 'include/DReport.php';
if (array_key_exists('item', $arr) && is_array($arr['item'][0])) {
$DR = new DReport(z_root(), $d['hash'], $d['hash'], $arr['item'][0]['message_id'], 'channel sync processed');
$DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>');
} else {
$DR = new DReport(z_root(), $d['hash'], $d['hash'], 'sync packet', 'channel sync delivered');
}
$result[] = $DR->get();
}
return $result;
}
function manage_content(&$a)
{
if (!get_account_id()) {
notice(t('Permission denied.') . EOL);
return;
}
require_once 'include/security.php';
$change_channel = argc() > 1 ? intval(argv(1)) : 0;
if (argc() > 2 && argv(2) === 'default') {
$r = q("select channel_id from channel where channel_id = %d and channel_account_id = %d limit 1", intval($change_channel), intval(get_account_id()));
if ($r) {
q("update account set account_default_channel = %d where account_id = %d limit 1", intval($change_channel), intval(get_account_id()));
}
goaway(z_root() . '/manage');
}
if ($change_channel) {
$r = change_channel($change_channel);
if ($r && $r['channel_startpage']) {
goaway(z_root() . '/' . $r['channel_startpage']);
}
goaway(z_root());
}
$channels = null;
if (local_user()) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and not ( channel_pageflags & %d ) order by channel_name ", intval(get_account_id()), intval(PAGE_REMOVED));
$selected_channel = null;
$account = get_app()->get_account();
if ($r && count($r)) {
$channels = $r;
for ($x = 0; $x < count($channels); $x++) {
$channels[$x]['link'] = 'manage/' . intval($channels[$x]['channel_id']);
if ($channels[$x]['channel_id'] == local_user()) {
$selected_channel = $channels[$x];
}
$channels[$x]['default'] = $channels[$x]['channel_id'] == $account['account_default_channel'] ? "1" : '';
$channels[$x]['default_links'] = '1';
$c = q("SELECT id, item_restrict, item_flags FROM item\n\t\t\t\t\tWHERE (item_restrict = %d) and ( item_flags & %d ) and uid = %d", intval(ITEM_VISIBLE), intval(ITEM_UNSEEN), intval($channels[$x]['channel_id']));
if ($c) {
foreach ($c as $it) {
if ($it['item_flags'] & ITEM_WALL) {
$channels[$x]['home']++;
} else {
$channels[$x]['network']++;
}
}
}
$intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) and not ((abook_flags & %d) or (xchan_flags & %d))", intval($channels[$x]['channel_id']), intval(ABOOK_FLAG_PENDING), intval(ABOOK_FLAG_SELF | ABOOK_FLAG_IGNORED), intval(XCHAN_FLAGS_DELETED | XCHAN_FLAGS_ORPHAN));
if ($intr) {
$channels[$x]['intros'] = intval($intr[0]['total']);
}
$mails = q("SELECT count(id) as total from mail WHERE channel_id = %d AND not (mail_flags & %d) and from_xchan != '%s' ", intval($channels[$x]['channel_id']), intval(MAIL_SEEN), dbesc($channels[$x]['channel_hash']));
if ($mails) {
$channels[$x]['mail'] = intval($mails[0]['total']);
}
$events = q("SELECT type, start, adjust FROM `event`\n\t\t\t\t\tWHERE `event`.`uid` = %d AND start < '%s' AND start > '%s' and `ignore` = 0\n\t\t\t\t\tORDER BY `start` ASC ", intval($channels[$x]['channel_id']), dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now + 7 days')), dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now - 1 days')));
if ($events) {
$channels[$x]['all_events'] = count($events);
if ($channels[$x]['all_events']) {
$str_now = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y-m-d');
foreach ($events as $e) {
$bd = false;
if ($e['type'] === 'birthday') {
$channels[$x]['birthdays']++;
$bd = true;
} else {
$channels[$x]['events']++;
}
if (datetime_convert('UTC', intval($e['adjust']) ? date_default_timezone_get() : 'UTC', $e['start'], 'Y-m-d') === $str_now) {
$channels[$x]['all_events_today']++;
if ($bd) {
$channels[$x]['birthdays_today']++;
} else {
$channels[$x]['events_today']++;
}
}
}
}
}
}
}
$r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d )", intval(get_account_id()), intval(PAGE_REMOVED));
$limit = service_class_fetch(local_user(), 'total_identities');
if ($limit !== false) {
$channel_usage_message = sprintf(t("You have created %1\$.0f of %2\$.0f allowed channels."), $r[0]['total'], $limit);
} else {
$channel_usage_message = '';
}
}
$links = array(array('new_channel', t('Create a new channel'), t('Create a new channel')));
$o = replace_macros(get_markup_template('channels.tpl'), array('$header' => t('Channel Manager'), '$msg_selected' => t('Current Channel'), '$selected' => $selected_channel, '$desc' => t('Attach to one of your channels by selecting it.'), '$msg_default' => t('Default Channel'), '$msg_make_default' => t('Make Default'), '$links' => $links, '$all_channels' => $channels, '$channel_usage_message' => $channel_usage_message));
return $o;
}
function widget_follow($args)
{
if (!local_user()) {
return '';
}
$a = get_app();
$uid = $a->channel['channel_id'];
$r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d) ", intval($uid), intval(ABOOK_FLAG_SELF));
if ($r) {
$total_channels = $r[0]['total'];
}
$limit = service_class_fetch($uid, 'total_channels');
if ($limit !== false) {
$abook_usage_message = sprintf(t("You have %1\$.0f of %2\$.0f allowed connections."), $total_channels, $limit);
} else {
$abook_usage_message = '';
}
return replace_macros(get_markup_template('follow.tpl'), array('$connect' => t('Add New Connection'), '$desc' => t('Enter the channel address'), '$hint' => t('Example: bob@example.com, http://example.com/barbara'), '$follow' => t('Connect'), '$abook_usage_message' => $abook_usage_message));
}
/**
* @brief
*
* @param array $channel
* @param array $observer
* @param array $args
* @return array
*/
function photo_upload($channel, $observer, $args)
{
$ret = array('success' => false);
$channel_id = $channel['channel_id'];
$account_id = $channel['channel_account_id'];
if (!perm_is_allowed($channel_id, $observer['xchan_hash'], 'write_storage')) {
$ret['message'] = t('Permission denied.');
return $ret;
}
// call_hooks('photo_upload_begin', $args);
/*
* Determine the album to use
*/
$album = $args['album'];
if (intval($args['visible']) || $args['visible'] === 'true') {
$visible = 1;
} else {
$visible = 0;
}
// Set to default channel permissions. If the parent directory (album) has permissions set,
// use those instead. If we have specific permissions supplied, they take precedence over
// all other settings. 'allow_cid' being passed from an external source takes priority over channel settings.
// ...messy... needs re-factoring once the photos/files integration stabilises
$acl = new AccessList($channel);
if (array_key_exists('directory', $args) && $args['directory']) {
$acl->set($args['directory']);
}
if (array_key_exists('allow_cid', $args)) {
$acl->set($args);
}
if (array_key_exists('group_allow', $args) || array_key_exists('contact_allow', $args) || array_key_exists('group_deny', $args) || array_key_exists('contact_deny', $args)) {
$acl->set_from_array($args);
}
$ac = $acl->get();
$os_storage = 0;
if ($args['os_path'] && $args['getimagesize']) {
$imagedata = @file_get_contents($args['os_path']);
$filename = $args['filename'];
$filesize = strlen($imagedata);
// this is going to be deleted if it exists
$src = '/tmp/deletemenow';
$type = $args['getimagesize']['mime'];
$os_storage = 1;
} elseif ($args['data']) {
// allow an import from a binary string representing the image.
// This bypasses the upload step and max size limit checking
$imagedata = $args['data'];
$filename = $args['filename'];
$filesize = strlen($imagedata);
// this is going to be deleted if it exists
$src = '/tmp/deletemenow';
$type = $args['type'];
} else {
$f = array('src' => '', 'filename' => '', 'filesize' => 0, 'type' => '');
// call_hooks('photo_upload_file',$f);
if (x($f, 'src') && x($f, 'filesize')) {
$src = $f['src'];
$filename = $f['filename'];
$filesize = $f['filesize'];
$type = $f['type'];
} else {
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$type = $_FILES['userfile']['type'];
}
if (!$type) {
$type = guess_image_type($filename);
}
logger('photo_upload: received file: ' . $filename . ' as ' . $src . ' (' . $type . ') ' . $filesize . ' bytes', LOGGER_DEBUG);
$maximagesize = get_config('system', 'maximagesize');
if ($maximagesize && $filesize > $maximagesize) {
$ret['message'] = sprintf(t('Image exceeds website size limit of %lu bytes'), $maximagesize);
@unlink($src);
call_hooks('photo_upload_end', $ret);
return $ret;
}
if (!$filesize) {
$ret['message'] = t('Image file is empty.');
@unlink($src);
call_hooks('photo_post_end', $ret);
return $ret;
}
logger('photo_upload: loading the contents of ' . $src, LOGGER_DEBUG);
$imagedata = @file_get_contents($src);
}
$r = q("select sum(size) as total from photo where aid = %d and scale = 0 ", intval($account_id));
$limit = service_class_fetch($channel_id, 'photo_upload_limit');
if ($r && $limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) {
$ret['message'] = upgrade_message();
@unlink($src);
call_hooks('photo_post_end', $ret);
return $ret;
}
$ph = photo_factory($imagedata, $type);
if (!$ph->is_valid()) {
$ret['message'] = t('Unable to process image');
logger('photo_upload: unable to process image');
@unlink($src);
call_hooks('photo_upload_end', $ret);
return $ret;
}
$exif = $ph->orient($args['os_path'] ? $args['os_path'] : $src);
@unlink($src);
$max_length = get_config('system', 'max_image_length');
if (!$max_length) {
$max_length = MAX_IMAGE_LENGTH;
}
if ($max_length > 0) {
$ph->scaleImage($max_length);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$smallest = 0;
$photo_hash = $args['resource_id'] ? $args['resource_id'] : photo_new_resource();
$visitor = '';
if ($channel['channel_hash'] !== $observer['xchan_hash']) {
$visitor = $observer['xchan_hash'];
}
$errors = false;
$p = array('aid' => $account_id, 'uid' => $channel_id, 'xchan' => $visitor, 'resource_id' => $photo_hash, 'filename' => $filename, 'album' => $album, 'scale' => 0, 'photo_usage' => PHOTO_NORMAL, 'allow_cid' => $ac['allow_cid'], 'allow_gid' => $ac['allow_gid'], 'deny_cid' => $ac['deny_cid'], 'deny_gid' => $ac['deny_gid'], 'os_storage' => $os_storage, 'os_path' => $args['os_path']);
if ($args['created']) {
$p['created'] = $args['created'];
}
if ($args['edited']) {
$p['edited'] = $args['edited'];
}
if ($args['title']) {
$p['title'] = $args['title'];
}
if ($args['description']) {
$p['description'] = $args['description'];
}
$r1 = $ph->save($p);
if (!$r1) {
$errors = true;
}
unset($p['os_storage']);
unset($p['os_path']);
if (($width > 640 || $height > 640) && !$errors) {
$ph->scaleImage(640);
$p['scale'] = 1;
$r2 = $ph->save($p);
$smallest = 1;
if (!$r2) {
$errors = true;
}
}
if (($width > 320 || $height > 320) && !$errors) {
$ph->scaleImage(320);
$p['scale'] = 2;
$r3 = $ph->save($p);
$smallest = 2;
if (!$r3) {
$errors = true;
}
}
if ($errors) {
q("delete from photo where resource_id = '%s' and uid = %d", dbesc($photo_hash), intval($channel_id));
$ret['message'] = t('Photo storage failed.');
logger('photo_upload: photo store failed.');
call_hooks('photo_upload_end', $ret);
return $ret;
}
// This will be the width and height of the smallest representation
$width_x_height = $ph->getWidth() . 'x' . $ph->getHeight();
// Create item container
$item_hidden = $visible ? 0 : 1;
$lat = $lon = null;
if ($exif && $exif['GPS']) {
if (feature_enabled($channel_id, 'photo_location')) {
$lat = getGps($exif['GPS']['GPSLatitude'], $exif['GPS']['GPSLatitudeRef']);
$lon = getGps($exif['GPS']['GPSLongitude'], $exif['GPS']['GPSLongitudeRef']);
}
}
if ($args['item']) {
foreach ($args['item'] as $i) {
$item = get_item_elements($i);
$force = false;
if ($item['mid'] === $item['parent_mid']) {
$item['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . $tag . z_root() . "/photo/{$photo_hash}-{$smallest}." . $ph->getExt() . '[/zmg]' . '[/zrl]';
if ($item['author_xchan'] === $channel['channel_hash']) {
$item['sig'] = base64url_encode(rsa_sign($item['body'], $channel['channel_prvkey']));
$item['item_verified'] = 1;
} else {
$item['sig'] = '';
}
$force = true;
}
$r = q("select id, edited from item where mid = '%s' and uid = %d limit 1", dbesc($item['mid']), intval($channel['channel_id']));
if ($r) {
if ($item['edited'] > $r[0]['edited'] || $force) {
$item['id'] = $r[0]['id'];
$item['uid'] = $channel['channel_id'];
item_store_update($item);
continue;
}
} else {
$item['aid'] = $channel['channel_account_id'];
$item['uid'] = $channel['channel_id'];
$item_result = item_store($item);
}
}
} else {
$title = '';
$mid = item_message_id();
$arr = array();
if ($lat && $lon) {
$arr['coord'] = $lat . ' ' . $lon;
}
$arr['aid'] = $account_id;
$arr['uid'] = $channel_id;
$arr['mid'] = $mid;
$arr['parent_mid'] = $mid;
$arr['item_hidden'] = $item_hidden;
$arr['resource_type'] = 'photo';
$arr['resource_id'] = $photo_hash;
$arr['owner_xchan'] = $channel['channel_hash'];
$arr['author_xchan'] = $observer['xchan_hash'];
$arr['title'] = $title;
$arr['allow_cid'] = $ac['allow_cid'];
$arr['allow_gid'] = $ac['allow_gid'];
$arr['deny_cid'] = $ac['deny_cid'];
$arr['deny_gid'] = $ac['deny_gid'];
$arr['verb'] = ACTIVITY_POST;
$arr['item_wall'] = 1;
$arr['item_origin'] = 1;
$arr['item_thread_top'] = 1;
$arr['item_private'] = intval($acl->is_private());
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
// We should also put a width_x_height on large photos. Left as an exercise for
// devs looking for simple stuff to fix.
$larger = feature_enabled($channel['channel_id'], 'large_photos');
if ($larger) {
$tag = '[zmg]';
if ($r2) {
$smallest = 1;
} else {
$smallest = 0;
}
} else {
if ($width_x_height) {
$tag = '[zmg=' . $width_x_height . ']';
} else {
$tag = '[zmg]';
}
}
$arr['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . $tag . z_root() . "/photo/{$photo_hash}-{$smallest}." . $ph->getExt() . '[/zmg]' . '[/zrl]';
$result = item_store($arr);
$item_id = $result['item_id'];
if ($visible) {
proc_run('php', "include/notifier.php", 'wall-new', $item_id);
}
}
$ret['success'] = true;
$ret['item'] = $arr;
$ret['body'] = $arr['body'];
$ret['resource_id'] = $photo_hash;
$ret['photoitem_id'] = $item_id;
call_hooks('photo_upload_end', $ret);
return $ret;
}
