function post()
{
logger('mod-photos: photos_post: begin', LOGGER_DEBUG);
logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA);
logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA);
$ph = photo_factory('');
$phototypes = $ph->supportedTypes();
$can_post = false;
$page_owner_uid = \App::$data['channel']['channel_id'];
if (perm_is_allowed($page_owner_uid, get_observer_hash(), 'write_storage')) {
$can_post = true;
}
if (!$can_post) {
notice(t('Permission denied.') . EOL);
if (is_ajax()) {
killme();
}
return;
}
$s = abook_self($page_owner_uid);
if (!$s) {
notice(t('Page owner information could not be retrieved.') . EOL);
logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid);
if (is_ajax()) {
killme();
}
return;
}
$owner_record = $s[0];
$acl = new \Zotlabs\Access\AccessList(\App::$data['channel']);
if (argc() > 3 && argv(2) === 'album') {
$album = hex2bin(argv(3));
if ($album === t('Profile Photos')) {
// not allowed
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
if (!photos_album_exists($page_owner_uid, $album)) {
notice(t('Album not found.') . EOL);
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
/*
* DELETE photo album and all its photos
*/
if ($_REQUEST['dropalbum'] == t('Delete Album')) {
// This is dangerous because we combined file storage and photos into one interface
// This function will remove all photos from any directory with the same name since
// we have not passed the path value.
// The correct solution would be to use a full pathname from your storage root for 'album'
// We also need to prevent/block removing the storage root folder.
$folder_hash = '';
$r = q("select * from attach where is_dir = 1 and uid = %d and filename = '%s'", intval($page_owner_uid), dbesc($album));
if (!$r) {
notice(t('Album not found.') . EOL);
return;
}
if (count($r) > 1) {
notice(t('Multiple storage folders exist with this album name, but within different directories. Please remove the desired folder or folders using the Files manager') . EOL);
return;
} else {
$folder_hash = $r[0]['hash'];
}
$res = array();
// get the list of photos we are about to delete
if (remote_channel() && !local_channel()) {
$str = photos_album_get_db_idstr($page_owner_uid, $album, remote_channel());
} elseif (local_channel()) {
$str = photos_album_get_db_idstr(local_channel(), $album);
} else {
$str = null;
}
if (!$str) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
$r = q("select id from item where resource_id in ( {$str} ) and resource_type = 'photo' and uid = %d " . item_normal(), intval($page_owner_uid));
if ($r) {
foreach ($r as $i) {
attach_delete($page_owner_uid, $i['resource_id'], 1);
}
}
// remove the associated photos in case they weren't attached to an item
q("delete from photo where resource_id in ( {$str} ) and uid = %d", intval($page_owner_uid));
// @FIXME do the same for the linked attach
if ($folder_hash) {
attach_delete($page_owner_uid, $folder_hash, 1);
$sync = attach_export_data(\App::$data['channel'], $folder_hash, true);
if ($sync) {
build_sync_packet($page_owner_uid, array('file' => array($sync)));
}
}
}
goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address']);
}
if (argc() > 2 && x($_REQUEST, 'delete') && $_REQUEST['delete'] === t('Delete Photo')) {
// same as above but remove single photo
$ob_hash = get_observer_hash();
if (!$ob_hash) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
$r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1", dbesc($ob_hash), intval(local_channel()), dbesc(\App::$argv[2]));
if ($r) {
attach_delete($page_owner_uid, $r[0]['resource_id'], 1);
$sync = attach_export_data(\App::$data['channel'], $r[0]['resource_id'], true);
if ($sync) {
build_sync_packet($page_owner_uid, array('file' => array($sync)));
}
}
goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']);
}
if (argc() > 2 && array_key_exists('move_to_album', $_POST)) {
$m = q("select folder from attach where hash = '%s' and uid = %d limit 1", dbesc(argv(2)), intval($page_owner_uid));
if ($m && $m[0]['folder'] != $_POST['move_to_album']) {
attach_move($page_owner_uid, argv(2), $_POST['move_to_album']);
if (!($_POST['desc'] && $_POST['newtag'])) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
}
}
if (argc() > 2 && (x($_POST, 'desc') !== false || x($_POST, 'newtag') !== false)) {
$desc = x($_POST, 'desc') ? notags(trim($_POST['desc'])) : '';
$rawtags = x($_POST, 'newtag') ? notags(trim($_POST['newtag'])) : '';
$item_id = x($_POST, 'item_id') ? intval($_POST['item_id']) : 0;
$is_nsfw = x($_POST, 'adult') ? intval($_POST['adult']) : 0;
$acl->set_from_array($_POST);
$perm = $acl->get();
$resource_id = argv(2);
if (x($_POST, 'rotate') !== false && (intval($_POST['rotate']) == 1 || intval($_POST['rotate']) == 2)) {
logger('rotate');
$r = q("select * from photo where `resource_id` = '%s' and uid = %d and imgscale = 0 limit 1", dbesc($resource_id), intval($page_owner_uid));
if (count($r)) {
$d = $r[0]['os_storage'] ? @file_get_contents($r[0]['content']) : dbunescbin($r[0]['content']);
$ph = photo_factory($d, $r[0]['mimetype']);
if ($ph->is_valid()) {
$rotate_deg = intval($_POST['rotate']) == 1 ? 270 : 90;
$ph->rotate($rotate_deg);
$width = $ph->getWidth();
$height = $ph->getHeight();
if (intval($r[0]['os_storage'])) {
@file_put_contents($r[0]['content'], $ph->imageString());
$data = $r[0]['content'];
$fsize = @filesize($r[0]['content']);
q("update attach set filesize = %d where hash = '%s' and uid = %d limit 1", intval($fsize), dbesc($resource_id), intval($page_owner_uid));
} else {
$data = $ph->imageString();
$fsize = strlen($data);
}
$x = q("update photo set content = '%s', filesize = %d, height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 0", dbescbin($data), intval($fsize), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 1024 || $height > 1024) {
$ph->scaleImage(1024);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 1", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 640 || $height > 640) {
$ph->scaleImage(640);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 2", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 320 || $height > 320) {
$ph->scaleImage(320);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 3", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
}
}
}
$p = q("SELECT mimetype, is_nsfw, description, resource_id, imgscale, allow_cid, allow_gid, deny_cid, deny_gid FROM photo WHERE resource_id = '%s' AND uid = %d ORDER BY imgscale DESC", dbesc($resource_id), intval($page_owner_uid));
if ($p) {
$ext = $phototypes[$p[0]['mimetype']];
$r = q("UPDATE `photo` SET `description` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", dbesc($desc), dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid));
}
$item_private = $str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny ? true : false;
$old_is_nsfw = $p[0]['is_nsfw'];
if ($old_is_nsfw != $is_nsfw) {
$r = q("update photo set is_nsfw = %d where resource_id = '%s' and uid = %d", intval($is_nsfw), dbesc($resource_id), intval($page_owner_uid));
}
/* Don't make the item visible if the only change was the album name */
$visibility = 0;
if ($p[0]['description'] !== $desc || strlen($rawtags)) {
$visibility = 1;
}
if (!$item_id) {
$item_id = photos_create_item(\App::$data['channel'], get_observer_hash(), $p[0], $visibility);
}
if ($item_id) {
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item_id), intval($page_owner_uid));
if ($r) {
$old_tag = $r[0]['tag'];
$old_inform = $r[0]['inform'];
}
}
// make sure the linked item has the same permissions as the photo regardless of any other changes
$x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d\n\t\t\t\twhere id = %d", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), intval($acl->is_private()), intval($item_id));
// make sure the attach has the same permissions as the photo regardless of any other changes
$x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d and is_photo = 1", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid));
if (strlen($rawtags)) {
$str_tags = '';
$inform = '';
// if the new tag doesn't have a namespace specifier (@foo or #foo) give it a mention
$x = substr($rawtags, 0, 1);
if ($x !== '@' && $x !== '#') {
$rawtags = '@' . $rawtags;
}
require_once 'include/text.php';
$profile_uid = \App::$profile['profile_uid'];
$results = linkify_tags($a, $rawtags, local_channel() ? local_channel() : $profile_uid);
$success = $results['success'];
$post_tags = array();
foreach ($results as $result) {
$success = $result['success'];
if ($success['replaced']) {
$post_tags[] = array('uid' => $profile_uid, 'ttype' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url']);
}
}
$r = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval($page_owner_uid));
if ($r) {
$r = fetch_post_tags($r, true);
$datarray = $r[0];
if ($post_tags) {
if (!array_key_exists('term', $datarray) || !is_array($datarray['term'])) {
$datarray['term'] = $post_tags;
} else {
$datarray['term'] = array_merge($datarray['term'], $post_tags);
}
}
item_store_update($datarray, $execflag);
}
}
$sync = attach_export_data(\App::$data['channel'], $resource_id);
if ($sync) {
build_sync_packet($page_owner_uid, array('file' => array($sync)));
}
goaway(z_root() . '/' . $_SESSION['photo_return']);
return;
// NOTREACHED
}
/**
* default post action - upload a photo
*/
$channel = \App::$data['channel'];
$observer = \App::$data['observer'];
$_REQUEST['source'] = 'photos';
require_once 'include/attach.php';
if (!local_channel()) {
$_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']);
$_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']);
$_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']);
$_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']);
}
$r = attach_store($channel, get_observer_hash(), '', $_REQUEST);
if (!$r['success']) {
notice($r['message'] . EOL);
}
if ($_REQUEST['newalbum']) {
goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex($_REQUEST['newalbum']));
} else {
goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex(datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y')));
}
}
function photos_post(&$a)
{
logger('mod-photos: photos_post: begin', LOGGER_DEBUG);
logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA);
logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA);
$ph = photo_factory('');
$phototypes = $ph->supportedTypes();
$can_post = false;
$page_owner_uid = $a->data['channel']['channel_id'];
if (perm_is_allowed($page_owner_uid, get_observer_hash(), 'write_storage')) {
$can_post = true;
}
if (!$can_post) {
notice(t('Permission denied.') . EOL);
if (is_ajax()) {
killme();
}
return;
}
$s = abook_self($page_owner_uid);
if (!$s) {
notice(t('Page owner information could not be retrieved.') . EOL);
logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid);
if (is_ajax()) {
killme();
}
return;
}
$owner_record = $s[0];
$acl = new AccessList($a->data['channel']);
if (argc() > 3 && argv(2) === 'album') {
$album = hex2bin(argv(3));
if ($album === t('Profile Photos')) {
// not allowed
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
if (!photos_album_exists($page_owner_uid, $album)) {
notice(t('Album not found.') . EOL);
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
/*
* RENAME photo album
*/
$newalbum = notags(trim($_REQUEST['albumname']));
if ($newalbum != $album) {
// @fixme - syncronise with DAV or disallow completely
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
// $x = photos_album_rename($page_owner_uid,$album,$newalbum);
// if($x) {
// $newurl = str_replace(bin2hex($album),bin2hex($newalbum),$_SESSION['photo_return']);
// goaway($a->get_baseurl() . '/' . $newurl);
// }
}
/*
* DELETE photo album and all its photos
*/
if ($_REQUEST['dropalbum'] == t('Delete Album')) {
$res = array();
// get the list of photos we are about to delete
if (remote_channel() && !local_channel()) {
$str = photos_album_get_db_idstr($page_owner_uid, $album, remote_channel());
} elseif (local_channel()) {
$str = photos_album_get_db_idstr(local_channel(), $album);
} else {
$str = null;
}
if (!$str) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
$r = q("select id from item where resource_id in ( {$str} ) and resource_type = 'photo' and uid = %d " . item_normal(), intval($page_owner_uid));
if ($r) {
foreach ($r as $i) {
attach_delete($page_owner_uid, $i['resource_id'], 1);
// This is now being done in attach_delete()
// drop_item($i['id'],false,DROPITEM_PHASE1,true /* force removal of linked items */);
// proc_run('php','include/notifier.php','drop',$i['id']);
}
}
// remove the associated photos in case they weren't attached to an item
q("delete from photo where resource_id in ( {$str} ) and uid = %d", intval($page_owner_uid));
// @FIXME do the same for the linked attach
}
goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address']);
}
if (argc() > 2 && x($_REQUEST, 'delete') && $_REQUEST['delete'] === t('Delete Photo')) {
// same as above but remove single photo
$ob_hash = get_observer_hash();
if (!$ob_hash) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
$r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1", dbesc($ob_hash), intval(local_channel()), dbesc($a->argv[2]));
if ($r) {
/* this happens in attach_delete
q("DELETE FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s'",
intval($page_owner_uid),
dbesc($r[0]['resource_id'])
);
*/
attach_delete($page_owner_uid, $r[0]['resource_id'], 1);
/* this happens in attach_delete
$i = q("SELECT * FROM `item` WHERE `resource_id` = '%s' AND resource_type = 'photo' and `uid` = %d LIMIT 1",
dbesc($r[0]['resource_id']),
intval($page_owner_uid)
);
if(count($i)) {
drop_item($i[0]['id'],true,DROPITEM_PHASE1);
$url = $a->get_baseurl();
}
*/
}
goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']);
}
if ($a->argc > 2 && (x($_POST, 'desc') !== false || x($_POST, 'newtag') !== false) || x($_POST, 'albname') !== false) {
$desc = x($_POST, 'desc') ? notags(trim($_POST['desc'])) : '';
$rawtags = x($_POST, 'newtag') ? notags(trim($_POST['newtag'])) : '';
$item_id = x($_POST, 'item_id') ? intval($_POST['item_id']) : 0;
$albname = x($_POST, 'albname') ? notags(trim($_POST['albname'])) : '';
$is_nsfw = x($_POST, 'adult') ? intval($_POST['adult']) : 0;
$acl->set_from_array($_POST);
$perm = $acl->get();
$resource_id = $a->argv[2];
if (!strlen($albname)) {
$albname = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y');
}
if (x($_POST, 'rotate') !== false && (intval($_POST['rotate']) == 1 || intval($_POST['rotate']) == 2)) {
logger('rotate');
$r = q("select * from photo where `resource_id` = '%s' and uid = %d and scale = 0 limit 1", dbesc($resource_id), intval($page_owner_uid));
if (count($r)) {
$d = $r[0]['os_storage'] ? @file_get_contents($r[0]['data']) : dbunescbin($r[0]['data']);
$ph = photo_factory($d, $r[0]['type']);
if ($ph->is_valid()) {
$rotate_deg = intval($_POST['rotate']) == 1 ? 270 : 90;
$ph->rotate($rotate_deg);
$width = $ph->getWidth();
$height = $ph->getHeight();
if (intval($r[0]['os_storage'])) {
@file_put_contents($r[0]['data'], $ph->imageString());
$data = $r[0]['data'];
$fsize = @filesize($r[0]['data']);
q("update attach set filesize = %d where hash = '%s' and uid = %d limit 1", intval($fsize), dbesc($resource_id), intval($page_owner_uid));
} else {
$data = $ph->imageString();
$fsize = strlen($data);
}
$x = q("update photo set data = '%s', `size` = %d, height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 0", dbescbin($data), intval($fsize), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 1024 || $height > 1024) {
$ph->scaleImage(1024);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 1", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 640 || $height > 640) {
$ph->scaleImage(640);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 2", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 320 || $height > 320) {
$ph->scaleImage(320);
}
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 3", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
}
}
}
$p = q("SELECT type, is_nsfw, description, resource_id, scale, allow_cid, allow_gid, deny_cid, deny_gid FROM photo WHERE resource_id = '%s' AND uid = %d ORDER BY scale DESC", dbesc($resource_id), intval($page_owner_uid));
if ($p) {
$ext = $phototypes[$p[0]['type']];
$r = q("UPDATE `photo` SET `description` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", dbesc($desc), dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid));
}
$item_private = $str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny ? true : false;
$old_is_nsfw = $p[0]['is_nsfw'];
if ($old_is_nsfw != $is_nsfw) {
$r = q("update photo set is_nsfw = %d where resource_id = '%s' and uid = %d", intval($is_nsfw), dbesc($resource_id), intval($page_owner_uid));
}
/* Don't make the item visible if the only change was the album name */
$visibility = 0;
if ($p[0]['description'] !== $desc || strlen($rawtags)) {
$visibility = 1;
}
if (!$item_id) {
$item_id = photos_create_item($a->data['channel'], get_observer_hash(), $p[0], $visibility);
}
if ($item_id) {
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item_id), intval($page_owner_uid));
if ($r) {
$old_tag = $r[0]['tag'];
$old_inform = $r[0]['inform'];
}
}
// make sure the linked item has the same permissions as the photo regardless of any other changes
$x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d\n\t\t\twhere id = %d", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), intval($acl->is_private()), intval($item_id));
// make sure the attach has the same permissions as the photo regardless of any other changes
$x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d and is_photo = 1", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid));
if (strlen($rawtags)) {
$str_tags = '';
$inform = '';
// if the new tag doesn't have a namespace specifier (@foo or #foo) give it a mention
$x = substr($rawtags, 0, 1);
if ($x !== '@' && $x !== '#') {
$rawtags = '@' . $rawtags;
}
require_once 'include/text.php';
$profile_uid = $a->profile['profile_uid'];
$results = linkify_tags($a, $rawtags, local_channel() ? local_channel() : $profile_uid);
$success = $results['success'];
$post_tags = array();
foreach ($results as $result) {
$success = $result['success'];
if ($success['replaced']) {
$post_tags[] = array('uid' => $profile_uid, 'type' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url']);
}
}
$r = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval($page_owner_uid));
if ($r) {
$r = fetch_post_tags($r, true);
$datarray = $r[0];
if ($post_tags) {
if (!array_key_exists('term', $datarray) || !is_array($datarray['term'])) {
$datarray['term'] = $post_tags;
} else {
$datarray['term'] = array_merge($datarray['term'], $post_tags);
}
}
item_store_update($datarray, $execflag);
}
}
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
return;
// NOTREACHED
}
/**
* default post action - upload a photo
*/
$channel = $a->data['channel'];
$observer = $a->data['observer'];
$_REQUEST['source'] = 'photos';
require_once 'include/attach.php';
if (!local_channel()) {
$_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']);
$_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']);
$_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']);
$_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']);
}
$r = attach_store($a->channel, get_observer_hash(), '', $_REQUEST);
if (!$r['success']) {
notice($r['message'] . EOL);
}
if ($_REQUEST['newalbum']) {
goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($_REQUEST['newalbum']));
} else {
goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex(datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y')));
}
}
function photos_post(&$a)
{
logger('mod-photos: photos_post: begin', LOGGER_DEBUG);
logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA);
logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA);
$ph = photo_factory('');
$phototypes = $ph->supportedTypes();
$can_post = false;
$page_owner_uid = $a->data['channel']['channel_id'];
if (perm_is_allowed($page_owner_uid, get_observer_hash(), 'post_photos')) {
$can_post = true;
}
if (!$can_post) {
notice(t('Permission denied.') . EOL);
if (is_ajax()) {
killme();
}
return;
}
$s = abook_self($page_owner_uid);
if (!$s) {
notice(t('Page owner information could not be retrieved.') . EOL);
logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid);
if (is_ajax()) {
killme();
}
return;
}
$owner_record = $s[0];
if (argc() > 3 && argv(2) === 'album') {
$album = hex2bin(argv(3));
if ($album === t('Profile Photos')) {
// not allowed
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
if (!photos_album_exists($page_owner_uid, $album)) {
notice(t('Album not found.') . EOL);
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
/*
* RENAME photo album
*/
$newalbum = notags(trim($_REQUEST['albumname']));
if ($newalbum != $album) {
$x = photos_album_rename($page_owner_uid, $album, $newalbum);
if ($x) {
$newurl = str_replace(bin2hex($album), bin2hex($newalbum), $_SESSION['photo_return']);
goaway($a->get_baseurl() . '/' . $newurl);
}
}
/*
* DELETE photo album and all its photos
*/
if ($_REQUEST['dropalbum'] == t('Delete Album')) {
$res = array();
// get the list of photos we are about to delete
if (remote_user() && !local_user()) {
$str = photos_album_get_db_idstr($page_owner_uid, $album, remote_user());
} elseif (local_user()) {
$str = photos_album_get_db_idstr(local_user(), $album);
} else {
$str = null;
}
if (!$str) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
$r = q("select id, item_restrict from item where resource_id in ( {$str} ) and resource_type = 'photo' and uid = %d", intval($page_owner_uid));
if ($r) {
foreach ($r as $i) {
drop_item($i['id'], false);
if (!$item_restrict) {
proc_run('php', 'include/notifier.php', 'drop', $i['id']);
}
}
}
// remove the associated photos in case they weren't attached to an item
q("delete from photo where resource_id in ( {$str} ) and uid = %d", intval($page_owner_uid));
}
goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address']);
}
if (argc() > 2 && x($_REQUEST, 'delete') && $_REQUEST['delete'] === t('Delete Photo')) {
// same as above but remove single photo
$ob_hash = get_observer_hash();
if (!$ob_hash) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
$r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1", dbesc($ob_hash), intval(local_user()), dbesc($a->argv[2]));
if ($r) {
q("DELETE FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s'", intval($page_owner_uid), dbesc($r[0]['resource_id']));
$i = q("SELECT * FROM `item` WHERE `resource_id` = '%s' AND resource_type = 'photo' and `uid` = %d LIMIT 1", dbesc($r[0]['resource_id']), intval($page_owner_uid));
if (count($i)) {
q("UPDATE `item` SET item_restrict = (item_restrict | %d), `edited` = '%s', `changed` = '%s' WHERE `parent_mid` = '%s' AND `uid` = %d", intval(ITEM_DELETED), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($i[0]['mid']), intval($page_owner_uid));
$url = $a->get_baseurl();
$drop_id = intval($i[0]['id']);
if ($i[0]['visible']) {
proc_run('php', "include/notifier.php", "drop", "{$drop_id}");
}
}
}
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
if ($a->argc > 2 && (x($_POST, 'desc') !== false || x($_POST, 'newtag') !== false) || x($_POST, 'albname') !== false) {
$desc = x($_POST, 'desc') ? notags(trim($_POST['desc'])) : '';
$rawtags = x($_POST, 'newtag') ? notags(trim($_POST['newtag'])) : '';
$item_id = x($_POST, 'item_id') ? intval($_POST['item_id']) : 0;
$albname = x($_POST, 'albname') ? notags(trim($_POST['albname'])) : '';
$str_group_allow = perms2str($_POST['group_allow']);
$str_contact_allow = perms2str($_POST['contact_allow']);
$str_group_deny = perms2str($_POST['group_deny']);
$str_contact_deny = perms2str($_POST['contact_deny']);
$resource_id = $a->argv[2];
if (!strlen($albname)) {
$albname = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y');
}
if (x($_POST, 'rotate') !== false && (intval($_POST['rotate']) == 1 || intval($_POST['rotate']) == 2)) {
logger('rotate');
$r = q("select * from photo where `resource_id` = '%s' and uid = %d and scale = 0 limit 1", dbesc($resource_id), intval($page_owner_uid));
if (count($r)) {
$ph = photo_factory($r[0]['data'], $r[0]['type']);
if ($ph->is_valid()) {
$rotate_deg = intval($_POST['rotate']) == 1 ? 270 : 90;
$ph->rotate($rotate_deg);
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 0 limit 1", dbesc($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
if ($width > 640 || $height > 640) {
$ph->scaleImage(640);
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 1 limit 1", dbesc($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
}
if ($width > 320 || $height > 320) {
$ph->scaleImage(320);
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 2 limit 1", dbesc($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
}
}
}
}
$p = q("SELECT * FROM `photo` WHERE `resource_id` = '%s' AND `uid` = %d and ( photo_flags = %d or photo_flags = %d ) ORDER BY `scale` DESC", dbesc($resource_id), intval($page_owner_uid), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE));
if (count($p)) {
$ext = $phototypes[$p[0]['type']];
$r = q("UPDATE `photo` SET `description` = '%s', `album` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", dbesc($desc), dbesc($albname), dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), dbesc($resource_id), intval($page_owner_uid));
}
$item_private = $str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny ? true : false;
/* Don't make the item visible if the only change was the album name */
$visibility = 0;
if ($p[0]['description'] !== $desc || strlen($rawtags)) {
$visibility = 1;
}
if (!$item_id) {
$item_id = photos_create_item($a->data['channel'], get_observer_hash(), $p[0], $visibility);
}
if ($item_id) {
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item_id), intval($page_owner_uid));
}
if ($r) {
$old_tag = $r[0]['tag'];
$old_inform = $r[0]['inform'];
}
// make sure the linked item has the same permissions as the photo regardless of any other changes
$x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d\n\t\t\twhere id = %d limit 1", dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval($item_private), intval($item_id));
if (strlen($rawtags)) {
$str_tags = '';
$inform = '';
// if the new tag doesn't have a namespace specifier (@foo or #foo) give it a mention
$x = substr($rawtags, 0, 1);
if ($x !== '@' && $x !== '#') {
$rawtags = '@' . $rawtags;
}
$taginfo = array();
$tags = get_tags($rawtags);
if (count($tags)) {
foreach ($tags as $tag) {
// If we already tagged 'Robert Johnson', don't try and tag 'Robert'.
// Robert Johnson should be first in the $tags array
$fullnametagged = false;
for ($x = 0; $x < count($tagged); $x++) {
if (stristr($tagged[$x], $tag . ' ')) {
$fullnametagged = true;
break;
}
}
if ($fullnametagged) {
continue;
}
require_once 'mod/item.php';
$body = $access_tag = '';
$success = handle_tag($a, $body, $access_tag, $str_tags, local_user() ? local_user() : $a->profile['profile_uid'], $tag);
logger('handle_tag: ' . print_r($success, tue), LOGGER_DEBUG);
if ($access_tag) {
logger('access_tag: ' . $tag . ' ' . print_r($access_tag, true), LOGGER_DEBUG);
if (strpos($access_tag, 'cid:') === 0) {
$str_contact_allow .= '<' . substr($access_tag, 4) . '>';
$access_tag = '';
} elseif (strpos($access_tag, 'gid:') === 0) {
$str_group_allow .= '<' . substr($access_tag, 4) . '>';
$access_tag = '';
}
}
if ($success['replaced']) {
$tagged[] = $tag;
$post_tags[] = array('uid' => $a->profile['profile_uid'], 'type' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url']);
}
}
}
$r = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval($page_owner_uid));
if ($r) {
$datarray = $r[0];
$datarray['term'] = $post_tags;
item_store_update($datarray, $execflag);
}
}
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
return;
// NOTREACHED
}
/**
* default post action - upload a photo
*/
$_REQUEST['source'] = 'photos';
$r = photo_upload($a->channel, $a->get_observer(), $_REQUEST);
if (!$r['success']) {
notice($r['message'] . EOL);
}
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}