function create_user($arr)
{
// Required: { username, nickname, email } or { openid_url }
$a = get_app();
$result = array('success' => false, 'user' => null, 'password' => '', 'message' => '');
$using_invites = get_config('system', 'invitation_only');
$num_invites = get_config('system', 'number_invites');
$invite_id = x($arr, 'invite_id') ? notags(trim($arr['invite_id'])) : '';
$username = x($arr, 'username') ? notags(trim($arr['username'])) : '';
$nickname = x($arr, 'nickname') ? notags(trim($arr['nickname'])) : '';
$email = x($arr, 'email') ? notags(trim($arr['email'])) : '';
$openid_url = x($arr, 'openid_url') ? notags(trim($arr['openid_url'])) : '';
$photo = x($arr, 'photo') ? notags(trim($arr['photo'])) : '';
$password = x($arr, 'password') ? trim($arr['password']) : '';
$blocked = x($arr, 'blocked') ? intval($arr['blocked']) : 0;
$verified = x($arr, 'verified') ? intval($arr['verified']) : 0;
$publish = x($arr, 'profile_publish_reg') && intval($arr['profile_publish_reg']) ? 1 : 0;
$netpublish = strlen(get_config('system', 'directory_submit_url')) ? $publish : 0;
$tmp_str = $openid_url;
if ($using_invites) {
if (!$invite_id) {
$result['message'] .= t('An invitation is required.') . EOL;
return $result;
}
$r = q("select * from register where `hash` = '%s' limit 1", dbesc($invite_id));
if (!results($r)) {
$result['message'] .= t('Invitation could not be verified.') . EOL;
return $result;
}
}
if (!x($username) || !x($email) || !x($nickname)) {
if ($openid_url) {
if (!validate_url($tmp_str)) {
$result['message'] .= t('Invalid OpenID url') . EOL;
return $result;
}
$_SESSION['register'] = 1;
$_SESSION['openid'] = $openid_url;
require_once 'library/openid.php';
$openid = new LightOpenID();
$openid->identity = $openid_url;
$openid->returnUrl = $a->get_baseurl() . '/openid';
$openid->required = array('namePerson/friendly', 'contact/email', 'namePerson');
$openid->optional = array('namePerson/first', 'media/image/aspect11', 'media/image/default');
try {
$authurl = $openid->authUrl();
} catch (Exception $e) {
$result['message'] .= t("We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.") . EOL . EOL . t("The error message was:") . $e->getMessage() . EOL;
return $result;
}
goaway($authurl);
// NOTREACHED
}
notice(t('Please enter the required information.') . EOL);
return;
}
if (!validate_url($tmp_str)) {
$openid_url = '';
}
$err = '';
// collapse multiple spaces in name
$username = preg_replace('/ +/', ' ', $username);
if (mb_strlen($username) > 48) {
$result['message'] .= t('Please use a shorter name.') . EOL;
}
if (mb_strlen($username) < 3) {
$result['message'] .= t('Name too short.') . EOL;
}
// I don't really like having this rule, but it cuts down
// on the number of auto-registrations by Russian spammers
// Using preg_match was completely unreliable, due to mixed UTF-8 regex support
// $no_utf = get_config('system','no_utf');
// $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' );
// So now we are just looking for a space in the full name.
$loose_reg = get_config('system', 'no_regfullname');
if (!$loose_reg) {
$username = mb_convert_case($username, MB_CASE_TITLE, 'UTF-8');
if (!strpos($username, ' ')) {
$result['message'] .= t("That doesn't appear to be your full (First Last) name.") . EOL;
}
}
if (!allowed_email($email)) {
$result['message'] .= t('Your email domain is not among those allowed on this site.') . EOL;
}
if (!valid_email($email) || !validate_email($email)) {
$result['message'] .= t('Not a valid email address.') . EOL;
}
// Disallow somebody creating an account using openid that uses the admin email address,
// since openid bypasses email verification. We'll allow it if there is not yet an admin account.
$adminlist = explode(",", str_replace(" ", "", strtolower($a->config['admin_email'])));
//if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) {
if (x($a->config, 'admin_email') && in_array(strtolower($email), $adminlist) && strlen($openid_url)) {
$r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1", dbesc($email));
if (count($r)) {
$result['message'] .= t('Cannot use that email.') . EOL;
}
}
$nickname = $arr['nickname'] = strtolower($nickname);
if (!preg_match("/^[a-z][a-z0-9\\-\\_]*\$/", $nickname)) {
$result['message'] .= t('Your "nickname" can only contain "a-z", "0-9", "-", and "_", and must also begin with a letter.') . EOL;
}
$r = q("SELECT `uid` FROM `user`\n \tWHERE `nickname` = '%s' LIMIT 1", dbesc($nickname));
if (count($r)) {
$result['message'] .= t('Nickname is already registered. Please choose another.') . EOL;
}
// Check deleted accounts that had this nickname. Doesn't matter to us,
// but could be a security issue for federated platforms.
$r = q("SELECT * FROM `userd`\n \tWHERE `username` = '%s' LIMIT 1", dbesc($nickname));
if (count($r)) {
$result['message'] .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL;
}
if (strlen($result['message'])) {
return $result;
}
$new_password = strlen($password) ? $password : autoname(6) . mt_rand(100, 9999);
$new_password_encoded = hash('whirlpool', $new_password);
$result['password'] = $new_password;
require_once 'include/crypto.php';
$keys = new_keypair(4096);
if ($keys === false) {
$result['message'] .= t('SERIOUS ERROR: Generation of security keys failed.') . EOL;
return $result;
}
$default_service_class = get_config('system', 'default_service_class');
if (!$default_service_class) {
$default_service_class = '';
}
$prvkey = $keys['prvkey'];
$pubkey = $keys['pubkey'];
/**
*
* Create another keypair for signing/verifying
* salmon protocol messages. We have to use a slightly
* less robust key because this won't be using openssl
* but the phpseclib. Since it is PHP interpreted code
* it is not nearly as efficient, and the larger keys
* will take several minutes each to process.
*
*/
$sres = new_keypair(512);
$sprvkey = $sres['prvkey'];
$spubkey = $sres['pubkey'];
$r = q("INSERT INTO `user` ( `guid`, `username`, `password`, `email`, `openid`, `nickname`,\n\t\t`pubkey`, `prvkey`, `spubkey`, `sprvkey`, `register_date`, `verified`, `blocked`, `timezone`, `service_class`, `default-location` )\n\t\tVALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, 'UTC', '%s', '' )", dbesc(generate_user_guid()), dbesc($username), dbesc($new_password_encoded), dbesc($email), dbesc($openid_url), dbesc($nickname), dbesc($pubkey), dbesc($prvkey), dbesc($spubkey), dbesc($sprvkey), dbesc(datetime_convert()), intval($verified), intval($blocked), dbesc($default_service_class));
if ($r) {
$r = q("SELECT * FROM `user`\n\t\t\tWHERE `username` = '%s' AND `password` = '%s' LIMIT 1", dbesc($username), dbesc($new_password_encoded));
if ($r !== false && count($r)) {
$u = $r[0];
$newuid = intval($r[0]['uid']);
}
} else {
$result['message'] .= t('An error occurred during registration. Please try again.') . EOL;
return $result;
}
/**
* if somebody clicked submit twice very quickly, they could end up with two accounts
* due to race condition. Remove this one.
*/
$r = q("SELECT `uid` FROM `user`\n \tWHERE `nickname` = '%s' ", dbesc($nickname));
if (count($r) > 1 && $newuid) {
$result['message'] .= t('Nickname is already registered. Please choose another.') . EOL;
q("DELETE FROM `user` WHERE `uid` = %d", intval($newuid));
return $result;
}
if (x($newuid) !== false) {
$r = q("INSERT INTO `profile` ( `uid`, `profile-name`, `is-default`, `name`, `photo`, `thumb`, `publish`, `net-publish` )\n\t\t\tVALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, %d ) ", intval($newuid), t('default'), 1, dbesc($username), dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"), dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"), intval($publish), intval($netpublish));
if ($r === false) {
$result['message'] .= t('An error occurred creating your default profile. Please try again.') . EOL;
// Start fresh next time.
$r = q("DELETE FROM `user` WHERE `uid` = %d", intval($newuid));
return $result;
}
$r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`, `nurl`,\n\t\t\t`request`, `notify`, `poll`, `confirm`, `poco`, `name-date`, `uri-date`, `avatar-date`, `closeness` )\n\t\t\tVALUES ( %d, '%s', 1, '%s', '%s', '%s', '%s', '%s', 0, 0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 0 ) ", intval($newuid), datetime_convert(), dbesc($username), dbesc($nickname), dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"), dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"), dbesc($a->get_baseurl() . "/photo/micro/{$newuid}.jpg"), dbesc($a->get_baseurl() . "/profile/{$nickname}"), dbesc(normalise_link($a->get_baseurl() . "/profile/{$nickname}")), dbesc($a->get_baseurl() . "/dfrn_request/{$nickname}"), dbesc($a->get_baseurl() . "/dfrn_notify/{$nickname}"), dbesc($a->get_baseurl() . "/dfrn_poll/{$nickname}"), dbesc($a->get_baseurl() . "/dfrn_confirm/{$nickname}"), dbesc($a->get_baseurl() . "/poco/{$nickname}"), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(datetime_convert()));
// Create a group with no members. This allows somebody to use it
// right away as a default group for new contacts.
require_once 'include/group.php';
group_add($newuid, t('Friends'));
$r = q("SELECT id FROM `group` WHERE uid = %d AND name = '%s'", intval($newuid), dbesc(t('Friends')));
if ($r && count($r)) {
$def_gid = $r[0]['id'];
q("UPDATE user SET def_gid = %d WHERE uid = %d", intval($r[0]['id']), intval($newuid));
}
if (get_config('system', 'newuser_private') && $def_gid) {
q("UPDATE user SET allow_gid = '%s' WHERE uid = %d", dbesc("<" . $def_gid . ">"), intval($newuid));
}
}
// if we have no OpenID photo try to look up an avatar
if (!strlen($photo)) {
$photo = avatar_img($email);
}
// unless there is no avatar-plugin loaded
if (strlen($photo)) {
require_once 'include/Photo.php';
$photo_failure = false;
$filename = basename($photo);
$img_str = fetch_url($photo, true);
// guess mimetype from headers or filename
$type = guess_image_type($photo, true);
$img = new Photo($img_str, $type);
if ($img->is_valid()) {
$img->scaleImageSquare(175);
$hash = photo_new_resource();
$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 4);
if ($r === false) {
$photo_failure = true;
}
$img->scaleImage(80);
$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 5);
if ($r === false) {
$photo_failure = true;
}
$img->scaleImage(48);
$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 6);
if ($r === false) {
$photo_failure = true;
}
if (!$photo_failure) {
q("UPDATE `photo` SET `profile` = 1 WHERE `resource-id` = '%s' ", dbesc($hash));
}
}
}
call_hooks('register_account', $newuid);
$result['success'] = true;
$result['user'] = $u;
return $result;
}
function profile_photo_post(&$a)
{
if (!local_channel()) {
return;
}
check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
if (x($_POST, 'cropfinal') && $_POST['cropfinal'] == 1) {
// unless proven otherwise
$is_default_profile = 1;
if ($_REQUEST['profile']) {
$r = q("select id, is_default from profile where id = %d and uid = %d limit 1", intval($_REQUEST['profile']), intval(local_channel()));
if ($r && !intval($r[0]['is_default'])) {
$is_default_profile = 0;
}
}
// phase 2 - we have finished cropping
if (argc() != 2) {
notice(t('Image uploaded but image cropping failed.') . EOL);
return;
}
$image_id = argv(1);
if (substr($image_id, -2, 1) == '-') {
$scale = substr($image_id, -1, 1);
$image_id = substr($image_id, 0, -2);
}
$srcX = $_POST['xstart'];
$srcY = $_POST['ystart'];
$srcW = $_POST['xfinal'] - $srcX;
$srcH = $_POST['yfinal'] - $srcY;
$r = q("SELECT * FROM photo WHERE resource_id = '%s' AND uid = %d AND scale = %d LIMIT 1", dbesc($image_id), dbesc(local_channel()), intval($scale));
if ($r) {
$base_image = $r[0];
$base_image['data'] = dbunescbin($base_image['data']);
$im = photo_factory($base_image['data'], $base_image['type']);
if ($im->is_valid()) {
$im->cropImage(175, $srcX, $srcY, $srcW, $srcH);
$aid = get_account_id();
$p = array('aid' => $aid, 'uid' => local_channel(), 'resource_id' => $base_image['resource_id'], 'filename' => $base_image['filename'], 'album' => t('Profile Photos'));
$p['scale'] = 4;
$p['photo_flags'] = $is_default_profile ? PHOTO_PROFILE : PHOTO_NORMAL;
$r1 = $im->save($p);
$im->scaleImage(80);
$p['scale'] = 5;
$r2 = $im->save($p);
$im->scaleImage(48);
$p['scale'] = 6;
$r3 = $im->save($p);
if ($r1 === false || $r2 === false || $r3 === false) {
// if one failed, delete them all so we can start over.
notice(t('Image resize failed.') . EOL);
$x = q("delete from photo where resource_id = '%s' and uid = %d and scale >= 4 ", dbesc($base_image['resource_id']), local_channel());
return;
}
// If setting for the default profile, unset the profile photo flag from any other photos I own
if ($is_default_profile) {
$r = q("UPDATE photo SET profile = 0 WHERE profile = 1 AND resource_id != '%s' AND `uid` = %d", dbesc($base_image['resource_id']), intval(local_channel()));
$r = q("UPDATE photo SET photo_flags = ( photo_flags & ~%d ) WHERE ( photo_flags & %d )>0 \n\t\t\t\t\t\tAND resource_id != '%s' AND `uid` = %d", intval(PHOTO_PROFILE), intval(PHOTO_PROFILE), dbesc($base_image['resource_id']), intval(local_channel()));
} else {
$r = q("update profile set photo = '%s', thumb = '%s' where id = %d and uid = %d", dbesc($a->get_baseurl() . '/photo/' . $base_image['resource_id'] . '-4'), dbesc($a->get_baseurl() . '/photo/' . $base_image['resource_id'] . '-5'), intval($_REQUEST['profile']), intval(local_channel()));
}
// We'll set the updated profile-photo timestamp even if it isn't the default profile,
// so that browsers will do a cache update unconditionally
$channel = $a->get_channel();
$r = q("UPDATE xchan set xchan_photo_mimetype = '%s', xchan_photo_date = '%s' \n\t\t\t\t\twhere xchan_hash = '%s'", dbesc($im->getType()), dbesc(datetime_convert()), dbesc($channel['xchan_hash']));
info(t('Shift-reload the page or clear browser cache if the new photo does not display immediately.') . EOL);
// Update directory in background
proc_run('php', "include/directory.php", $channel['channel_id']);
// Now copy profile-permissions to pictures, to prevent privacyleaks by automatically created folder 'Profile Pictures'
profile_photo_set_profile_perms($_REQUEST['profile']);
} else {
notice(t('Unable to process image') . EOL);
}
}
goaway($a->get_baseurl() . '/profiles');
return;
// NOTREACHED
}
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$filetype = $_FILES['userfile']['type'];
if ($filetype == "") {
$filetype = guess_image_type($filename);
}
$maximagesize = get_config('system', 'maximagesize');
if ($maximagesize && $filesize > $maximagesize) {
notice(sprintf(t('Image exceeds size limit of %d'), $maximagesize) . EOL);
@unlink($src);
return;
}
$imagedata = @file_get_contents($src);
$ph = photo_factory($imagedata, $filetype);
if (!$ph->is_valid()) {
notice(t('Unable to process image.') . EOL);
@unlink($src);
return;
}
$ph->orient($src);
@unlink($src);
return profile_photo_crop_ui_head($a, $ph);
}
function wall_upload_post(&$a, $desktopmode = true)
{
logger("wall upload: starting new upload", LOGGER_DEBUG);
$r_json = x($_GET, 'response') && $_GET['response'] == 'json';
if ($a->argc > 1) {
if (!x($_FILES, 'media')) {
$nick = $a->argv[1];
$r = q("SELECT `user`.*, `contact`.`id` FROM `user` INNER JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($nick));
if (!count($r)) {
if ($r_json) {
echo json_encode(['error' => t('Invalid request.')]);
killme();
}
return;
}
} else {
$user_info = api_get_user($a);
$r = q("SELECT `user`.*, `contact`.`id` FROM `user` INNER JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($user_info['screen_name']));
}
} else {
if ($r_json) {
echo json_encode(['error' => t('Invalid request.')]);
killme();
}
return;
}
$can_post = false;
$visitor = 0;
$page_owner_uid = $r[0]['uid'];
$default_cid = $r[0]['id'];
$page_owner_nick = $r[0]['nickname'];
$community_page = $r[0]['page-flags'] == PAGE_COMMUNITY ? true : false;
if (local_user() && local_user() == $page_owner_uid) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
$cid = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $page_owner_uid) {
$cid = $v['cid'];
break;
}
}
}
if ($cid) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($cid), intval($page_owner_uid));
if (count($r)) {
$can_post = true;
$visitor = $cid;
}
}
}
}
if (!$can_post) {
if ($r_json) {
echo json_encode(['error' => t('Permission denied.')]);
killme();
}
notice(t('Permission denied.') . EOL);
killme();
}
if (!x($_FILES, 'userfile') && !x($_FILES, 'media')) {
if ($r_json) {
echo json_encode(['error' => t('Invalid request.')]);
killme();
}
killme();
}
$src = "";
if (x($_FILES, 'userfile')) {
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$filetype = $_FILES['userfile']['type'];
} elseif (x($_FILES, 'media')) {
if (is_array($_FILES['media']['tmp_name'])) {
$src = $_FILES['media']['tmp_name'][0];
} else {
$src = $_FILES['media']['tmp_name'];
}
if (is_array($_FILES['media']['name'])) {
$filename = basename($_FILES['media']['name'][0]);
} else {
$filename = basename($_FILES['media']['name']);
}
if (is_array($_FILES['media']['size'])) {
$filesize = intval($_FILES['media']['size'][0]);
} else {
$filesize = intval($_FILES['media']['size']);
}
if (is_array($_FILES['media']['type'])) {
$filetype = $_FILES['media']['type'][0];
} else {
$filetype = $_FILES['media']['type'];
}
}
if ($src == "") {
if ($r_json) {
echo json_encode(['error' => t('Invalid request.')]);
killme();
}
notice(t('Invalid request.') . EOL);
killme();
}
// This is a special treatment for picture upload from Twidere
if ($filename == "octet-stream" and $filetype != "") {
$filename = $filetype;
$filetype = "";
}
if ($filetype == "") {
$filetype = guess_image_type($filename);
}
// If there is a temp name, then do a manual check
// This is more reliable than the provided value
$imagedata = getimagesize($src);
if ($imagedata) {
$filetype = $imagedata['mime'];
}
logger("File upload src: " . $src . " - filename: " . $filename . " - size: " . $filesize . " - type: " . $filetype, LOGGER_DEBUG);
$maximagesize = get_config('system', 'maximagesize');
if ($maximagesize && $filesize > $maximagesize) {
$msg = sprintf(t('Image exceeds size limit of %s'), formatBytes($maximagesize));
if ($r_json) {
echo json_encode(['error' => $msg]);
} else {
echo $msg . EOL;
}
@unlink($src);
killme();
}
$r = q("select sum(octet_length(data)) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ", intval($page_owner_uid));
$limit = service_class_fetch($page_owner_uid, 'photo_upload_limit');
if ($limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) {
$msg = upgrade_message(true);
if ($r_json) {
echo json_encode(['error' => $msg]);
} else {
echo $msg . EOL;
}
@unlink($src);
killme();
}
$imagedata = @file_get_contents($src);
$ph = new Photo($imagedata, $filetype);
if (!$ph->is_valid()) {
$msg = t('Unable to process image.');
if ($r_json) {
echo json_encode(['error' => $msg]);
} else {
echo $msg . EOL;
}
@unlink($src);
killme();
}
$ph->orient($src);
@unlink($src);
$max_length = get_config('system', 'max_image_length');
if (!$max_length) {
$max_length = MAX_IMAGE_LENGTH;
}
if ($max_length > 0) {
$ph->scaleImage($max_length);
logger("File upload: Scaling picture to new size " . $max_length, LOGGER_DEBUG);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$hash = photo_new_resource();
$smallest = 0;
$defperm = '<' . $default_cid . '>';
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, $defperm);
if (!$r) {
$msg = t('Image upload failed.');
if ($r_json) {
echo json_encode(['error' => $msg]);
} else {
echo $msg . EOL;
}
killme();
}
if ($width > 640 || $height > 640) {
$ph->scaleImage(640);
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, $defperm);
if ($r) {
$smallest = 1;
}
}
if ($width > 320 || $height > 320) {
$ph->scaleImage(320);
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, $defperm);
if ($r and $smallest == 0) {
$smallest = 2;
}
}
$basename = basename($filename);
if (!$desktopmode) {
$r = q("SELECT `id`, `datasize`, `width`, `height`, `type` FROM `photo` WHERE `resource-id` = '%s' ORDER BY `width` DESC LIMIT 1", $hash);
if (!$r) {
if ($r_json) {
echo json_encode(['error' => '']);
killme();
}
return false;
}
$picture = array();
$picture["id"] = $r[0]["id"];
$picture["size"] = $r[0]["datasize"];
$picture["width"] = $r[0]["width"];
$picture["height"] = $r[0]["height"];
$picture["type"] = $r[0]["type"];
$picture["albumpage"] = $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash;
$picture["picture"] = $a->get_baseurl() . "/photo/{$hash}-0." . $ph->getExt();
$picture["preview"] = $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt();
if ($r_json) {
echo json_encode(['picture' => $picture]);
killme();
}
return $picture;
}
if ($r_json) {
echo json_encode(['ok' => true]);
killme();
}
/* mod Waitman Gobble NO WARRANTY */
//if we get the signal then return the image url info in BBCODE, otherwise this outputs the info and bails (for the ajax image uploader on wall post)
if ($_REQUEST['hush'] != 'yeah') {
if (local_user() && (!feature_enabled(local_user(), 'richtext') || x($_REQUEST['nomce']))) {
echo "\n\n" . '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "[/img][/url]\n\n";
} else {
echo '<br /><br /><a href="' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '" ><img src="' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "\" alt=\"{$basename}\" /></a><br /><br />";
}
} else {
$m = '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "[/img][/url]";
return $m;
}
/* mod Waitman Gobble NO WARRANTY */
killme();
// NOTREACHED
}
function import_xchan_photo($photo, $xchan, $thing = false)
{
$flags = $thing ? PHOTO_THING : PHOTO_XCHAN;
$album = $thing ? 'Things' : 'Contact Photos';
logger('import_xchan_photo: updating channel photo from ' . $photo . ' for ' . $xchan, LOGGER_DEBUG);
if ($thing) {
$hash = photo_new_resource();
} else {
$r = q("select resource_id from photo where xchan = '%s' and photo_usage = %d and imgscale = 4 limit 1", dbesc($xchan), intval(PHOTO_XCHAN));
if ($r) {
$hash = $r[0]['resource_id'];
} else {
$hash = photo_new_resource();
}
}
$photo_failure = false;
$img_str = '';
if ($photo) {
$filename = basename($photo);
$result = z_fetch_url($photo, true);
if ($result['success']) {
$img_str = $result['body'];
$type = guess_image_type($photo, $result['header']);
$h = explode("\n", $result['header']);
if ($h) {
foreach ($h as $hl) {
if (stristr($hl, 'content-type:')) {
if (!stristr($hl, 'image/')) {
$photo_failure = true;
}
}
}
}
}
} else {
$photo_failure = true;
}
if (!$photo_failure) {
$img = photo_factory($img_str, $type);
if ($img->is_valid()) {
$width = $img->getWidth();
$height = $img->getHeight();
if ($width && $height) {
if ($width / $height > 1.2) {
// crop out the sides
$margin = $width - $height;
$img->cropImage(300, $margin / 2, 0, $height, $height);
} elseif ($height / $width > 1.2) {
// crop out the bottom
$margin = $height - $width;
$img->cropImage(300, 0, 0, $width, $width);
} else {
$img->scaleImageSquare(300);
}
} else {
$photo_failure = true;
}
$p = array('xchan' => $xchan, 'resource_id' => $hash, 'filename' => basename($photo), 'album' => $album, 'photo_usage' => $flags, 'imgscale' => 4);
$r = $img->save($p);
if ($r === false) {
$photo_failure = true;
}
$img->scaleImage(80);
$p['imgscale'] = 5;
$r = $img->save($p);
if ($r === false) {
$photo_failure = true;
}
$img->scaleImage(48);
$p['imgscale'] = 6;
$r = $img->save($p);
if ($r === false) {
$photo_failure = true;
}
$photo = z_root() . '/photo/' . $hash . '-4';
$thumb = z_root() . '/photo/' . $hash . '-5';
$micro = z_root() . '/photo/' . $hash . '-6';
} else {
logger('import_xchan_photo: invalid image from ' . $photo);
$photo_failure = true;
}
}
if ($photo_failure) {
$photo = z_root() . '/' . get_default_profile_photo();
$thumb = z_root() . '/' . get_default_profile_photo(80);
$micro = z_root() . '/' . get_default_profile_photo(48);
$type = 'image/png';
}
return array($photo, $thumb, $micro, $type, $photo_failure);
}
function get()
{
$noid = get_config('system', 'disable_openid');
if ($noid) {
goaway(z_root());
}
logger('mod_openid ' . print_r($_REQUEST, true), LOGGER_DATA);
if (x($_REQUEST, 'openid_mode')) {
$openid = new LightOpenID(z_root());
if ($openid->validate()) {
logger('openid: validate');
$authid = normalise_openid($_REQUEST['openid_identity']);
if (!strlen($authid)) {
logger(t('OpenID protocol error. No ID returned.') . EOL);
goaway(z_root());
}
$x = match_openid($authid);
if ($x) {
$r = q("select * from channel where channel_id = %d limit 1", intval($x));
if ($r) {
$y = q("select * from account where account_id = %d limit 1", intval($r[0]['channel_account_id']));
if ($y) {
foreach ($y as $record) {
if ($record['account_flags'] == ACCOUNT_OK || $record['account_flags'] == ACCOUNT_UNVERIFIED) {
logger('mod_openid: openid success for ' . $x[0]['channel_name']);
$_SESSION['uid'] = $r[0]['channel_id'];
$_SESSION['account_id'] = $r[0]['channel_account_id'];
$_SESSION['authenticated'] = true;
authenticate_success($record, $r[0], true, true, true, true);
goaway(z_root());
}
}
}
}
}
// Successful OpenID login - but we can't match it to an existing account.
// See if they've got an xchan
$r = q("select * from xconfig left join xchan on xchan_hash = xconfig.xchan where cat = 'system' and k = 'openid' and v = '%s' limit 1", dbesc($authid));
if ($r) {
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $r[0]['xchan_hash'];
$_SESSION['my_url'] = $r[0]['xchan_url'];
$_SESSION['my_address'] = $r[0]['xchan_addr'];
$arr = array('xchan' => $r[0], 'session' => $_SESSION);
call_hooks('magic_auth_openid_success', $arr);
\App::set_observer($r[0]);
require_once 'include/security.php';
\App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
info(sprintf(t('Welcome %s. Remote authentication successful.'), $r[0]['xchan_name']));
logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']);
if ($_SESSION['return_url']) {
goaway($_SESSION['return_url']);
}
goaway(z_root());
}
// no xchan...
// create one.
// We should probably probe the openid url and figure out if they have any kind of
// social presence we might be able to scrape some identifying info from.
$name = $authid;
$url = trim($_REQUEST['openid_identity'], '/');
if (strpos($url, 'http') === false) {
$url = 'https://' . $url;
}
$pphoto = z_root() . '/' . get_default_profile_photo();
$parsed = @parse_url($url);
if ($parsed) {
$host = $parsed['host'];
}
$attr = $openid->getAttributes();
if (is_array($attr) && count($attr)) {
foreach ($attr as $k => $v) {
if ($k === 'namePerson/friendly') {
$nick = notags(trim($v));
}
if ($k === 'namePerson/first') {
$first = notags(trim($v));
}
if ($k === 'namePerson') {
$name = notags(trim($v));
}
if ($k === 'contact/email') {
$addr = notags(trim($v));
}
if ($k === 'media/image/aspect11') {
$photosq = trim($v);
}
if ($k === 'media/image/default') {
$photo_other = trim($v);
}
}
}
if (!$nick) {
if ($first) {
$nick = $first;
} else {
$nick = $name;
}
}
require_once 'library/urlify/URLify.php';
$x = strtolower(\URLify::transliterate($nick));
if ($nick & $host) {
$addr = $nick . '@' . $host;
}
$network = 'unknown';
if ($photosq) {
$pphoto = $photosq;
} elseif ($photo_other) {
$pphoto = $photo_other;
}
$mimetype = guess_image_type($pphoto);
$x = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_mimetype,\n\t xchan_photo_l, xchan_addr, xchan_url, xchan_connurl, xchan_follow, xchan_connpage, xchan_name, xchan_network, xchan_photo_date, \n\t\t\t\t\txchan_name_date, xchan_hidden)\n\t values ( '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 1) ", dbesc($url), dbesc(''), dbesc(''), dbesc(''), dbesc($mimetype), dbesc($pphoto), dbesc($addr), dbesc($url), dbesc(''), dbesc(''), dbesc(''), dbesc($name), dbesc($network), dbesc(datetime_convert()), dbesc(datetime_convert()));
if ($x) {
$r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($url));
if ($r) {
$photos = import_xchan_photo($pphoto, $url);
if ($photos) {
$z = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', \n\t\t\t\t\t\t\t\txchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", dbesc(datetime_convert()), dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), dbesc($photos[3]), dbesc($url));
}
set_xconfig($url, 'system', 'openid', $authid);
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $r[0]['xchan_hash'];
$_SESSION['my_url'] = $r[0]['xchan_url'];
$_SESSION['my_address'] = $r[0]['xchan_addr'];
$arr = array('xchan' => $r[0], 'session' => $_SESSION);
call_hooks('magic_auth_openid_success', $arr);
\App::set_observer($r[0]);
info(sprintf(t('Welcome %s. Remote authentication successful.'), $r[0]['xchan_name']));
logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']);
if ($_SESSION['return_url']) {
goaway($_SESSION['return_url']);
}
goaway(z_root());
}
}
}
}
notice(t('Login failed.') . EOL);
goaway(z_root());
// NOTREACHED
}
function scale_external_images($s, $include_link = true, $scale_replace = false)
{
$a = get_app();
// Picture addresses can contain special characters
$s = htmlspecialchars_decode($s, ENT_COMPAT);
$matches = null;
$c = preg_match_all('/\\[([zi])mg(.*?)\\](.*?)\\[\\/[zi]mg\\]/ism', $s, $matches, PREG_SET_ORDER);
if ($c) {
require_once 'include/photo/photo_driver.php';
foreach ($matches as $mtch) {
logger('scale_external_image: ' . $mtch[2] . ' ' . $mtch[3]);
if (substr($mtch[1], 0, 1) == '=') {
$owidth = intval(substr($mtch[2], 1));
if (intval($owidth) > 0 && intval($owidth) < 1024) {
continue;
}
}
$hostname = str_replace('www.', '', substr($a->get_baseurl(), strpos($a->get_baseurl(), '://') + 3));
if (stristr($mtch[3], $hostname)) {
continue;
}
// $scale_replace, if passed, is an array of two elements. The
// first is the name of the full-size image. The second is the
// name of a remote, scaled-down version of the full size image.
// This allows Friendica to display the smaller remote image if
// one exists, while still linking to the full-size image
if ($scale_replace) {
$scaled = str_replace($scale_replace[0], $scale_replace[1], $mtch[3]);
} else {
$scaled = $mtch[3];
}
$i = z_fetch_url($scaled, true);
$cache = get_config('system', 'itemcache');
if ($cache != '' and is_dir($cache)) {
$cachefile = $cache . "/" . hash("md5", $scaled);
file_put_contents($cachefile, $i['body']);
}
// guess mimetype from headers or filename
$type = guess_image_type($mtch[3], $i['header']);
if (strpos($type, 'image') === false) {
continue;
}
if ($i['success']) {
$ph = photo_factory($i['body'], $type);
if ($ph->is_valid()) {
$orig_width = $ph->getWidth();
$orig_height = $ph->getHeight();
if ($orig_width > 1024 || $orig_height > 1024) {
$tag = $match[1] == 'z' ? 'zmg' : 'img';
$ph->scaleImage(1024);
$new_width = $ph->getWidth();
$new_height = $ph->getHeight();
logger('scale_external_images: ' . $orig_width . '->' . $new_width . 'w ' . $orig_height . '->' . $new_height . 'h' . ' match: ' . $mtch[0], LOGGER_DEBUG);
$s = str_replace($mtch[0], '[' . $tag . '=' . $new_width . 'x' . $new_height . ']' . $scaled . '[/' . $tag . ']' . "\n" . ($include_link ? '[zrl=' . $mtch[2] . ']' . t('view full size') . '[/zrl]' . "\n" : ''), $s);
logger('scale_external_images: new string: ' . $s, LOGGER_DEBUG);
}
}
}
}
}
// replace the special char encoding
$s = htmlspecialchars($s, ENT_COMPAT, 'UTF-8');
return $s;
}
function profile_photo_post(&$a)
{
if (!local_user()) {
notice(t('Permission denied.') . EOL);
return;
}
check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
if (x($_POST, 'cropfinal') && $_POST['cropfinal'] == 1) {
// unless proven otherwise
$is_default_profile = 1;
if ($_REQUEST['profile']) {
$r = q("select id, `is-default` from profile where id = %d and uid = %d limit 1", intval($_REQUEST['profile']), intval(local_user()));
if (count($r) && !intval($r[0]['is-default'])) {
$is_default_profile = 0;
}
}
// phase 2 - we have finished cropping
if ($a->argc != 2) {
notice(t('Image uploaded but image cropping failed.') . EOL);
return;
}
$image_id = $a->argv[1];
if (substr($image_id, -2, 1) == '-') {
$scale = substr($image_id, -1, 1);
$image_id = substr($image_id, 0, -2);
}
$srcX = $_POST['xstart'];
$srcY = $_POST['ystart'];
$srcW = $_POST['xfinal'] - $srcX;
$srcH = $_POST['yfinal'] - $srcY;
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = %d LIMIT 1", dbesc($image_id), dbesc(local_user()), intval($scale));
if (count($r)) {
$base_image = $r[0];
$im = new Photo($base_image['data'], $base_image['type']);
if ($im->is_valid()) {
$im->cropImage(175, $srcX, $srcY, $srcW, $srcH);
$r = $im->store(local_user(), 0, $base_image['resource-id'], $base_image['filename'], t('Profile Photos'), 4, $is_default_profile);
if ($r === false) {
notice(sprintf(t('Image size reduction [%s] failed.'), "175") . EOL);
}
$im->scaleImage(80);
$r = $im->store(local_user(), 0, $base_image['resource-id'], $base_image['filename'], t('Profile Photos'), 5, $is_default_profile);
if ($r === false) {
notice(sprintf(t('Image size reduction [%s] failed.'), "80") . EOL);
}
$im->scaleImage(48);
$r = $im->store(local_user(), 0, $base_image['resource-id'], $base_image['filename'], t('Profile Photos'), 6, $is_default_profile);
if ($r === false) {
notice(sprintf(t('Image size reduction [%s] failed.'), "48") . EOL);
}
// If setting for the default profile, unset the profile photo flag from any other photos I own
if ($is_default_profile) {
$r = q("UPDATE `photo` SET `profile` = 0 WHERE `profile` = 1 AND `resource-id` != '%s' AND `uid` = %d", dbesc($base_image['resource-id']), intval(local_user()));
$r = q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `micro` = '%s' WHERE `self` AND `uid` = %d", dbesc($a->get_baseurl() . '/photo/' . $base_image['resource-id'] . '-4.' . $im->getExt()), dbesc($a->get_baseurl() . '/photo/' . $base_image['resource-id'] . '-5.' . $im->getExt()), dbesc($a->get_baseurl() . '/photo/' . $base_image['resource-id'] . '-6.' . $im->getExt()), intval(local_user()));
} else {
$r = q("update profile set photo = '%s', thumb = '%s' where id = %d and uid = %d", dbesc($a->get_baseurl() . '/photo/' . $base_image['resource-id'] . '-4.' . $im->getExt()), dbesc($a->get_baseurl() . '/photo/' . $base_image['resource-id'] . '-5.' . $im->getExt()), intval($_REQUEST['profile']), intval(local_user()));
}
// we'll set the updated profile-photo timestamp even if it isn't the default profile,
// so that browsers will do a cache update unconditionally
$r = q("UPDATE `contact` SET `avatar-date` = '%s' WHERE `self` = 1 AND `uid` = %d", dbesc(datetime_convert()), intval(local_user()));
info(t('Shift-reload the page or clear browser cache if the new photo does not display immediately.') . EOL);
// Update global directory in background
$url = $a->get_baseurl() . '/profile/' . $a->user['nickname'];
if ($url && strlen(get_config('system', 'directory'))) {
proc_run('php', "include/directory.php", "{$url}");
}
require_once 'include/profile_update.php';
profile_change();
} else {
notice(t('Unable to process image') . EOL);
}
}
goaway($a->get_baseurl() . '/profiles');
return;
// NOTREACHED
}
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$filetype = $_FILES['userfile']['type'];
if ($filetype == "") {
$filetype = guess_image_type($filename);
}
$maximagesize = get_config('system', 'maximagesize');
if ($maximagesize && $filesize > $maximagesize) {
notice(sprintf(t('Image exceeds size limit of %s'), formatBytes($maximagesize)) . EOL);
@unlink($src);
return;
}
$imagedata = @file_get_contents($src);
$ph = new Photo($imagedata, $filetype);
if (!$ph->is_valid()) {
notice(t('Unable to process image.') . EOL);
@unlink($src);
return;
}
$ph->orient($src);
@unlink($src);
return profile_photo_crop_ui_head($a, $ph);
}
function import_diaspora($data)
{
$a = get_app();
$account = $a->get_account();
if (!$account) {
return false;
}
$address = escape_tags($data['user']['username']);
if (!$address) {
notice(t('No username found in import file.') . EOL);
return false;
}
$r = q("select * from channel where channel_address = '%s' limit 1", dbesc($address));
if ($r) {
// try at most ten times to generate a unique address.
$x = 0;
$found_unique = false;
do {
$tmp = $address . mt_rand(1000, 9999);
$r = q("select * from channel where channel_address = '%s' limit 1", dbesc($tmp));
if (!$r) {
$address = $tmp;
$found_unique = true;
break;
}
$x++;
} while ($x < 10);
if (!$found_unique) {
logger('import_diaspora: duplicate channel address. randomisation failed.');
notice(t('Unable to create a unique channel address. Import failed.') . EOL);
return;
}
}
$c = create_identity(array('name' => escape_tags($data['user']['name']), 'nickname' => $address, 'account_id' => $account['account_id'], 'permissions_role' => 'social'));
if (!$c['success']) {
return;
}
$channel_id = $c['channel']['channel_id'];
// todo - add auto follow settings, (and strip exif in hubzilla)
$location = escape_tags($data['user']['profile']['location']);
if (!$location) {
$location = '';
}
q("update channel set channel_location = '%s' where channel_id = %d", dbesc($location), intval($channel_id));
if ($data['user']['profile']['nsfw']) {
// fixme for hubzilla which doesn't use pageflags any more
q("update channel set channel_pageflags = (channel_pageflags | %d) where channel_id = %d", intval(PAGE_ADULT), intval($channel_id));
}
if ($data['user']['profile']['image_url']) {
$p = z_fetch_url($data['user']['profile']['image_url'], true);
if ($p['success']) {
$rawbytes = $p['body'];
$type = guess_image_type('dummyfile', $p['header']);
import_channel_photo($rawbytes, $type, $c['channel']['channel_account_id'], $channel_id);
}
}
$gender = escape_tags($data['user']['profile']['gender']);
$about = diaspora2bb($data['user']['profile']['bio']);
$publish = intval($data['user']['profile']['searchable']);
if ($data['user']['profile']['birthday']) {
$dob = datetime_convert('UTC', 'UTC', $data['user']['profile']['birthday'], 'Y-m-d');
} else {
$dob = '0000-00-00';
}
// we're relying on the fact that this channel was just created and will only
// have the default profile currently
$r = q("update profile set gender = '%s', about = '%s', dob = '%s', publish = %d where uid = %d", dbesc($gender), dbesc($about), dbesc($dob), dbesc($publish), intval($channel_id));
if ($data['user']['aspects']) {
foreach ($data['user']['aspects'] as $aspect) {
group_add($channel_id, escape_tags($aspect['name']), intval($aspect['contacts_visible']));
}
}
// now add connections and send friend requests
if ($data['user']['contacts']) {
foreach ($data['user']['contacts'] as $contact) {
$result = new_contact($channel_id, $contact['person_diaspora_handle'], $c['channel']);
if ($result['success']) {
if ($contact['aspects']) {
foreach ($contact['aspects'] as $aspect) {
group_add_member($channel_id, $aspect['name'], $result['abook']['xchan_hash']);
}
}
}
}
}
// Then add items - note this can't be done until Diaspora adds guids to exported
// items and comments
// This will indirectly perform a refresh_all *and* update the directory
proc_run('php', 'include/directory.php', $channel_id);
notice(t('Import completed.') . EOL);
change_channel($channel_id);
goaway(z_root() . '/network');
}
function import_profile_photo($photo, $uid, $cid)
{
$a = get_app();
$r = q("select `resource-id` from photo where `uid` = %d and `contact-id` = %d and `scale` = 4 and `album` = 'Contact Photos' limit 1", intval($uid), intval($cid));
if (count($r) && strlen($r[0]['resource-id'])) {
$hash = $r[0]['resource-id'];
} else {
$hash = photo_new_resource();
}
$photo_failure = false;
$filename = basename($photo);
$img_str = fetch_url($photo, true);
$type = guess_image_type($photo, true);
$img = new Photo($img_str, $type);
if ($img->is_valid()) {
$img->scaleImageSquare(175);
$r = $img->store($uid, $cid, $hash, $filename, 'Contact Photos', 4);
if ($r === false) {
$photo_failure = true;
}
$img->scaleImage(80);
$r = $img->store($uid, $cid, $hash, $filename, 'Contact Photos', 5);
if ($r === false) {
$photo_failure = true;
}
$img->scaleImage(48);
$r = $img->store($uid, $cid, $hash, $filename, 'Contact Photos', 6);
if ($r === false) {
$photo_failure = true;
}
$photo = $a->get_baseurl() . '/photo/' . $hash . '-4.' . $img->getExt();
$thumb = $a->get_baseurl() . '/photo/' . $hash . '-5.' . $img->getExt();
$micro = $a->get_baseurl() . '/photo/' . $hash . '-6.' . $img->getExt();
} else {
$photo_failure = true;
}
if ($photo_failure) {
$photo = $a->get_baseurl() . '/images/person-175.jpg';
$thumb = $a->get_baseurl() . '/images/person-80.jpg';
$micro = $a->get_baseurl() . '/images/person-48.jpg';
}
return array($photo, $thumb, $micro);
}
function scale_external_images($srctext, $include_link = true, $scale_replace = false)
{
// Suppress "view full size"
if (intval(get_config('system', 'no_view_full_size'))) {
$include_link = false;
}
$a = get_app();
// Picture addresses can contain special characters
$s = htmlspecialchars_decode($srctext);
$matches = null;
$c = preg_match_all('/\\[img.*?\\](.*?)\\[\\/img\\]/ism', $s, $matches, PREG_SET_ORDER);
if ($c) {
require_once 'include/Photo.php';
foreach ($matches as $mtch) {
logger('scale_external_image: ' . $mtch[1]);
$hostname = str_replace('www.', '', substr($a->get_baseurl(), strpos($a->get_baseurl(), '://') + 3));
if (stristr($mtch[1], $hostname)) {
continue;
}
// $scale_replace, if passed, is an array of two elements. The
// first is the name of the full-size image. The second is the
// name of a remote, scaled-down version of the full size image.
// This allows Friendica to display the smaller remote image if
// one exists, while still linking to the full-size image
if ($scale_replace) {
$scaled = str_replace($scale_replace[0], $scale_replace[1], $mtch[1]);
} else {
$scaled = $mtch[1];
}
$i = @fetch_url($scaled);
if (!$i) {
return $srctext;
}
// guess mimetype from headers or filename
$type = guess_image_type($mtch[1], true);
if ($i) {
$ph = new Photo($i, $type);
if ($ph->is_valid()) {
$orig_width = $ph->getWidth();
$orig_height = $ph->getHeight();
if ($orig_width > 640 || $orig_height > 640) {
$ph->scaleImage(640);
$new_width = $ph->getWidth();
$new_height = $ph->getHeight();
logger('scale_external_images: ' . $orig_width . '->' . $new_width . 'w ' . $orig_height . '->' . $new_height . 'h' . ' match: ' . $mtch[0], LOGGER_DEBUG);
$s = str_replace($mtch[0], '[img=' . $new_width . 'x' . $new_height . ']' . $scaled . '[/img]' . "\n" . ($include_link ? '[url=' . $mtch[1] . ']' . t('view full size') . '[/url]' . "\n" : ''), $s);
logger('scale_external_images: new string: ' . $s, LOGGER_DEBUG);
}
}
}
}
}
// replace the special char encoding
$s = htmlspecialchars($s, ENT_NOQUOTES, 'UTF-8');
return $s;
}
function photos_post(&$a)
{
logger('mod-photos: photos_post: begin', LOGGER_DEBUG);
logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA);
logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA);
$phototypes = Photo::supportedTypes();
$can_post = false;
$visitor = 0;
$page_owner_uid = $a->data['user']['uid'];
$community_page = $a->data['user']['page-flags'] == PAGE_COMMUNITY ? true : false;
if (local_user() && local_user() == $page_owner_uid) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
$cid = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $page_owner_uid) {
$cid = $v['cid'];
break;
}
}
}
if ($cid) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($cid), intval($page_owner_uid));
if (count($r)) {
$can_post = true;
$visitor = $cid;
}
}
}
}
if (!$can_post) {
notice(t('Permission denied.') . EOL);
killme();
}
$r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` \n\t\tWHERE `user`.`uid` = %d AND `self` = 1 LIMIT 1", intval($page_owner_uid));
if (!count($r)) {
notice(t('Contact information unavailable') . EOL);
logger('photos_post: unable to locate contact record for page owner. uid=' . $page_owner_uid);
killme();
}
$owner_record = $r[0];
if ($a->argc > 3 && $a->argv[2] === 'album') {
$album = hex2bin($a->argv[3]);
if ($album === t('Profile Photos') || $album === 'Contact Photos' || $album === t('Contact Photos')) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
return;
// NOTREACHED
}
$r = q("SELECT count(*) FROM `photo` WHERE `album` = '%s' AND `uid` = %d", dbesc($album), intval($page_owner_uid));
if (!count($r)) {
notice(t('Album not found.') . EOL);
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
return;
// NOTREACHED
}
// Check if the user has responded to a delete confirmation query
if ($_REQUEST['canceled']) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
$newalbum = notags(trim($_POST['albumname']));
if ($newalbum != $album) {
q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d", dbesc($newalbum), dbesc($album), intval($page_owner_uid));
$newurl = str_replace(bin2hex($album), bin2hex($newalbum), $_SESSION['photo_return']);
goaway($a->get_baseurl() . '/' . $newurl);
return;
// NOTREACHED
}
if ($_POST['dropalbum'] == t('Delete Album')) {
// Check if we should do HTML-based delete confirmation
if ($_REQUEST['confirm']) {
$drop_url = $a->query_string;
$extra_inputs = array(array('name' => 'albumname', 'value' => $_POST['albumname']));
$a->page['content'] = replace_macros(get_markup_template('confirm.tpl'), array('$method' => 'post', '$message' => t('Do you really want to delete this photo album and all its photos?'), '$extra_inputs' => $extra_inputs, '$confirm' => t('Delete Album'), '$confirm_url' => $drop_url, '$confirm_name' => 'dropalbum', '$cancel' => t('Cancel')));
$a->error = 1;
// Set $a->error so the other module functions don't execute
return;
}
$res = array();
// get the list of photos we are about to delete
if ($visitor) {
$r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `album` = '%s'", intval($visitor), intval($page_owner_uid), dbesc($album));
} else {
$r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `uid` = %d AND `album` = '%s'", intval(local_user()), dbesc($album));
}
if (count($r)) {
foreach ($r as $rr) {
$res[] = "'" . dbesc($rr['rid']) . "'";
}
} else {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
return;
// NOTREACHED
}
$str_res = implode(',', $res);
// remove the associated photos
q("DELETE FROM `photo` WHERE `resource-id` IN ( {$str_res} ) AND `uid` = %d", intval($page_owner_uid));
// find and delete the corresponding item with all the comments and likes/dislikes
$r = q("SELECT `parent-uri` FROM `item` WHERE `resource-id` IN ( {$str_res} ) AND `uid` = %d", intval($page_owner_uid));
if (count($r)) {
foreach ($r as $rr) {
q("UPDATE `item` SET `deleted` = 1, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d", dbesc(datetime_convert()), dbesc($rr['parent-uri']), intval($page_owner_uid));
create_tags_from_itemuri($rr['parent-uri'], $page_owner_uid);
delete_thread_uri($rr['parent-uri'], $page_owner_uid);
$drop_id = intval($rr['id']);
// send the notification upstream/downstream as the case may be
if ($rr['visible']) {
proc_run('php', "include/notifier.php", "drop", "{$drop_id}");
}
}
}
}
goaway($a->get_baseurl() . '/photos/' . $a->data['user']['nickname']);
return;
// NOTREACHED
}
// Check if the user has responded to a delete confirmation query for a single photo
if ($a->argc > 2 && $_REQUEST['canceled']) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
if ($a->argc > 2 && x($_POST, 'delete') && $_POST['delete'] == t('Delete Photo')) {
// same as above but remove single photo
// Check if we should do HTML-based delete confirmation
if ($_REQUEST['confirm']) {
$drop_url = $a->query_string;
$a->page['content'] = replace_macros(get_markup_template('confirm.tpl'), array('$method' => 'post', '$message' => t('Do you really want to delete this photo?'), '$extra_inputs' => array(), '$confirm' => t('Delete Photo'), '$confirm_url' => $drop_url, '$confirm_name' => 'delete', '$cancel' => t('Cancel')));
$a->error = 1;
// Set $a->error so the other module functions don't execute
return;
}
if ($visitor) {
$r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `resource-id` = '%s' LIMIT 1", intval($visitor), intval($page_owner_uid), dbesc($a->argv[2]));
} else {
$r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' LIMIT 1", intval(local_user()), dbesc($a->argv[2]));
}
if (count($r)) {
q("DELETE FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'", intval($page_owner_uid), dbesc($r[0]['resource-id']));
$i = q("SELECT * FROM `item` WHERE `resource-id` = '%s' AND `uid` = %d LIMIT 1", dbesc($r[0]['resource-id']), intval($page_owner_uid));
if (count($i)) {
q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d", dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($i[0]['uri']), intval($page_owner_uid));
create_tags_from_itemuri($i[0]['uri'], $page_owner_uid);
delete_thread_uri($i[0]['uri'], $page_owner_uid);
$url = $a->get_baseurl();
$drop_id = intval($i[0]['id']);
if ($i[0]['visible']) {
proc_run('php', "include/notifier.php", "drop", "{$drop_id}");
}
}
}
goaway($a->get_baseurl() . '/photos/' . $a->data['user']['nickname']);
return;
// NOTREACHED
}
if ($a->argc > 2 && (x($_POST, 'desc') !== false || x($_POST, 'newtag') !== false) || x($_POST, 'albname') !== false) {
$desc = x($_POST, 'desc') ? notags(trim($_POST['desc'])) : '';
$rawtags = x($_POST, 'newtag') ? notags(trim($_POST['newtag'])) : '';
$item_id = x($_POST, 'item_id') ? intval($_POST['item_id']) : 0;
$albname = x($_POST, 'albname') ? notags(trim($_POST['albname'])) : '';
$str_group_allow = perms2str($_POST['group_allow']);
$str_contact_allow = perms2str($_POST['contact_allow']);
$str_group_deny = perms2str($_POST['group_deny']);
$str_contact_deny = perms2str($_POST['contact_deny']);
$resource_id = $a->argv[2];
if (!strlen($albname)) {
$albname = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y');
}
if (x($_POST, 'rotate') !== false && (intval($_POST['rotate']) == 1 || intval($_POST['rotate']) == 2)) {
logger('rotate');
$r = q("select * from photo where `resource-id` = '%s' and uid = %d and scale = 0 limit 1", dbesc($resource_id), intval($page_owner_uid));
if (count($r)) {
$ph = new Photo($r[0]['data'], $r[0]['type']);
if ($ph->is_valid()) {
$rotate_deg = intval($_POST['rotate']) == 1 ? 270 : 90;
$ph->rotate($rotate_deg);
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource-id` = '%s' and uid = %d and scale = 0", dbesc($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 640 || $height > 640) {
$ph->scaleImage(640);
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource-id` = '%s' and uid = %d and scale = 1", dbesc($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
}
if ($width > 320 || $height > 320) {
$ph->scaleImage(320);
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource-id` = '%s' and uid = %d and scale = 2", dbesc($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
}
}
}
}
$p = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ORDER BY `scale` DESC", dbesc($resource_id), intval($page_owner_uid));
if (count($p)) {
$ext = $phototypes[$p[0]['type']];
$r = q("UPDATE `photo` SET `desc` = '%s', `album` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource-id` = '%s' AND `uid` = %d", dbesc($desc), dbesc($albname), dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), dbesc($resource_id), intval($page_owner_uid));
}
/* Don't make the item visible if the only change was the album name */
$visibility = 0;
if ($p[0]['desc'] !== $desc || strlen($rawtags)) {
$visibility = 1;
}
if (!$item_id) {
// Create item container
$title = '';
$uri = item_new_uri($a->get_hostname(), $page_owner_uid);
$arr = array();
$arr['uid'] = $page_owner_uid;
$arr['uri'] = $uri;
$arr['parent-uri'] = $uri;
$arr['type'] = 'photo';
$arr['wall'] = 1;
$arr['resource-id'] = $p[0]['resource-id'];
$arr['contact-id'] = $owner_record['id'];
$arr['owner-name'] = $owner_record['name'];
$arr['owner-link'] = $owner_record['url'];
$arr['owner-avatar'] = $owner_record['thumb'];
$arr['author-name'] = $owner_record['name'];
$arr['author-link'] = $owner_record['url'];
$arr['author-avatar'] = $owner_record['thumb'];
$arr['title'] = $title;
$arr['allow_cid'] = $p[0]['allow_cid'];
$arr['allow_gid'] = $p[0]['allow_gid'];
$arr['deny_cid'] = $p[0]['deny_cid'];
$arr['deny_gid'] = $p[0]['deny_gid'];
$arr['last-child'] = 1;
$arr['visible'] = $visibility;
$arr['origin'] = 1;
$arr['body'] = '[url=' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . $a->get_baseurl() . '/photo/' . $p[0]['resource-id'] . '-' . $p[0]['scale'] . '.' . $ext . '[/img]' . '[/url]';
$item_id = item_store($arr);
}
if ($item_id) {
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item_id), intval($page_owner_uid));
}
if (count($r)) {
$old_tag = $r[0]['tag'];
$old_inform = $r[0]['inform'];
}
if (strlen($rawtags)) {
$str_tags = '';
$inform = '';
// if the new tag doesn't have a namespace specifier (@foo or #foo) give it a hashtag
$x = substr($rawtags, 0, 1);
if ($x !== '@' && $x !== '#') {
$rawtags = '#' . $rawtags;
}
$taginfo = array();
$tags = get_tags($rawtags);
if (count($tags)) {
foreach ($tags as $tag) {
if (isset($profile)) {
unset($profile);
}
if (strpos($tag, '@') === 0) {
$name = substr($tag, 1);
if (strpos($name, '@') || strpos($name, 'http://')) {
$newname = $name;
$links = @lrdd($name);
if (count($links)) {
foreach ($links as $link) {
if ($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page') {
$profile = $link['@attributes']['href'];
}
if ($link['@attributes']['rel'] === 'salmon') {
$salmon = '$url:' . str_replace(',', '%sc', $link['@attributes']['href']);
if (strlen($inform)) {
$inform .= ',';
}
$inform .= $salmon;
}
}
}
$taginfo[] = array($newname, $profile, $salmon);
} else {
$newname = $name;
$alias = '';
$tagcid = 0;
if (strrpos($newname, '+')) {
$tagcid = intval(substr($newname, strrpos($newname, '+') + 1));
}
if ($tagcid) {
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($tagcid), intval($profile_uid));
} else {
$newname = str_replace('_', ' ', $name);
//select someone from this user's contacts by name
$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", dbesc($newname), intval($page_owner_uid));
if (!$r) {
//select someone by attag or nick and the name passed in
$r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1", dbesc($name), dbesc($name), intval($page_owner_uid));
}
}
/* elseif(strstr($name,'_') || strstr($name,' ')) {
$newname = str_replace('_',' ',$name);
$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
dbesc($newname),
intval($page_owner_uid)
);
}
else {
$r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
dbesc($name),
dbesc($name),
intval($page_owner_uid)
);
}*/
if (count($r)) {
$newname = $r[0]['name'];
$profile = $r[0]['url'];
$notify = 'cid:' . $r[0]['id'];
if (strlen($inform)) {
$inform .= ',';
}
$inform .= $notify;
}
}
if ($profile) {
if (substr($notify, 0, 4) === 'cid:') {
$taginfo[] = array($newname, $profile, $notify, $r[0], '@[url=' . str_replace(',', '%2c', $profile) . ']' . $newname . '[/url]');
} else {
$taginfo[] = array($newname, $profile, $notify, null, $str_tags .= '@[url=' . $profile . ']' . $newname . '[/url]');
}
if (strlen($str_tags)) {
$str_tags .= ',';
}
$profile = str_replace(',', '%2c', $profile);
$str_tags .= '@[url=' . $profile . ']' . $newname . '[/url]';
}
} elseif (strpos($tag, '#') === 0) {
$tagname = substr($tag, 1);
$str_tags .= '#[url=' . $a->get_baseurl() . "/search?tag=" . $tagname . ']' . $tagname . '[/url]';
}
}
}
$newtag = $old_tag;
if (strlen($newtag) && strlen($str_tags)) {
$newtag .= ',';
}
$newtag .= $str_tags;
$newinform = $old_inform;
if (strlen($newinform) && strlen($inform)) {
$newinform .= ',';
}
$newinform .= $inform;
$r = q("UPDATE `item` SET `tag` = '%s', `inform` = '%s', `edited` = '%s', `changed` = '%s' WHERE `id` = %d AND `uid` = %d", dbesc($newtag), dbesc($newinform), dbesc(datetime_convert()), dbesc(datetime_convert()), intval($item_id), intval($page_owner_uid));
create_tags_from_item($item_id);
update_thread($item_id);
$best = 0;
foreach ($p as $scales) {
if (intval($scales['scale']) == 2) {
$best = 2;
break;
}
if (intval($scales['scale']) == 4) {
$best = 4;
break;
}
}
if (count($taginfo)) {
foreach ($taginfo as $tagged) {
$uri = item_new_uri($a->get_hostname(), $page_owner_uid);
$arr = array();
$arr['uid'] = $page_owner_uid;
$arr['uri'] = $uri;
$arr['parent-uri'] = $uri;
$arr['type'] = 'activity';
$arr['wall'] = 1;
$arr['contact-id'] = $owner_record['id'];
$arr['owner-name'] = $owner_record['name'];
$arr['owner-link'] = $owner_record['url'];
$arr['owner-avatar'] = $owner_record['thumb'];
$arr['author-name'] = $owner_record['name'];
$arr['author-link'] = $owner_record['url'];
$arr['author-avatar'] = $owner_record['thumb'];
$arr['title'] = '';
$arr['allow_cid'] = $p[0]['allow_cid'];
$arr['allow_gid'] = $p[0]['allow_gid'];
$arr['deny_cid'] = $p[0]['deny_cid'];
$arr['deny_gid'] = $p[0]['deny_gid'];
$arr['last-child'] = 1;
$arr['visible'] = 1;
$arr['verb'] = ACTIVITY_TAG;
$arr['object-type'] = ACTIVITY_OBJ_PERSON;
$arr['target-type'] = ACTIVITY_OBJ_PHOTO;
$arr['tag'] = $tagged[4];
$arr['inform'] = $tagged[2];
$arr['origin'] = 1;
$arr['body'] = sprintf(t('%1$s was tagged in %2$s by %3$s'), '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]', '[url=' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . t('a photo') . '[/url]', '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]');
$arr['body'] .= "\n\n" . '[url=' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . $a->get_baseurl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n";
$arr['object'] = '<object><type>' . ACTIVITY_OBJ_PERSON . '</type><title>' . $tagged[0] . '</title><id>' . $tagged[1] . '/' . $tagged[0] . '</id>';
$arr['object'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $tagged[1] . '" />' . "\n");
if ($tagged[3]) {
$arr['object'] .= xmlify('<link rel="photo" type="' . $p[0]['type'] . '" href="' . $tagged[3]['photo'] . '" />' . "\n");
}
$arr['object'] .= '</link></object>' . "\n";
$arr['target'] = '<target><type>' . ACTIVITY_OBJ_PHOTO . '</type><title>' . $p[0]['desc'] . '</title><id>' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '</id>';
$arr['target'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '" />' . "\n" . '<link rel="preview" type="' . $p[0]['type'] . '" href="' . $a->get_baseurl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '" />') . '</link></target>';
$item_id = item_store($arr);
if ($item_id) {
//q("UPDATE `item` SET `plink` = '%s' WHERE `uid` = %d AND `id` = %d",
// dbesc($a->get_baseurl() . '/display/' . $owner_record['nickname'] . '/' . $item_id),
// intval($page_owner_uid),
// intval($item_id)
//);
proc_run('php', "include/notifier.php", "tag", "{$item_id}");
}
}
}
}
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
return;
// NOTREACHED
}
/**
* default post action - upload a photo
*/
call_hooks('photo_post_init', $_POST);
/**
* Determine the album to use
*/
$album = notags(trim($_REQUEST['album']));
$newalbum = notags(trim($_REQUEST['newalbum']));
logger('mod/photos.php: photos_post(): album= ' . $album . ' newalbum= ' . $newalbum, LOGGER_DEBUG);
if (!strlen($album)) {
if (strlen($newalbum)) {
$album = $newalbum;
} else {
$album = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y');
}
}
/**
*
* We create a wall item for every photo, but we don't want to
* overwhelm the data stream with a hundred newly uploaded photos.
* So we will make the first photo uploaded to this album in the last several hours
* visible by default, the rest will become visible over time when and if
* they acquire comments, likes, dislikes, and/or tags
*
*/
$r = q("SELECT * FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `created` > UTC_TIMESTAMP() - INTERVAL 3 HOUR ", dbesc($album), intval($page_owner_uid));
if (!count($r) || $album == t('Profile Photos')) {
$visible = 1;
} else {
$visible = 0;
}
if (intval($_REQUEST['not_visible']) || $_REQUEST['not_visible'] === 'true') {
$visible = 0;
}
$str_group_allow = perms2str(is_array($_REQUEST['group_allow']) ? $_REQUEST['group_allow'] : explode(',', $_REQUEST['group_allow']));
$str_contact_allow = perms2str(is_array($_REQUEST['contact_allow']) ? $_REQUEST['contact_allow'] : explode(',', $_REQUEST['contact_allow']));
$str_group_deny = perms2str(is_array($_REQUEST['group_deny']) ? $_REQUEST['group_deny'] : explode(',', $_REQUEST['group_deny']));
$str_contact_deny = perms2str(is_array($_REQUEST['contact_deny']) ? $_REQUEST['contact_deny'] : explode(',', $_REQUEST['contact_deny']));
$ret = array('src' => '', 'filename' => '', 'filesize' => 0, 'type' => '');
call_hooks('photo_post_file', $ret);
if (x($ret, 'src') && x($ret, 'filesize')) {
$src = $ret['src'];
$filename = $ret['filename'];
$filesize = $ret['filesize'];
$type = $ret['type'];
} else {
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$type = $_FILES['userfile']['type'];
}
if ($type == "") {
$type = guess_image_type($filename);
}
logger('photos: upload: received file: ' . $filename . ' as ' . $src . ' (' . $type . ') ' . $filesize . ' bytes', LOGGER_DEBUG);
$maximagesize = get_config('system', 'maximagesize');
if ($maximagesize && $filesize > $maximagesize) {
notice(t('Image exceeds size limit of ') . $maximagesize . EOL);
@unlink($src);
$foo = 0;
call_hooks('photo_post_end', $foo);
return;
}
if (!$filesize) {
notice(t('Image file is empty.') . EOL);
@unlink($src);
$foo = 0;
call_hooks('photo_post_end', $foo);
return;
}
logger('mod/photos.php: photos_post(): loading the contents of ' . $src, LOGGER_DEBUG);
$imagedata = @file_get_contents($src);
$r = q("select sum(octet_length(data)) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ", intval($a->data['user']['uid']));
$limit = service_class_fetch($a->data['user']['uid'], 'photo_upload_limit');
if ($limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) {
notice(upgrade_message() . EOL);
@unlink($src);
$foo = 0;
call_hooks('photo_post_end', $foo);
killme();
}
$ph = new Photo($imagedata, $type);
if (!$ph->is_valid()) {
logger('mod/photos.php: photos_post(): unable to process image', LOGGER_DEBUG);
notice(t('Unable to process image.') . EOL);
@unlink($src);
$foo = 0;
call_hooks('photo_post_end', $foo);
killme();
}
$ph->orient($src);
@unlink($src);
$max_length = get_config('system', 'max_image_length');
if (!$max_length) {
$max_length = MAX_IMAGE_LENGTH;
}
if ($max_length > 0) {
$ph->scaleImage($max_length);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$smallest = 0;
$photo_hash = photo_new_resource();
$r = $ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 0, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
if (!$r) {
logger('mod/photos.php: photos_post(): image store failed', LOGGER_DEBUG);
notice(t('Image upload failed.') . EOL);
killme();
}
if ($width > 640 || $height > 640) {
$ph->scaleImage(640);
$ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$smallest = 1;
}
if ($width > 320 || $height > 320) {
$ph->scaleImage(320);
$ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$smallest = 2;
}
$basename = basename($filename);
$uri = item_new_uri($a->get_hostname(), $page_owner_uid);
// Create item container
$arr = array();
$arr['uid'] = $page_owner_uid;
$arr['uri'] = $uri;
$arr['parent-uri'] = $uri;
$arr['type'] = 'photo';
$arr['wall'] = 1;
$arr['resource-id'] = $photo_hash;
$arr['contact-id'] = $owner_record['id'];
$arr['owner-name'] = $owner_record['name'];
$arr['owner-link'] = $owner_record['url'];
$arr['owner-avatar'] = $owner_record['thumb'];
$arr['author-name'] = $owner_record['name'];
$arr['author-link'] = $owner_record['url'];
$arr['author-avatar'] = $owner_record['thumb'];
$arr['title'] = '';
$arr['allow_cid'] = $str_contact_allow;
$arr['allow_gid'] = $str_group_allow;
$arr['deny_cid'] = $str_contact_deny;
$arr['deny_gid'] = $str_group_deny;
$arr['last-child'] = 1;
$arr['visible'] = $visible;
$arr['origin'] = 1;
$arr['body'] = '[url=' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $photo_hash . ']' . '[img]' . $a->get_baseurl() . "/photo/{$photo_hash}-{$smallest}." . $ph->getExt() . '[/img]' . '[/url]';
$item_id = item_store($arr);
//if($item_id) {
// q("UPDATE `item` SET `plink` = '%s' WHERE `uid` = %d AND `id` = %d",
// dbesc($a->get_baseurl() . '/display/' . $owner_record['nickname'] . '/' . $item_id),
// intval($page_owner_uid),
// intval($item_id)
// );
//}
if ($visible) {
proc_run('php', "include/notifier.php", 'wall-new', $item_id);
}
call_hooks('photo_post_end', intval($item_id));
// addon uploaders should call "killme()" [e.g. exit] within the photo_post_end hook
// if they do not wish to be redirected
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
// NOTREACHED
}
function wall_upload_post(&$a)
{
logger("wall upload: starting new upload", LOGGER_DEBUG);
if ($a->argc > 1) {
if (!x($_FILES, 'media')) {
$nick = $a->argv[1];
$r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($nick));
if (!count($r)) {
return;
}
} else {
$user_info = api_get_user($a);
$r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($user_info['screen_name']));
}
} else {
return;
}
$can_post = false;
$visitor = 0;
$page_owner_uid = $r[0]['uid'];
$default_cid = $r[0]['id'];
$page_owner_nick = $r[0]['nickname'];
$community_page = $r[0]['page-flags'] == PAGE_COMMUNITY ? true : false;
if (local_user() && local_user() == $page_owner_uid) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
$cid = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $page_owner_uid) {
$cid = $v['cid'];
break;
}
}
}
if ($cid) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($cid), intval($page_owner_uid));
if (count($r)) {
$can_post = true;
$visitor = $cid;
}
}
}
}
if (!$can_post) {
notice(t('Permission denied.') . EOL);
killme();
}
if (!x($_FILES, 'userfile') && !x($_FILES, 'media')) {
killme();
}
if (x($_FILES, 'userfile')) {
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$filetype = $_FILES['userfile']['type'];
} elseif (x($_FILES, 'media')) {
$src = $_FILES['media']['tmp_name'];
$filename = basename($_FILES['media']['name']);
$filesize = intval($_FILES['media']['size']);
$filetype = $_FILES['media']['type'];
}
if ($filetype == "") {
$filetype = guess_image_type($filename);
}
$maximagesize = get_config('system', 'maximagesize');
if ($maximagesize && $filesize > $maximagesize) {
echo sprintf(t('Image exceeds size limit of %d'), $maximagesize) . EOL;
@unlink($src);
killme();
}
$r = q("select sum(octet_length(data)) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ", intval($page_owner_uid));
$limit = service_class_fetch($page_owner_uid, 'photo_upload_limit');
if ($limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) {
echo upgrade_message(true) . EOL;
@unlink($src);
killme();
}
$imagedata = @file_get_contents($src);
$ph = new Photo($imagedata, $filetype);
if (!$ph->is_valid()) {
echo t('Unable to process image.') . EOL;
@unlink($src);
killme();
}
$ph->orient($src);
@unlink($src);
$max_length = get_config('system', 'max_image_length');
if (!$max_length) {
$max_length = MAX_IMAGE_LENGTH;
}
if ($max_length > 0) {
$ph->scaleImage($max_length);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$hash = photo_new_resource();
$smallest = 0;
$defperm = '<' . $default_cid . '>';
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, $defperm);
if (!$r) {
echo t('Image upload failed.') . EOL;
killme();
}
if ($width > 640 || $height > 640) {
$ph->scaleImage(640);
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, $defperm);
if ($r) {
$smallest = 1;
}
}
if ($width > 320 || $height > 320) {
$ph->scaleImage(320);
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, $defperm);
if ($r) {
$smallest = 2;
}
}
$basename = basename($filename);
/* mod Waitman Gobble NO WARRANTY */
//if we get the signal then return the image url info in BBCODE, otherwise this outputs the info and bails (for the ajax image uploader on wall post)
if ($_REQUEST['hush'] != 'yeah') {
if (local_user() && (!feature_enabled(local_user(), 'richtext') || x($_REQUEST['nomce']))) {
echo "\n\n" . '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "[/img][/url]\n\n";
} else {
echo '<br /><br /><a href="' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '" ><img src="' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "\" alt=\"{$basename}\" /></a><br /><br />";
}
} else {
$m = '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "[/img][/url]";
return $m;
}
/* mod Waitman Gobble NO WARRANTY */
killme();
// NOTREACHED
}
/**
* @brief
*
* @param array $channel
* @param array $observer
* @param array $args
* @return array
*/
function photo_upload($channel, $observer, $args)
{
$ret = array('success' => false);
$channel_id = $channel['channel_id'];
$account_id = $channel['channel_account_id'];
if (!perm_is_allowed($channel_id, $observer['xchan_hash'], 'write_storage')) {
$ret['message'] = t('Permission denied.');
return $ret;
}
// call_hooks('photo_upload_begin', $args);
/*
* Determine the album to use
*/
$album = $args['album'];
if (intval($args['visible']) || $args['visible'] === 'true') {
$visible = 1;
} else {
$visible = 0;
}
$deliver = true;
if (array_key_exists('deliver', $args)) {
$deliver = intval($args['deliver']);
}
// Set to default channel permissions. If the parent directory (album) has permissions set,
// use those instead. If we have specific permissions supplied, they take precedence over
// all other settings. 'allow_cid' being passed from an external source takes priority over channel settings.
// ...messy... needs re-factoring once the photos/files integration stabilises
$acl = new Zotlabs\Access\AccessList($channel);
if (array_key_exists('directory', $args) && $args['directory']) {
$acl->set($args['directory']);
}
if (array_key_exists('allow_cid', $args)) {
$acl->set($args);
}
if (array_key_exists('group_allow', $args) || array_key_exists('contact_allow', $args) || array_key_exists('group_deny', $args) || array_key_exists('contact_deny', $args)) {
$acl->set_from_array($args);
}
$ac = $acl->get();
$os_storage = 0;
if ($args['os_path'] && $args['getimagesize']) {
$imagedata = @file_get_contents($args['os_path']);
$filename = $args['filename'];
$filesize = strlen($imagedata);
// this is going to be deleted if it exists
$src = '/tmp/deletemenow';
$type = $args['getimagesize']['mime'];
$os_storage = 1;
} elseif ($args['data'] || $args['content']) {
// allow an import from a binary string representing the image.
// This bypasses the upload step and max size limit checking
$imagedata = $args['content'] ? $args['content'] : $args['data'];
$filename = $args['filename'];
$filesize = strlen($imagedata);
// this is going to be deleted if it exists
$src = '/tmp/deletemenow';
$type = $args['mimetype'] ? $args['mimetype'] : $args['type'];
} else {
$f = array('src' => '', 'filename' => '', 'filesize' => 0, 'type' => '');
// call_hooks('photo_upload_file',$f);
if (x($f, 'src') && x($f, 'filesize')) {
$src = $f['src'];
$filename = $f['filename'];
$filesize = $f['filesize'];
$type = $f['type'];
} else {
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$type = $_FILES['userfile']['type'];
}
if (!$type) {
$type = guess_image_type($filename);
}
logger('photo_upload: received file: ' . $filename . ' as ' . $src . ' (' . $type . ') ' . $filesize . ' bytes', LOGGER_DEBUG);
$maximagesize = get_config('system', 'maximagesize');
if ($maximagesize && $filesize > $maximagesize) {
$ret['message'] = sprintf(t('Image exceeds website size limit of %lu bytes'), $maximagesize);
@unlink($src);
call_hooks('photo_upload_end', $ret);
return $ret;
}
if (!$filesize) {
$ret['message'] = t('Image file is empty.');
@unlink($src);
call_hooks('photo_post_end', $ret);
return $ret;
}
logger('photo_upload: loading the contents of ' . $src, LOGGER_DEBUG);
$imagedata = @file_get_contents($src);
}
$r = q("select sum(filesize) as total from photo where aid = %d and imgscale = 0 ", intval($account_id));
$limit = engr_units_to_bytes(service_class_fetch($channel_id, 'photo_upload_limit'));
if ($r && $limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) {
$ret['message'] = upgrade_message();
@unlink($src);
call_hooks('photo_post_end', $ret);
return $ret;
}
$ph = photo_factory($imagedata, $type);
if (!$ph->is_valid()) {
$ret['message'] = t('Unable to process image');
logger('photo_upload: unable to process image');
@unlink($src);
call_hooks('photo_upload_end', $ret);
return $ret;
}
$exif = $ph->orient($args['os_path'] ? $args['os_path'] : $src);
@unlink($src);
$max_length = get_config('system', 'max_image_length');
if (!$max_length) {
$max_length = MAX_IMAGE_LENGTH;
}
if ($max_length > 0) {
$ph->scaleImage($max_length);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$smallest = 0;
$photo_hash = $args['resource_id'] ? $args['resource_id'] : photo_new_resource();
$visitor = '';
if ($channel['channel_hash'] !== $observer['xchan_hash']) {
$visitor = $observer['xchan_hash'];
}
$errors = false;
$p = array('aid' => $account_id, 'uid' => $channel_id, 'xchan' => $visitor, 'resource_id' => $photo_hash, 'filename' => $filename, 'album' => $album, 'imgscale' => 0, 'photo_usage' => PHOTO_NORMAL, 'allow_cid' => $ac['allow_cid'], 'allow_gid' => $ac['allow_gid'], 'deny_cid' => $ac['deny_cid'], 'deny_gid' => $ac['deny_gid'], 'os_storage' => $os_storage, 'os_path' => $args['os_path']);
if ($args['created']) {
$p['created'] = $args['created'];
}
if ($args['edited']) {
$p['edited'] = $args['edited'];
}
if ($args['title']) {
$p['title'] = $args['title'];
}
if ($args['description']) {
$p['description'] = $args['description'];
}
$link = array();
$r0 = $ph->save($p);
$link[0] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/photo/' . $photo_hash . '-0.' . $ph->getExt(), 'width' => $ph->getWidth(), 'height' => $ph->getHeight());
if (!$r0) {
$errors = true;
}
unset($p['os_storage']);
unset($p['os_path']);
if (($width > 1024 || $height > 1024) && !$errors) {
$ph->scaleImage(1024);
}
$p['imgscale'] = 1;
$r1 = $ph->save($p);
$link[1] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/photo/' . $photo_hash . '-1.' . $ph->getExt(), 'width' => $ph->getWidth(), 'height' => $ph->getHeight());
if (!$r1) {
$errors = true;
}
if (($width > 640 || $height > 640) && !$errors) {
$ph->scaleImage(640);
}
$p['imgscale'] = 2;
$r2 = $ph->save($p);
$link[2] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/photo/' . $photo_hash . '-2.' . $ph->getExt(), 'width' => $ph->getWidth(), 'height' => $ph->getHeight());
if (!$r2) {
$errors = true;
}
if (($width > 320 || $height > 320) && !$errors) {
$ph->scaleImage(320);
}
$p['imgscale'] = 3;
$r3 = $ph->save($p);
$link[3] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/photo/' . $photo_hash . '-3.' . $ph->getExt(), 'width' => $ph->getWidth(), 'height' => $ph->getHeight());
if (!$r3) {
$errors = true;
}
if ($errors) {
q("delete from photo where resource_id = '%s' and uid = %d", dbesc($photo_hash), intval($channel_id));
$ret['message'] = t('Photo storage failed.');
logger('photo_upload: photo store failed.');
call_hooks('photo_upload_end', $ret);
return $ret;
}
$item_hidden = $visible ? 0 : 1;
$lat = $lon = null;
if ($exif && $exif['GPS']) {
if (feature_enabled($channel_id, 'photo_location')) {
$lat = getGps($exif['GPS']['GPSLatitude'], $exif['GPS']['GPSLatitudeRef']);
$lon = getGps($exif['GPS']['GPSLongitude'], $exif['GPS']['GPSLongitudeRef']);
}
}
$title = $args['description'] ? $args['description'] : $args['filename'];
$large_photos = feature_enabled($channel['channel_id'], 'large_photos');
linkify_tags($a, $args['body'], $channel_id);
if ($large_photos) {
$scale = 1;
$width = $link[1]['width'];
$height = $link[1]['height'];
$tag = $r1 ? '[zmg=' . $width . 'x' . $height . ']' : '[zmg]';
} else {
$scale = 2;
$width = $link[2]['width'];
$height = $link[2]['height'];
$tag = $r2 ? '[zmg=' . $width . 'x' . $height . ']' : '[zmg]';
}
$author_link = '[zrl=' . z_root() . '/channel/' . $channel['channel_address'] . ']' . $channel['channel_name'] . '[/zrl]';
$photo_link = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . t('a new photo') . '[/zrl]';
$album_link = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/album/' . bin2hex($album) . ']' . (strlen($album) ? $album : '/') . '[/zrl]';
$activity_format = sprintf(t('%1$s posted %2$s to %3$s', 'photo_upload'), $author_link, $photo_link, $album_link);
$summary = ($args['body'] ? $args['body'] : '') . '[footer]' . $activity_format . '[/footer]';
$obj_body = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . $tag . z_root() . "/photo/{$photo_hash}-{$scale}." . $ph->getExt() . '[/zmg]' . '[/zrl]';
// Create item object
$object = array('type' => ACTIVITY_OBJ_PHOTO, 'title' => $title, 'created' => $p['created'], 'edited' => $p['edited'], 'id' => z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash, 'link' => $link, 'body' => $obj_body);
$target = array('type' => ACTIVITY_OBJ_ALBUM, 'title' => $album ? $album : '/', 'id' => z_root() . '/photos/' . $channel['channel_address'] . '/album/' . bin2hex($album));
// Create item container
if ($args['item']) {
foreach ($args['item'] as $i) {
$item = get_item_elements($i);
$force = false;
if ($item['mid'] === $item['parent_mid']) {
$item['body'] = $summary;
$item['obj_type'] = ACTIVITY_OBJ_PHOTO;
$item['obj'] = json_encode($object);
$item['tgt_type'] = ACTIVITY_OBJ_ALBUM;
$item['target'] = json_encode($target);
if ($item['author_xchan'] === $channel['channel_hash']) {
$item['sig'] = base64url_encode(rsa_sign($item['body'], $channel['channel_prvkey']));
$item['item_verified'] = 1;
} else {
$item['sig'] = '';
}
$force = true;
}
$r = q("select id, edited from item where mid = '%s' and uid = %d limit 1", dbesc($item['mid']), intval($channel['channel_id']));
if ($r) {
if ($item['edited'] > $r[0]['edited'] || $force) {
$item['id'] = $r[0]['id'];
$item['uid'] = $channel['channel_id'];
item_store_update($item, false, $deliver);
continue;
}
} else {
$item['aid'] = $channel['channel_account_id'];
$item['uid'] = $channel['channel_id'];
$item_result = item_store($item, false, $deliver);
}
}
} else {
$mid = item_message_id();
$arr = array();
if ($lat && $lon) {
$arr['coord'] = $lat . ' ' . $lon;
}
$arr['aid'] = $account_id;
$arr['uid'] = $channel_id;
$arr['mid'] = $mid;
$arr['parent_mid'] = $mid;
$arr['item_hidden'] = $item_hidden;
$arr['resource_type'] = 'photo';
$arr['resource_id'] = $photo_hash;
$arr['owner_xchan'] = $channel['channel_hash'];
$arr['author_xchan'] = $observer['xchan_hash'];
$arr['title'] = $title;
$arr['allow_cid'] = $ac['allow_cid'];
$arr['allow_gid'] = $ac['allow_gid'];
$arr['deny_cid'] = $ac['deny_cid'];
$arr['deny_gid'] = $ac['deny_gid'];
$arr['verb'] = ACTIVITY_POST;
$arr['obj_type'] = ACTIVITY_OBJ_PHOTO;
$arr['obj'] = json_encode($object);
$arr['tgt_type'] = ACTIVITY_OBJ_ALBUM;
$arr['target'] = json_encode($target);
$arr['item_wall'] = 1;
$arr['item_origin'] = 1;
$arr['item_thread_top'] = 1;
$arr['item_private'] = intval($acl->is_private());
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
$arr['body'] = $summary;
// this one is tricky because the item and the photo have the same permissions, those of the photo.
// Use the channel read_stream permissions to get the correct public_policy for the item and recalculate the
// private flag accordingly. This may cause subtle bugs due to custom permissions roles. We want to use
// public policy when federating items to other sites, but should probably ignore them when accessing the item
// in the photos pages - using the photos permissions instead. We need the public policy to keep the photo
// linked item from leaking into the feed when somebody has a channel with read_stream restrictions.
$arr['public_policy'] = map_scope($channel['channel_r_stream'], true);
if ($arr['public_policy']) {
$arr['item_private'] = 1;
}
$result = item_store($arr, false, $deliver);
$item_id = $result['item_id'];
if ($visible && $deliver) {
Zotlabs\Daemon\Master::Summon(array('Notifier', 'wall-new', $item_id));
}
}
$ret['success'] = true;
$ret['item'] = $arr;
$ret['body'] = $obj_body;
$ret['resource_id'] = $photo_hash;
$ret['photoitem_id'] = $item_id;
call_hooks('photo_upload_end', $ret);
return $ret;
}
function local_delivery($importer, $data)
{
$a = get_app();
logger(__FUNCTION__, LOGGER_TRACE);
if ($importer['readonly']) {
// We aren't receiving stuff from this person. But we will quietly ignore them
// rather than a blatant "go away" message.
logger('local_delivery: ignoring');
return 0;
//NOTREACHED
}
// Consume notification feed. This may differ from consuming a public feed in several ways
// - might contain email or friend suggestions
// - might contain remote followup to our message
// - in which case we need to accept it and then notify other conversants
// - we may need to send various email notifications
$feed = new SimplePie();
$feed->set_raw_data($data);
$feed->enable_order_by_date(false);
$feed->init();
if ($feed->error()) {
logger('local_delivery: Error parsing XML: ' . $feed->error());
}
// Check at the feed level for updated contact name and/or photo
$name_updated = '';
$new_name = '';
$photo_timestamp = '';
$photo_url = '';
$rawtags = $feed->get_feed_tags(NAMESPACE_DFRN, 'owner');
// Fallback should not be needed here. If it isn't DFRN it won't have DFRN updated tags
// if(! $rawtags)
// $rawtags = $feed->get_feed_tags( SIMPLEPIE_NAMESPACE_ATOM_10, 'author');
if ($rawtags) {
$elems = $rawtags[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10];
if ($elems['name'][0]['attribs'][NAMESPACE_DFRN]['updated']) {
$name_updated = $elems['name'][0]['attribs'][NAMESPACE_DFRN]['updated'];
$new_name = $elems['name'][0]['data'];
}
if (x($elems, 'link') && $elems['link'][0]['attribs']['']['rel'] === 'photo' && $elems['link'][0]['attribs'][NAMESPACE_DFRN]['updated']) {
$photo_timestamp = datetime_convert('UTC', 'UTC', $elems['link'][0]['attribs'][NAMESPACE_DFRN]['updated']);
$photo_url = $elems['link'][0]['attribs']['']['href'];
}
}
if ($photo_timestamp && strlen($photo_url) && $photo_timestamp > $importer['avatar-date']) {
logger('local_delivery: Updating photo for ' . $importer['name']);
require_once "include/Photo.php";
$photo_failure = false;
$have_photo = false;
$r = q("SELECT `resource-id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d LIMIT 1", intval($importer['id']), intval($importer['importer_uid']));
if (count($r)) {
$resource_id = $r[0]['resource-id'];
$have_photo = true;
} else {
$resource_id = photo_new_resource();
}
$img_str = fetch_url($photo_url, true);
// guess mimetype from headers or filename
$type = guess_image_type($photo_url, true);
$img = new Photo($img_str, $type);
if ($img->is_valid()) {
if ($have_photo) {
q("DELETE FROM `photo` WHERE `resource-id` = '%s' AND `contact-id` = %d AND `uid` = %d", dbesc($resource_id), intval($importer['id']), intval($importer['importer_uid']));
}
$img->scaleImageSquare(175);
$hash = $resource_id;
$r = $img->store($importer['importer_uid'], $importer['id'], $hash, basename($photo_url), 'Contact Photos', 4);
$img->scaleImage(80);
$r = $img->store($importer['importer_uid'], $importer['id'], $hash, basename($photo_url), 'Contact Photos', 5);
$img->scaleImage(48);
$r = $img->store($importer['importer_uid'], $importer['id'], $hash, basename($photo_url), 'Contact Photos', 6);
$a = get_app();
q("UPDATE `contact` SET `avatar-date` = '%s', `photo` = '%s', `thumb` = '%s', `micro` = '%s'\n\t\t\t\tWHERE `uid` = %d AND `id` = %d LIMIT 1", dbesc(datetime_convert()), dbesc($a->get_baseurl() . '/photo/' . $hash . '-4.' . $img->getExt()), dbesc($a->get_baseurl() . '/photo/' . $hash . '-5.' . $img->getExt()), dbesc($a->get_baseurl() . '/photo/' . $hash . '-6.' . $img->getExt()), intval($importer['importer_uid']), intval($importer['id']));
}
}
if ($name_updated && strlen($new_name) && $name_updated > $importer['name-date']) {
$r = q("select * from contact where uid = %d and id = %d limit 1", intval($importer['importer_uid']), intval($importer['id']));
$x = q("UPDATE `contact` SET `name` = '%s', `name-date` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1", dbesc(notags(trim($new_name))), dbesc(datetime_convert()), intval($importer['importer_uid']), intval($importer['id']));
// do our best to update the name on content items
if (count($r)) {
q("update item set `author-name` = '%s' where `author-name` = '%s' and `author-link` = '%s' and uid = %d", dbesc(notags(trim($new_name))), dbesc($r[0]['name']), dbesc($r[0]['url']), intval($importer['importer_uid']));
}
}
// Currently unsupported - needs a lot of work
$reloc = $feed->get_feed_tags(NAMESPACE_DFRN, 'relocate');
if (isset($reloc[0]['child'][NAMESPACE_DFRN])) {
$base = $reloc[0]['child'][NAMESPACE_DFRN];
$newloc = array();
$newloc['uid'] = $importer['importer_uid'];
$newloc['cid'] = $importer['id'];
$newloc['name'] = notags(unxmlify($base['name'][0]['data']));
$newloc['photo'] = notags(unxmlify($base['photo'][0]['data']));
$newloc['thumb'] = notags(unxmlify($base['thumb'][0]['data']));
$newloc['micro'] = notags(unxmlify($base['micro'][0]['data']));
$newloc['url'] = notags(unxmlify($base['url'][0]['data']));
$newloc['request'] = notags(unxmlify($base['request'][0]['data']));
$newloc['confirm'] = notags(unxmlify($base['confirm'][0]['data']));
$newloc['notify'] = notags(unxmlify($base['notify'][0]['data']));
$newloc['poll'] = notags(unxmlify($base['poll'][0]['data']));
$newloc['sitepubkey'] = notags(unxmlify($base['sitepubkey'][0]['data']));
/** relocated user must have original key pair */
/*$newloc['pubkey'] = notags(unxmlify($base['pubkey'][0]['data']));
$newloc['prvkey'] = notags(unxmlify($base['prvkey'][0]['data']));*/
logger("items:relocate contact " . print_r($newloc, true) . print_r($importer, true), LOGGER_DEBUG);
// update contact
$r = q("SELECT photo, url FROM contact WHERE id=%d AND uid=%d;", intval($importer['id']), intval($importer['importer_uid']));
if ($r === false) {
return 1;
}
$old = $r[0];
$x = q("UPDATE contact SET\n name = '%s',\n photo = '%s',\n thumb = '%s',\n micro = '%s',\n url = '%s',\n request = '%s',\n confirm = '%s',\n notify = '%s',\n poll = '%s',\n `site-pubkey` = '%s'\n WHERE id=%d AND uid=%d;", dbesc($newloc['name']), dbesc($newloc['photo']), dbesc($newloc['thumb']), dbesc($newloc['micro']), dbesc($newloc['url']), dbesc($newloc['request']), dbesc($newloc['confirm']), dbesc($newloc['notify']), dbesc($newloc['poll']), dbesc($newloc['sitepubkey']), intval($importer['id']), intval($importer['importer_uid']));
if ($x === false) {
return 1;
}
// update items
$fields = array('owner-link' => array($old['url'], $newloc['url']), 'author-link' => array($old['url'], $newloc['url']), 'owner-avatar' => array($old['photo'], $newloc['photo']), 'author-avatar' => array($old['photo'], $newloc['photo']));
foreach ($fields as $n => $f) {
$x = q("UPDATE item SET `%s`='%s' WHERE `%s`='%s' AND uid=%d", $n, dbesc($f[1]), $n, dbesc($f[0]), intval($importer['importer_uid']));
if ($x === false) {
return 1;
}
}
// TODO
// merge with current record, current contents have priority
// update record, set url-updated
// update profile photos
// schedule a scan?
return 0;
}
// handle friend suggestion notification
$sugg = $feed->get_feed_tags(NAMESPACE_DFRN, 'suggest');
if (isset($sugg[0]['child'][NAMESPACE_DFRN])) {
$base = $sugg[0]['child'][NAMESPACE_DFRN];
$fsugg = array();
$fsugg['uid'] = $importer['importer_uid'];
$fsugg['cid'] = $importer['id'];
$fsugg['name'] = notags(unxmlify($base['name'][0]['data']));
$fsugg['photo'] = notags(unxmlify($base['photo'][0]['data']));
$fsugg['url'] = notags(unxmlify($base['url'][0]['data']));
$fsugg['request'] = notags(unxmlify($base['request'][0]['data']));
$fsugg['body'] = escape_tags(unxmlify($base['note'][0]['data']));
// Does our member already have a friend matching this description?
$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `nurl` = '%s' AND `uid` = %d LIMIT 1", dbesc($fsugg['name']), dbesc(normalise_link($fsugg['url'])), intval($fsugg['uid']));
if (count($r)) {
return 0;
}
// Do we already have an fcontact record for this person?
$fid = 0;
$r = q("SELECT * FROM `fcontact` WHERE `url` = '%s' AND `name` = '%s' AND `request` = '%s' LIMIT 1", dbesc($fsugg['url']), dbesc($fsugg['name']), dbesc($fsugg['request']));
if (count($r)) {
$fid = $r[0]['id'];
// OK, we do. Do we already have an introduction for this person ?
$r = q("select id from intro where uid = %d and fid = %d limit 1", intval($fsugg['uid']), intval($fid));
if (count($r)) {
return 0;
}
}
if (!$fid) {
$r = q("INSERT INTO `fcontact` ( `name`,`url`,`photo`,`request` ) VALUES ( '%s', '%s', '%s', '%s' ) ", dbesc($fsugg['name']), dbesc($fsugg['url']), dbesc($fsugg['photo']), dbesc($fsugg['request']));
}
$r = q("SELECT * FROM `fcontact` WHERE `url` = '%s' AND `name` = '%s' AND `request` = '%s' LIMIT 1", dbesc($fsugg['url']), dbesc($fsugg['name']), dbesc($fsugg['request']));
if (count($r)) {
$fid = $r[0]['id'];
} else {
return 0;
}
$hash = random_string();
$r = q("INSERT INTO `intro` ( `uid`, `fid`, `contact-id`, `note`, `hash`, `datetime`, `blocked` )\n\t\t\tVALUES( %d, %d, %d, '%s', '%s', '%s', %d )", intval($fsugg['uid']), intval($fid), intval($fsugg['cid']), dbesc($fsugg['body']), dbesc($hash), dbesc(datetime_convert()), intval(0));
notification(array('type' => NOTIFY_SUGGEST, 'notify_flags' => $importer['notify-flags'], 'language' => $importer['language'], 'to_name' => $importer['username'], 'to_email' => $importer['email'], 'uid' => $importer['importer_uid'], 'item' => $fsugg, 'link' => $a->get_baseurl() . '/notifications/intros', 'source_name' => $importer['name'], 'source_link' => $importer['url'], 'source_photo' => $importer['photo'], 'verb' => ACTIVITY_REQ_FRIEND, 'otype' => 'intro'));
return 0;
}
$ismail = false;
$rawmail = $feed->get_feed_tags(NAMESPACE_DFRN, 'mail');
if (isset($rawmail[0]['child'][NAMESPACE_DFRN])) {
logger('local_delivery: private message received');
$ismail = true;
$base = $rawmail[0]['child'][NAMESPACE_DFRN];
$msg = array();
$msg['uid'] = $importer['importer_uid'];
$msg['from-name'] = notags(unxmlify($base['sender'][0]['child'][NAMESPACE_DFRN]['name'][0]['data']));
$msg['from-photo'] = notags(unxmlify($base['sender'][0]['child'][NAMESPACE_DFRN]['avatar'][0]['data']));
$msg['from-url'] = notags(unxmlify($base['sender'][0]['child'][NAMESPACE_DFRN]['uri'][0]['data']));
$msg['contact-id'] = $importer['id'];
$msg['title'] = notags(unxmlify($base['subject'][0]['data']));
$msg['body'] = escape_tags(unxmlify($base['content'][0]['data']));
$msg['seen'] = 0;
$msg['replied'] = 0;
$msg['uri'] = notags(unxmlify($base['id'][0]['data']));
$msg['parent-uri'] = notags(unxmlify($base['in-reply-to'][0]['data']));
$msg['created'] = datetime_convert(notags(unxmlify('UTC', 'UTC', $base['sentdate'][0]['data'])));
dbesc_array($msg);
$r = dbq("INSERT INTO `mail` (`" . implode("`, `", array_keys($msg)) . "`) VALUES ('" . implode("', '", array_values($msg)) . "')");
// send notifications.
require_once 'include/enotify.php';
$notif_params = array('type' => NOTIFY_MAIL, 'notify_flags' => $importer['notify-flags'], 'language' => $importer['language'], 'to_name' => $importer['username'], 'to_email' => $importer['email'], 'uid' => $importer['importer_uid'], 'item' => $msg, 'source_name' => $msg['from-name'], 'source_link' => $importer['url'], 'source_photo' => $importer['thumb'], 'verb' => ACTIVITY_POST, 'otype' => 'mail');
notification($notif_params);
return 0;
// NOTREACHED
}
$community_page = 0;
$rawtags = $feed->get_feed_tags(NAMESPACE_DFRN, 'community');
if ($rawtags) {
$community_page = intval($rawtags[0]['data']);
}
if (intval($importer['forum']) != $community_page) {
q("update contact set forum = %d where id = %d limit 1", intval($community_page), intval($importer['id']));
$importer['forum'] = (string) $community_page;
}
logger('local_delivery: feed item count = ' . $feed->get_item_quantity());
// process any deleted entries
$del_entries = $feed->get_feed_tags(NAMESPACE_TOMB, 'deleted-entry');
if (is_array($del_entries) && count($del_entries)) {
foreach ($del_entries as $dentry) {
$deleted = false;
if (isset($dentry['attribs']['']['ref'])) {
$uri = $dentry['attribs']['']['ref'];
$deleted = true;
if (isset($dentry['attribs']['']['when'])) {
$when = $dentry['attribs']['']['when'];
$when = datetime_convert('UTC', 'UTC', $when, 'Y-m-d H:i:s');
} else {
$when = datetime_convert('UTC', 'UTC', 'now', 'Y-m-d H:i:s');
}
}
if ($deleted) {
// check for relayed deletes to our conversation
$is_reply = false;
$r = q("select * from item where uri = '%s' and uid = %d limit 1", dbesc($uri), intval($importer['importer_uid']));
if (count($r)) {
$parent_uri = $r[0]['parent-uri'];
if ($r[0]['id'] != $r[0]['parent']) {
$is_reply = true;
}
}
if ($is_reply) {
$community = false;
if ($importer['page-flags'] == PAGE_COMMUNITY || $importer['page-flags'] == PAGE_PRVGROUP) {
$sql_extra = '';
$community = true;
logger('local_delivery: possible community delete');
} else {
$sql_extra = " and contact.self = 1 and item.wall = 1 ";
}
// was the top-level post for this reply written by somebody on this site?
// Specifically, the recipient?
$is_a_remote_delete = false;
// POSSIBLE CLEANUP --> Why select so many fields when only forum_mode and wall are used?
$r = q("select `item`.`id`, `item`.`uri`, `item`.`tag`, `item`.`forum_mode`,`item`.`origin`,`item`.`wall`, \n\t\t\t\t\t\t`contact`.`name`, `contact`.`url`, `contact`.`thumb` from `item` \n\t\t\t\t\t\tLEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` \n\t\t\t\t\t\tWHERE `item`.`uri` = '%s' AND (`item`.`parent-uri` = '%s' or `item`.`thr-parent` = '%s')\n\t\t\t\t\t\tAND `item`.`uid` = %d \n\t\t\t\t\t\t{$sql_extra}\n\t\t\t\t\t\tLIMIT 1", dbesc($parent_uri), dbesc($parent_uri), dbesc($parent_uri), intval($importer['importer_uid']));
if ($r && count($r)) {
$is_a_remote_delete = true;
}
// Does this have the characteristics of a community or private group comment?
// If it's a reply to a wall post on a community/prvgroup page it's a
// valid community comment. Also forum_mode makes it valid for sure.
// If neither, it's not.
if ($is_a_remote_delete && $community) {
if (!$r[0]['forum_mode'] && !$r[0]['wall']) {
$is_a_remote_delete = false;
logger('local_delivery: not a community delete');
}
}
if ($is_a_remote_delete) {
logger('local_delivery: received remote delete');
}
}
$r = q("SELECT `item`.*, `contact`.`self` FROM `item` left join contact on `item`.`contact-id` = `contact`.`id`\n\t\t\t\t\tWHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d AND NOT `item`.`file` LIKE '%%[%%' LIMIT 1", dbesc($uri), intval($importer['importer_uid']), intval($importer['id']));
if (count($r)) {
$item = $r[0];
if ($item['deleted']) {
continue;
}
logger('local_delivery: deleting item ' . $item['id'] . ' uri=' . $item['uri'], LOGGER_DEBUG);
if ($item['verb'] === ACTIVITY_TAG && $item['object-type'] === ACTIVITY_OBJ_TAGTERM) {
$xo = parse_xml_string($item['object'], false);
$xt = parse_xml_string($item['target'], false);
if ($xt->type === ACTIVITY_OBJ_NOTE) {
$i = q("select * from `item` where uri = '%s' and uid = %d limit 1", dbesc($xt->id), intval($importer['importer_uid']));
if (count($i)) {
// For tags, the owner cannot remove the tag on the author's copy of the post.
$owner_remove = $item['contact-id'] == $i[0]['contact-id'] ? true : false;
$author_remove = $item['origin'] && $item['self'] ? true : false;
$author_copy = $item['origin'] ? true : false;
if ($owner_remove && $author_copy) {
continue;
}
if ($author_remove || $owner_remove) {
$tags = explode(',', $i[0]['tag']);
$newtags = array();
if (count($tags)) {
foreach ($tags as $tag) {
if (trim($tag) !== trim($xo->body)) {
$newtags[] = trim($tag);
}
}
}
q("update item set tag = '%s' where id = %d limit 1", dbesc(implode(',', $newtags)), intval($i[0]['id']));
create_tags_from_item($i[0]['id']);
}
}
}
}
if ($item['uri'] == $item['parent-uri']) {
$r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s',\n\t\t\t\t\t\t\t`body` = '', `title` = ''\n\t\t\t\t\t\t\tWHERE `parent-uri` = '%s' AND `uid` = %d", dbesc($when), dbesc(datetime_convert()), dbesc($item['uri']), intval($importer['importer_uid']));
create_tags_from_itemuri($item['uri'], $importer['importer_uid']);
} else {
$r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s',\n\t\t\t\t\t\t\t`body` = '', `title` = ''\n\t\t\t\t\t\t\tWHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($when), dbesc(datetime_convert()), dbesc($uri), intval($importer['importer_uid']));
create_tags_from_itemuri($uri, $importer['importer_uid']);
if ($item['last-child']) {
// ensure that last-child is set in case the comment that had it just got wiped.
q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d ", dbesc(datetime_convert()), dbesc($item['parent-uri']), intval($item['uid']));
// who is the last child now?
$r = q("SELECT `id` FROM `item` WHERE `parent-uri` = '%s' AND `type` != 'activity' AND `deleted` = 0 AND `uid` = %d\n\t\t\t\t\t\t\t\tORDER BY `created` DESC LIMIT 1", dbesc($item['parent-uri']), intval($importer['importer_uid']));
if (count($r)) {
q("UPDATE `item` SET `last-child` = 1 WHERE `id` = %d LIMIT 1", intval($r[0]['id']));
}
}
// if this is a relayed delete, propagate it to other recipients
if ($is_a_remote_delete) {
proc_run('php', "include/notifier.php", "drop", $item['id']);
}
}
}
}
}
}
foreach ($feed->get_items() as $item) {
$is_reply = false;
$item_id = $item->get_id();
$rawthread = $item->get_item_tags(NAMESPACE_THREAD, 'in-reply-to');
if (isset($rawthread[0]['attribs']['']['ref'])) {
$is_reply = true;
$parent_uri = $rawthread[0]['attribs']['']['ref'];
}
if ($is_reply) {
$community = false;
if ($importer['page-flags'] == PAGE_COMMUNITY || $importer['page-flags'] == PAGE_PRVGROUP) {
$sql_extra = '';
$community = true;
logger('local_delivery: possible community reply');
} else {
$sql_extra = " and contact.self = 1 and item.wall = 1 ";
}
// was the top-level post for this reply written by somebody on this site?
// Specifically, the recipient?
$is_a_remote_comment = false;
$top_uri = $parent_uri;
$r = q("select `item`.`parent-uri` from `item`\n\t\t\t\tWHERE `item`.`uri` = '%s'\n\t\t\t\tLIMIT 1", dbesc($parent_uri));
if ($r && count($r)) {
$top_uri = $r[0]['parent-uri'];
// POSSIBLE CLEANUP --> Why select so many fields when only forum_mode and wall are used?
$r = q("select `item`.`id`, `item`.`uri`, `item`.`tag`, `item`.`forum_mode`,`item`.`origin`,`item`.`wall`, \n\t\t\t\t\t`contact`.`name`, `contact`.`url`, `contact`.`thumb` from `item` \n\t\t\t\t\tLEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` \n\t\t\t\t\tWHERE `item`.`uri` = '%s' AND (`item`.`parent-uri` = '%s' or `item`.`thr-parent` = '%s')\n\t\t\t\t\tAND `item`.`uid` = %d \n\t\t\t\t\t{$sql_extra}\n\t\t\t\t\tLIMIT 1", dbesc($top_uri), dbesc($top_uri), dbesc($top_uri), intval($importer['importer_uid']));
if ($r && count($r)) {
$is_a_remote_comment = true;
}
}
// Does this have the characteristics of a community or private group comment?
// If it's a reply to a wall post on a community/prvgroup page it's a
// valid community comment. Also forum_mode makes it valid for sure.
// If neither, it's not.
if ($is_a_remote_comment && $community) {
if (!$r[0]['forum_mode'] && !$r[0]['wall']) {
$is_a_remote_comment = false;
logger('local_delivery: not a community reply');
}
}
if ($is_a_remote_comment) {
logger('local_delivery: received remote comment');
$is_like = false;
// remote reply to our post. Import and then notify everybody else.
$datarray = get_atom_elements($feed, $item);
$r = q("SELECT `id`, `uid`, `last-child`, `edited`, `body` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($item_id), intval($importer['importer_uid']));
// Update content if 'updated' changes
if (count($r)) {
$iid = $r[0]['id'];
if (x($datarray, 'edited') !== false && datetime_convert('UTC', 'UTC', $datarray['edited']) !== $r[0]['edited']) {
// do not accept (ignore) an earlier edit than one we currently have.
if (datetime_convert('UTC', 'UTC', $datarray['edited']) < $r[0]['edited']) {
continue;
}
logger('received updated comment', LOGGER_DEBUG);
$r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($datarray['title']), dbesc($datarray['body']), dbesc($datarray['tag']), dbesc(datetime_convert('UTC', 'UTC', $datarray['edited'])), dbesc($item_id), intval($importer['importer_uid']));
create_tags_from_itemuri($item_id, $importer['importer_uid']);
proc_run('php', "include/notifier.php", "comment-import", $iid);
}
continue;
}
$own = q("select name,url,thumb from contact where uid = %d and self = 1 limit 1", intval($importer['importer_uid']));
$datarray['type'] = 'remote-comment';
$datarray['wall'] = 1;
$datarray['parent-uri'] = $parent_uri;
$datarray['uid'] = $importer['importer_uid'];
$datarray['owner-name'] = $own[0]['name'];
$datarray['owner-link'] = $own[0]['url'];
$datarray['owner-avatar'] = $own[0]['thumb'];
$datarray['contact-id'] = $importer['id'];
if ($datarray['verb'] === ACTIVITY_LIKE || $datarray['verb'] === ACTIVITY_DISLIKE) {
$is_like = true;
$datarray['type'] = 'activity';
$datarray['gravity'] = GRAVITY_LIKE;
$datarray['last-child'] = 0;
// only one like or dislike per person
$r = q("select id from item where uid = %d and `contact-id` = %d and verb = '%s' and (`thr-parent` = '%s' or `parent-uri` = '%s') and deleted = 0 limit 1", intval($datarray['uid']), intval($datarray['contact-id']), dbesc($datarray['verb']), dbesc($datarray['parent-uri']), dbesc($datarray['parent-uri']));
if ($r && count($r)) {
continue;
}
}
if ($datarray['verb'] === ACTIVITY_TAG && $datarray['object-type'] === ACTIVITY_OBJ_TAGTERM) {
$xo = parse_xml_string($datarray['object'], false);
$xt = parse_xml_string($datarray['target'], false);
if ($xt->type == ACTIVITY_OBJ_NOTE && $xt->id) {
// fetch the parent item
$tagp = q("select * from item where uri = '%s' and uid = %d limit 1", dbesc($xt->id), intval($importer['importer_uid']));
if (!count($tagp)) {
continue;
}
// extract tag, if not duplicate, and this user allows tags, add to parent item
if ($xo->id && $xo->content) {
$newtag = '#[url=' . $xo->id . ']' . $xo->content . '[/url]';
if (!stristr($tagp[0]['tag'], $newtag)) {
$i = q("SELECT `blocktags` FROM `user` where `uid` = %d LIMIT 1", intval($importer['importer_uid']));
if (count($i) && !intval($i[0]['blocktags'])) {
q("UPDATE item SET tag = '%s', `edited` = '%s' WHERE id = %d LIMIT 1", dbesc($tagp[0]['tag'] . (strlen($tagp[0]['tag']) ? ',' : '') . $newtag), intval($tagp[0]['id']), dbesc(datetime_convert()));
create_tags_from_item($tagp[0]['id']);
}
}
}
}
}
$posted_id = item_store($datarray);
$parent = 0;
if ($posted_id) {
$r = q("SELECT `parent`, `parent-uri` FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($posted_id), intval($importer['importer_uid']));
if (count($r)) {
$parent = $r[0]['parent'];
$parent_uri = $r[0]['parent-uri'];
}
if (!$is_like) {
$r1 = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `uid` = %d AND `parent` = %d", dbesc(datetime_convert()), intval($importer['importer_uid']), intval($r[0]['parent']));
$r2 = q("UPDATE `item` SET `last-child` = 1, `changed` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1", dbesc(datetime_convert()), intval($importer['importer_uid']), intval($posted_id));
}
if ($posted_id && $parent) {
proc_run('php', "include/notifier.php", "comment-import", "{$posted_id}");
if (!$is_like && !$importer['self']) {
require_once 'include/enotify.php';
notification(array('type' => NOTIFY_COMMENT, 'notify_flags' => $importer['notify-flags'], 'language' => $importer['language'], 'to_name' => $importer['username'], 'to_email' => $importer['email'], 'uid' => $importer['importer_uid'], 'item' => $datarray, 'link' => $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $posted_id, 'source_name' => stripslashes($datarray['author-name']), 'source_link' => $datarray['author-link'], 'source_photo' => link_compare($datarray['author-link'], $importer['url']) ? $importer['thumb'] : $datarray['author-avatar'], 'verb' => ACTIVITY_POST, 'otype' => 'item', 'parent' => $parent, 'parent_uri' => $parent_uri));
}
}
return 0;
// NOTREACHED
}
} else {
// regular comment that is part of this total conversation. Have we seen it? If not, import it.
$item_id = $item->get_id();
$datarray = get_atom_elements($feed, $item);
if ($importer['rel'] == CONTACT_IS_FOLLOWER) {
continue;
}
$r = q("SELECT `uid`, `last-child`, `edited`, `body` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($item_id), intval($importer['importer_uid']));
// Update content if 'updated' changes
if (count($r)) {
if (x($datarray, 'edited') !== false && datetime_convert('UTC', 'UTC', $datarray['edited']) !== $r[0]['edited']) {
// do not accept (ignore) an earlier edit than one we currently have.
if (datetime_convert('UTC', 'UTC', $datarray['edited']) < $r[0]['edited']) {
continue;
}
$r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($datarray['title']), dbesc($datarray['body']), dbesc($datarray['tag']), dbesc(datetime_convert('UTC', 'UTC', $datarray['edited'])), dbesc($item_id), intval($importer['importer_uid']));
create_tags_from_itemuri($item_id, $importer['importer_uid']);
}
// update last-child if it changes
$allow = $item->get_item_tags(NAMESPACE_DFRN, 'comment-allow');
if ($allow && $allow[0]['data'] != $r[0]['last-child']) {
$r = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d", dbesc(datetime_convert()), dbesc($parent_uri), intval($importer['importer_uid']));
$r = q("UPDATE `item` SET `last-child` = %d , `changed` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", intval($allow[0]['data']), dbesc(datetime_convert()), dbesc($item_id), intval($importer['importer_uid']));
}
continue;
}
$datarray['parent-uri'] = $parent_uri;
$datarray['uid'] = $importer['importer_uid'];
$datarray['contact-id'] = $importer['id'];
if ($datarray['verb'] == ACTIVITY_LIKE || $datarray['verb'] == ACTIVITY_DISLIKE) {
$datarray['type'] = 'activity';
$datarray['gravity'] = GRAVITY_LIKE;
// only one like or dislike per person
$r = q("select id from item where uid = %d and `contact-id` = %d and verb ='%s' and deleted = 0 and (`parent-uri` = '%s' OR `thr-parent` = '%s') limit 1", intval($datarray['uid']), intval($datarray['contact-id']), dbesc($datarray['verb']), dbesc($parent_uri), dbesc($parent_uri));
if ($r && count($r)) {
continue;
}
}
if ($datarray['verb'] === ACTIVITY_TAG && $datarray['object-type'] === ACTIVITY_OBJ_TAGTERM) {
$xo = parse_xml_string($datarray['object'], false);
$xt = parse_xml_string($datarray['target'], false);
if ($xt->type == ACTIVITY_OBJ_NOTE) {
$r = q("select * from item where `uri` = '%s' AND `uid` = %d limit 1", dbesc($xt->id), intval($importer['importer_uid']));
if (!count($r)) {
continue;
}
// extract tag, if not duplicate, add to parent item
if ($xo->content) {
if (!stristr($r[0]['tag'], trim($xo->content))) {
q("UPDATE item SET tag = '%s' WHERE id = %d LIMIT 1", dbesc($r[0]['tag'] . (strlen($r[0]['tag']) ? ',' : '') . '#[url=' . $xo->id . ']' . $xo->content . '[/url]'), intval($r[0]['id']));
create_tags_from_item($r[0]['id']);
}
}
}
}
$posted_id = item_store($datarray);
// find out if our user is involved in this conversation and wants to be notified.
if (!x($datarray['type']) || $datarray['type'] != 'activity') {
$myconv = q("SELECT `author-link`, `author-avatar`, `parent` FROM `item` WHERE `parent-uri` = '%s' AND `uid` = %d AND `parent` != 0 AND `deleted` = 0", dbesc($top_uri), intval($importer['importer_uid']));
if (count($myconv)) {
$importer_url = $a->get_baseurl() . '/profile/' . $importer['nickname'];
// first make sure this isn't our own post coming back to us from a wall-to-wall event
if (!link_compare($datarray['author-link'], $importer_url)) {
foreach ($myconv as $conv) {
// now if we find a match, it means we're in this conversation
if (!link_compare($conv['author-link'], $importer_url)) {
continue;
}
require_once 'include/enotify.php';
$conv_parent = $conv['parent'];
notification(array('type' => NOTIFY_COMMENT, 'notify_flags' => $importer['notify-flags'], 'language' => $importer['language'], 'to_name' => $importer['username'], 'to_email' => $importer['email'], 'uid' => $importer['importer_uid'], 'item' => $datarray, 'link' => $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $posted_id, 'source_name' => stripslashes($datarray['author-name']), 'source_link' => $datarray['author-link'], 'source_photo' => link_compare($datarray['author-link'], $importer['url']) ? $importer['thumb'] : $datarray['author-avatar'], 'verb' => ACTIVITY_POST, 'otype' => 'item', 'parent' => $conv_parent, 'parent_uri' => $parent_uri));
// only send one notification
break;
}
}
}
}
continue;
}
} else {
// Head post of a conversation. Have we seen it? If not, import it.
$item_id = $item->get_id();
$datarray = get_atom_elements($feed, $item);
if (x($datarray, 'object-type') && $datarray['object-type'] === ACTIVITY_OBJ_EVENT) {
$ev = bbtoevent($datarray['body']);
if (x($ev, 'desc') && x($ev, 'start')) {
$ev['cid'] = $importer['id'];
$ev['uid'] = $importer['uid'];
$ev['uri'] = $item_id;
$ev['edited'] = $datarray['edited'];
$ev['private'] = $datarray['private'];
$r = q("SELECT * FROM `event` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($item_id), intval($importer['uid']));
if (count($r)) {
$ev['id'] = $r[0]['id'];
}
$xyz = event_store($ev);
continue;
}
}
$r = q("SELECT `uid`, `last-child`, `edited`, `body` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($item_id), intval($importer['importer_uid']));
// Update content if 'updated' changes
if (count($r)) {
if (x($datarray, 'edited') !== false && datetime_convert('UTC', 'UTC', $datarray['edited']) !== $r[0]['edited']) {
// do not accept (ignore) an earlier edit than one we currently have.
if (datetime_convert('UTC', 'UTC', $datarray['edited']) < $r[0]['edited']) {
continue;
}
$r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($datarray['title']), dbesc($datarray['body']), dbesc($datarray['tag']), dbesc(datetime_convert('UTC', 'UTC', $datarray['edited'])), dbesc($item_id), intval($importer['importer_uid']));
create_tags_from_itemuri($item_id, $importer['importer_uid']);
}
// update last-child if it changes
$allow = $item->get_item_tags(NAMESPACE_DFRN, 'comment-allow');
if ($allow && $allow[0]['data'] != $r[0]['last-child']) {
$r = q("UPDATE `item` SET `last-child` = %d , `changed` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", intval($allow[0]['data']), dbesc(datetime_convert()), dbesc($item_id), intval($importer['importer_uid']));
}
continue;
}
// This is my contact on another system, but it's really me.
// Turn this into a wall post.
if ($importer['remote_self']) {
$datarray['wall'] = 1;
}
$datarray['parent-uri'] = $item_id;
$datarray['uid'] = $importer['importer_uid'];
$datarray['contact-id'] = $importer['id'];
if (!link_compare($datarray['owner-link'], $importer['url'])) {
// The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery,
// but otherwise there's a possible data mixup on the sender's system.
// the tgroup delivery code called from item_store will correct it if it's a forum,
// but we're going to unconditionally correct it here so that the post will always be owned by our contact.
logger('local_delivery: Correcting item owner.', LOGGER_DEBUG);
$datarray['owner-name'] = $importer['senderName'];
$datarray['owner-link'] = $importer['url'];
$datarray['owner-avatar'] = $importer['thumb'];
}
if ($importer['rel'] == CONTACT_IS_FOLLOWER && !tgroup_check($importer['importer_uid'], $datarray)) {
continue;
}
$posted_id = item_store($datarray);
if (stristr($datarray['verb'], ACTIVITY_POKE)) {
$verb = urldecode(substr($datarray['verb'], strpos($datarray['verb'], '#') + 1));
if (!$verb) {
continue;
}
$xo = parse_xml_string($datarray['object'], false);
if ($xo->type == ACTIVITY_OBJ_PERSON && $xo->id) {
// somebody was poked/prodded. Was it me?
$links = parse_xml_string("<links>" . unxmlify($xo->link) . "</links>", false);
foreach ($links->link as $l) {
$atts = $l->attributes();
switch ($atts['rel']) {
case "alternate":
$Blink = $atts['href'];
break;
default:
break;
}
}
if ($Blink && link_compare($Blink, $a->get_baseurl() . '/profile/' . $importer['nickname'])) {
// send a notification
require_once 'include/enotify.php';
notification(array('type' => NOTIFY_POKE, 'notify_flags' => $importer['notify-flags'], 'language' => $importer['language'], 'to_name' => $importer['username'], 'to_email' => $importer['email'], 'uid' => $importer['importer_uid'], 'item' => $datarray, 'link' => $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $posted_id, 'source_name' => stripslashes($datarray['author-name']), 'source_link' => $datarray['author-link'], 'source_photo' => link_compare($datarray['author-link'], $importer['url']) ? $importer['thumb'] : $datarray['author-avatar'], 'verb' => $datarray['verb'], 'otype' => 'person', 'activity' => $verb));
}
}
}
continue;
}
}
return 0;
// NOTREACHED
}
/**
* @brief
*
* @param array $channel
* @param array $observer
* @param array $args
* @return array
*/
function photo_upload($channel, $observer, $args)
{
$ret = array('success' => false);
$channel_id = $channel['channel_id'];
$account_id = $channel['channel_account_id'];
if (!perm_is_allowed($channel_id, $observer['xchan_hash'], 'post_photos')) {
$ret['message'] = t('Permission denied.');
return $ret;
}
call_hooks('photo_upload_begin', $args);
/*
* Determine the album to use
*/
$album = $args['album'];
$newalbum = $args['newalbum'];
logger('photo_upload: album= ' . $album . ' newalbum= ' . $newalbum, LOGGER_DEBUG);
if (!$album) {
if ($newalbum) {
$album = $newalbum;
} else {
$album = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y-m');
}
}
if (intval($args['visible']) || $args['visible'] === 'true') {
$visible = 1;
} else {
$visible = 0;
}
$str_group_allow = perms2str(is_array($args['group_allow']) ? $args['group_allow'] : explode(',', $args['group_allow']));
$str_contact_allow = perms2str(is_array($args['contact_allow']) ? $args['contact_allow'] : explode(',', $args['contact_allow']));
$str_group_deny = perms2str(is_array($args['group_deny']) ? $args['group_deny'] : explode(',', $args['group_deny']));
$str_contact_deny = perms2str(is_array($args['contact_deny']) ? $args['contact_deny'] : explode(',', $args['contact_deny']));
if ($args['data']) {
// allow an import from a binary string representing the image.
// This bypasses the upload step and max size limit checking
$imagedata = $args['data'];
$filename = $args['filename'];
$filesize = strlen($imagedata);
// this is going to be deleted if it exists
$src = '/tmp/deletemenow';
$type = $args['type'];
} else {
$f = array('src' => '', 'filename' => '', 'filesize' => 0, 'type' => '');
call_hooks('photo_upload_file', $f);
if (x($f, 'src') && x($f, 'filesize')) {
$src = $f['src'];
$filename = $f['filename'];
$filesize = $f['filesize'];
$type = $f['type'];
} else {
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$type = $_FILES['userfile']['type'];
}
if (!$type) {
$type = guess_image_type($filename);
}
logger('photo_upload: received file: ' . $filename . ' as ' . $src . ' (' . $type . ') ' . $filesize . ' bytes', LOGGER_DEBUG);
$maximagesize = get_config('system', 'maximagesize');
if ($maximagesize && $filesize > $maximagesize) {
$ret['message'] = sprintf(t('Image exceeds website size limit of %lu bytes'), $maximagesize);
@unlink($src);
call_hooks('photo_upload_end', $ret);
return $ret;
}
if (!$filesize) {
$ret['message'] = t('Image file is empty.');
@unlink($src);
call_hooks('photo_post_end', $ret);
return $ret;
}
logger('photo_upload: loading the contents of ' . $src, LOGGER_DEBUG);
$imagedata = @file_get_contents($src);
}
$r = q("select sum(size) as total from photo where aid = %d and scale = 0 ", intval($account_id));
$limit = service_class_fetch($channel_id, 'photo_upload_limit');
if ($r && $limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) {
$ret['message'] = upgrade_message();
@unlink($src);
call_hooks('photo_post_end', $ret);
return $ret;
}
$ph = photo_factory($imagedata, $type);
if (!$ph->is_valid()) {
$ret['message'] = t('Unable to process image');
logger('photo_upload: unable to process image');
@unlink($src);
call_hooks('photo_upload_end', $ret);
return $ret;
}
$exif = $ph->orient($src);
@unlink($src);
$max_length = get_config('system', 'max_image_length');
if (!$max_length) {
$max_length = MAX_IMAGE_LENGTH;
}
if ($max_length > 0) {
$ph->scaleImage($max_length);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$smallest = 0;
$photo_hash = $args['resource_id'] ? $args['resource_id'] : photo_new_resource();
$visitor = '';
if ($channel['channel_hash'] !== $observer['xchan_hash']) {
$visitor = $observer['xchan_hash'];
}
$errors = false;
$p = array('aid' => $account_id, 'uid' => $channel_id, 'xchan' => $visitor, 'resource_id' => $photo_hash, 'filename' => $filename, 'album' => $album, 'scale' => 0, 'photo_flags' => PHOTO_NORMAL, 'allow_cid' => $str_contact_allow, 'allow_gid' => $str_group_allow, 'deny_cid' => $str_contact_deny, 'deny_gid' => $str_group_deny);
if ($args['created']) {
$p['created'] = $args['created'];
}
if ($args['edited']) {
$p['edited'] = $args['edited'];
}
if ($args['title']) {
$p['title'] = $args['title'];
}
if ($args['description']) {
$p['description'] = $args['description'];
}
$r1 = $ph->save($p);
if (!$r1) {
$errors = true;
}
if (($width > 640 || $height > 640) && !$errors) {
$ph->scaleImage(640);
$p['scale'] = 1;
$r2 = $ph->save($p);
$smallest = 1;
if (!$r2) {
$errors = true;
}
}
if (($width > 320 || $height > 320) && !$errors) {
$ph->scaleImage(320);
$p['scale'] = 2;
$r3 = $ph->save($p);
$smallest = 2;
if (!$r3) {
$errors = true;
}
}
if ($errors) {
q("delete from photo where resource_id = '%s' and uid = %d", dbesc($photo_hash), intval($channel_id));
$ret['message'] = t('Photo storage failed.');
logger('photo_upload: photo store failed.');
call_hooks('photo_upload_end', $ret);
return $ret;
}
// This will be the width and height of the smallest representation
$width_x_height = $ph->getWidth() . 'x' . $ph->getHeight();
$mid = item_message_id();
// Create item container
$lat = $lon = null;
if ($exif && $exif['GPS']) {
if (feature_enabled($channel_id, 'photo_location')) {
$lat = getGps($exif['GPS']['GPSLatitude'], $exif['GPS']['GPSLatitudeRef']);
$lon = getGps($exif['GPS']['GPSLongitude'], $exif['GPS']['GPSLongitudeRef']);
}
}
$item_flags = ITEM_WALL | ITEM_ORIGIN | ITEM_THREAD_TOP;
$item_restrict = $visible ? ITEM_VISIBLE : ITEM_HIDDEN;
$title = '';
$mid = item_message_id();
$arr = array();
if ($lat && $lon) {
$arr['coord'] = $lat . ' ' . $lon;
}
$arr['aid'] = $account_id;
$arr['uid'] = $channel_id;
$arr['mid'] = $mid;
$arr['parent_mid'] = $mid;
$arr['item_flags'] = $item_flags;
$arr['item_restrict'] = $item_restrict;
$arr['resource_type'] = 'photo';
$arr['resource_id'] = $photo_hash;
$arr['owner_xchan'] = $channel['channel_hash'];
$arr['author_xchan'] = $observer['xchan_hash'];
$arr['title'] = $title;
$arr['allow_cid'] = $str_contact_allow;
$arr['allow_gid'] = $str_group_allow;
$arr['deny_cid'] = $str_contact_deny;
$arr['deny_gid'] = $str_group_deny;
$arr['verb'] = ACTIVITY_POST;
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
// We should also put a width_x_height on large photos. Left as an exercise for
// devs looking fo simple stuff to fix.
$larger = feature_enabled($channel['channel_id'], 'large_photos');
if ($larger) {
$tag = '[zmg]';
if ($r2) {
$smallest = 1;
} else {
$smallest = 0;
}
} else {
if ($width_x_height) {
$tag = '[zmg=' . $width_x_height . ']';
} else {
$tag = '[zmg]';
}
}
$arr['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . $tag . z_root() . "/photo/{$photo_hash}-{$smallest}." . $ph->getExt() . '[/zmg]' . '[/zrl]';
$result = item_store($arr);
$item_id = $result['item_id'];
if ($visible) {
proc_run('php', "include/notifier.php", 'wall-new', $item_id);
}
$ret['success'] = true;
$ret['item'] = $arr;
$ret['body'] = $arr['body'];
$ret['resource_id'] = $photo_hash;
$ret['photoitem_id'] = $item_id;
call_hooks('photo_upload_end', $ret);
return $ret;
}
/**
* @brief
*
* @param array $channel
* @param array $observer
* @param array $args
* @return array
*/
function photo_upload($channel, $observer, $args)
{
$ret = array('success' => false);
$channel_id = $channel['channel_id'];
$account_id = $channel['channel_account_id'];
if (!perm_is_allowed($channel_id, $observer['xchan_hash'], 'write_storage')) {
$ret['message'] = t('Permission denied.');
return $ret;
}
// call_hooks('photo_upload_begin', $args);
/*
* Determine the album to use
*/
$album = $args['album'];
if (intval($args['visible']) || $args['visible'] === 'true') {
$visible = 1;
} else {
$visible = 0;
}
// Set to default channel permissions. If the parent directory (album) has permissions set,
// use those instead. If we have specific permissions supplied, they take precedence over
// all other settings. 'allow_cid' being passed from an external source takes priority over channel settings.
// ...messy... needs re-factoring once the photos/files integration stabilises
$acl = new AccessList($channel);
if (array_key_exists('directory', $args) && $args['directory']) {
$acl->set($args['directory']);
}
if (array_key_exists('allow_cid', $args)) {
$acl->set($args);
}
if (array_key_exists('group_allow', $args) || array_key_exists('contact_allow', $args) || array_key_exists('group_deny', $args) || array_key_exists('contact_deny', $args)) {
$acl->set_from_array($args);
}
$ac = $acl->get();
$os_storage = 0;
if ($args['os_path'] && $args['getimagesize']) {
$imagedata = @file_get_contents($args['os_path']);
$filename = $args['filename'];
$filesize = strlen($imagedata);
// this is going to be deleted if it exists
$src = '/tmp/deletemenow';
$type = $args['getimagesize']['mime'];
$os_storage = 1;
} elseif ($args['data']) {
// allow an import from a binary string representing the image.
// This bypasses the upload step and max size limit checking
$imagedata = $args['data'];
$filename = $args['filename'];
$filesize = strlen($imagedata);
// this is going to be deleted if it exists
$src = '/tmp/deletemenow';
$type = $args['type'];
} else {
$f = array('src' => '', 'filename' => '', 'filesize' => 0, 'type' => '');
// call_hooks('photo_upload_file',$f);
if (x($f, 'src') && x($f, 'filesize')) {
$src = $f['src'];
$filename = $f['filename'];
$filesize = $f['filesize'];
$type = $f['type'];
} else {
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$type = $_FILES['userfile']['type'];
}
if (!$type) {
$type = guess_image_type($filename);
}
logger('photo_upload: received file: ' . $filename . ' as ' . $src . ' (' . $type . ') ' . $filesize . ' bytes', LOGGER_DEBUG);
$maximagesize = get_config('system', 'maximagesize');
if ($maximagesize && $filesize > $maximagesize) {
$ret['message'] = sprintf(t('Image exceeds website size limit of %lu bytes'), $maximagesize);
@unlink($src);
call_hooks('photo_upload_end', $ret);
return $ret;
}
if (!$filesize) {
$ret['message'] = t('Image file is empty.');
@unlink($src);
call_hooks('photo_post_end', $ret);
return $ret;
}
logger('photo_upload: loading the contents of ' . $src, LOGGER_DEBUG);
$imagedata = @file_get_contents($src);
}
$r = q("select sum(size) as total from photo where aid = %d and scale = 0 ", intval($account_id));
$limit = service_class_fetch($channel_id, 'photo_upload_limit');
if ($r && $limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) {
$ret['message'] = upgrade_message();
@unlink($src);
call_hooks('photo_post_end', $ret);
return $ret;
}
$ph = photo_factory($imagedata, $type);
if (!$ph->is_valid()) {
$ret['message'] = t('Unable to process image');
logger('photo_upload: unable to process image');
@unlink($src);
call_hooks('photo_upload_end', $ret);
return $ret;
}
$exif = $ph->orient($args['os_path'] ? $args['os_path'] : $src);
@unlink($src);
$max_length = get_config('system', 'max_image_length');
if (!$max_length) {
$max_length = MAX_IMAGE_LENGTH;
}
if ($max_length > 0) {
$ph->scaleImage($max_length);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$smallest = 0;
$photo_hash = $args['resource_id'] ? $args['resource_id'] : photo_new_resource();
$visitor = '';
if ($channel['channel_hash'] !== $observer['xchan_hash']) {
$visitor = $observer['xchan_hash'];
}
$errors = false;
$p = array('aid' => $account_id, 'uid' => $channel_id, 'xchan' => $visitor, 'resource_id' => $photo_hash, 'filename' => $filename, 'album' => $album, 'scale' => 0, 'photo_usage' => PHOTO_NORMAL, 'allow_cid' => $ac['allow_cid'], 'allow_gid' => $ac['allow_gid'], 'deny_cid' => $ac['deny_cid'], 'deny_gid' => $ac['deny_gid'], 'os_storage' => $os_storage, 'os_path' => $args['os_path']);
if ($args['created']) {
$p['created'] = $args['created'];
}
if ($args['edited']) {
$p['edited'] = $args['edited'];
}
if ($args['title']) {
$p['title'] = $args['title'];
}
if ($args['description']) {
$p['description'] = $args['description'];
}
$r1 = $ph->save($p);
if (!$r1) {
$errors = true;
}
unset($p['os_storage']);
unset($p['os_path']);
if (($width > 640 || $height > 640) && !$errors) {
$ph->scaleImage(640);
$p['scale'] = 1;
$r2 = $ph->save($p);
$smallest = 1;
if (!$r2) {
$errors = true;
}
}
if (($width > 320 || $height > 320) && !$errors) {
$ph->scaleImage(320);
$p['scale'] = 2;
$r3 = $ph->save($p);
$smallest = 2;
if (!$r3) {
$errors = true;
}
}
if ($errors) {
q("delete from photo where resource_id = '%s' and uid = %d", dbesc($photo_hash), intval($channel_id));
$ret['message'] = t('Photo storage failed.');
logger('photo_upload: photo store failed.');
call_hooks('photo_upload_end', $ret);
return $ret;
}
// This will be the width and height of the smallest representation
$width_x_height = $ph->getWidth() . 'x' . $ph->getHeight();
// Create item container
$item_hidden = $visible ? 0 : 1;
$lat = $lon = null;
if ($exif && $exif['GPS']) {
if (feature_enabled($channel_id, 'photo_location')) {
$lat = getGps($exif['GPS']['GPSLatitude'], $exif['GPS']['GPSLatitudeRef']);
$lon = getGps($exif['GPS']['GPSLongitude'], $exif['GPS']['GPSLongitudeRef']);
}
}
if ($args['item']) {
foreach ($args['item'] as $i) {
$item = get_item_elements($i);
$force = false;
if ($item['mid'] === $item['parent_mid']) {
$item['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . $tag . z_root() . "/photo/{$photo_hash}-{$smallest}." . $ph->getExt() . '[/zmg]' . '[/zrl]';
if ($item['author_xchan'] === $channel['channel_hash']) {
$item['sig'] = base64url_encode(rsa_sign($item['body'], $channel['channel_prvkey']));
$item['item_verified'] = 1;
} else {
$item['sig'] = '';
}
$force = true;
}
$r = q("select id, edited from item where mid = '%s' and uid = %d limit 1", dbesc($item['mid']), intval($channel['channel_id']));
if ($r) {
if ($item['edited'] > $r[0]['edited'] || $force) {
$item['id'] = $r[0]['id'];
$item['uid'] = $channel['channel_id'];
item_store_update($item);
continue;
}
} else {
$item['aid'] = $channel['channel_account_id'];
$item['uid'] = $channel['channel_id'];
$item_result = item_store($item);
}
}
} else {
$title = '';
$mid = item_message_id();
$arr = array();
if ($lat && $lon) {
$arr['coord'] = $lat . ' ' . $lon;
}
$arr['aid'] = $account_id;
$arr['uid'] = $channel_id;
$arr['mid'] = $mid;
$arr['parent_mid'] = $mid;
$arr['item_hidden'] = $item_hidden;
$arr['resource_type'] = 'photo';
$arr['resource_id'] = $photo_hash;
$arr['owner_xchan'] = $channel['channel_hash'];
$arr['author_xchan'] = $observer['xchan_hash'];
$arr['title'] = $title;
$arr['allow_cid'] = $ac['allow_cid'];
$arr['allow_gid'] = $ac['allow_gid'];
$arr['deny_cid'] = $ac['deny_cid'];
$arr['deny_gid'] = $ac['deny_gid'];
$arr['verb'] = ACTIVITY_POST;
$arr['item_wall'] = 1;
$arr['item_origin'] = 1;
$arr['item_thread_top'] = 1;
$arr['item_private'] = intval($acl->is_private());
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
// We should also put a width_x_height on large photos. Left as an exercise for
// devs looking for simple stuff to fix.
$larger = feature_enabled($channel['channel_id'], 'large_photos');
if ($larger) {
$tag = '[zmg]';
if ($r2) {
$smallest = 1;
} else {
$smallest = 0;
}
} else {
if ($width_x_height) {
$tag = '[zmg=' . $width_x_height . ']';
} else {
$tag = '[zmg]';
}
}
$arr['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . $tag . z_root() . "/photo/{$photo_hash}-{$smallest}." . $ph->getExt() . '[/zmg]' . '[/zrl]';
$result = item_store($arr);
$item_id = $result['item_id'];
if ($visible) {
proc_run('php', "include/notifier.php", 'wall-new', $item_id);
}
}
$ret['success'] = true;
$ret['item'] = $arr;
$ret['body'] = $arr['body'];
$ret['resource_id'] = $photo_hash;
$ret['photoitem_id'] = $item_id;
call_hooks('photo_upload_end', $ret);
return $ret;
}
