function post() { $channel = \App::get_channel(); check_form_security_token_redirectOnErr('/settings/tokens', 'settings_tokens'); $token_errs = 0; if (array_key_exists('token', $_POST)) { $atoken_id = $_POST['atoken_id'] ? intval($_POST['atoken_id']) : 0; $name = trim(escape_tags($_POST['name'])); $token = trim($_POST['token']); if (!$name || !$token) { $token_errs++; } if (trim($_POST['expires'])) { $expires = datetime_convert(date_default_timezone_get(), 'UTC', $_POST['expires']); } else { $expires = NULL_DATE; } $max_atokens = service_class_fetch(local_channel(), 'access_tokens'); if ($max_atokens) { $r = q("select count(atoken_id) as total where atoken_uid = %d", intval(local_channel())); if ($r && intval($r[0]['total']) >= $max_tokens) { notice(sprintf(t('This channel is limited to %d tokens'), $max_tokens) . EOL); return; } } } if ($token_errs) { notice(t('Name and Password are required.') . EOL); return; } if ($atoken_id) { $r = q("update atoken set atoken_name = '%s', atoken_token = '%s', atoken_expires = '%s' \n\t\t\t\twhere atoken_id = %d and atoken_uid = %d", dbesc($name), dbesc($token), dbesc($expires), intval($atoken_id), intval($channel['channel_id'])); } else { $r = q("insert into atoken ( atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expires )\n\t\t\t\tvalues ( %d, %d, '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel['channel_id']), dbesc($name), dbesc($token), dbesc($expires)); } $atoken_xchan = substr($channel['channel_hash'], 0, 16) . '.' . $name; $all_perms = \Zotlabs\Access\Permissions::Perms(); if ($all_perms) { foreach ($all_perms as $perm => $desc) { if (array_key_exists('perms_' . $perm, $_POST)) { set_abconfig($channel['channel_id'], $atoken_xchan, 'my_perms', $perm, intval($_POST['perms_' . $perm])); } else { set_abconfig($channel['channel_id'], $atoken_xchan, 'my_perms', $perm, 0); } } } info(t('Token saved.') . EOL); return; }
function chatroom_enter($observer_xchan, $room_id, $status, $client) { if (!$room_id || !$observer_xchan) { return; } $r = q("select * from chatroom where cr_id = %d limit 1", intval($room_id)); if (!$r) { notice(t('Room not found.') . EOL); return false; } require_once 'include/security.php'; $sql_extra = permissions_sql($r[0]['cr_uid']); $x = q("select * from chatroom where cr_id = %d and cr_uid = %d {$sql_extra} limit 1", intval($room_id), intval($r[0]['cr_uid'])); if (!$x) { notice(t('Permission denied.') . EOL); return false; } $limit = service_class_fetch($r[0]['cr_uid'], 'chatters_inroom'); if ($limit !== false) { $y = q("select count(*) as total from chatpresence where cp_room = %d", intval($room_id)); if ($y && $y[0]['total'] > $limit) { notice(t('Room is full') . EOL); return false; } } if (intval($x[0]['cr_expire'])) { $sql = "delete from chat where created < UTC_TIMESTAMP() - INTERVAL " . intval($x[0]['cr_expire']) . " MINUTE and chat_room = " . intval($x[0]['cr_id']); $r = q($sql); } $r = q("select * from chatpresence where cp_xchan = '%s' and cp_room = %d limit 1", dbesc($observer_xchan), intval($room_id)); if ($r) { q("update chatpresence set cp_last = '%s' where cp_id = %d and cp_client = '%s' limit 1", dbesc(datetime_convert()), intval($r[0]['cp_id']), dbesc($client)); return true; } $r = q("insert into chatpresence ( cp_room, cp_xchan, cp_last, cp_status, cp_client )\n\t\tvalues ( %d, '%s', '%s', '%s', '%s' )", intval($room_id), dbesc($observer_xchan), dbesc(datetime_convert()), dbesc($status), dbesc($client)); return $r; }
function wall_attach_post(&$a) { if ($a->argc > 1) { $nick = $a->argv[1]; $r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($nick)); if (!count($r)) { return; } } else { return; } $can_post = false; $visitor = 0; $page_owner_uid = $r[0]['uid']; $page_owner_cid = $r[0]['id']; $page_owner_nick = $r[0]['nickname']; $community_page = $r[0]['page-flags'] == PAGE_COMMUNITY ? true : false; if (local_user() && local_user() == $page_owner_uid) { $can_post = true; } else { if ($community_page && remote_user()) { $cid = 0; if (is_array($_SESSION['remote'])) { foreach ($_SESSION['remote'] as $v) { if ($v['uid'] == $page_owner_uid) { $cid = $v['cid']; break; } } } if ($cid) { $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($cid), intval($page_owner_uid)); if (count($r)) { $can_post = true; $visitor = $cid; } } } } if (!$can_post) { notice(t('Permission denied.') . EOL); killme(); } if (!x($_FILES, 'userfile')) { killme(); } $src = $_FILES['userfile']['tmp_name']; $filename = basename($_FILES['userfile']['name']); $filesize = intval($_FILES['userfile']['size']); $maxfilesize = get_config('system', 'maxfilesize'); /* Found html code written in text field of form, * when trying to upload a file with filesize * greater than upload_max_filesize. Cause is unknown. * Then Filesize gets <= 0. */ if ($filesize <= 0) { notice(t('Sorry, maybe your upload is bigger than the PHP configuration allows') . EOL . t('Or - did you try to upload an empty file?') . EOL); @unlink($src); killme(); } if ($maxfilesize && $filesize > $maxfilesize) { notice(sprintf(t('File exceeds size limit of %d'), $maxfilesize) . EOL); @unlink($src); return; } $r = q("select sum(octet_length(data)) as total from attach where uid = %d ", intval($page_owner_uid)); $limit = service_class_fetch($page_owner_uid, 'attach_upload_limit'); if ($limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) { echo upgrade_message(true) . EOL; @unlink($src); killme(); } $filedata = @file_get_contents($src); $mimetype = z_mime_content_type($filename); $hash = random_string(); $created = datetime_convert(); $r = q("INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )\n\t\tVALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($page_owner_uid), dbesc($hash), dbesc($filename), dbesc($mimetype), intval($filesize), dbesc($filedata), dbesc($created), dbesc($created), dbesc('<' . $page_owner_cid . '>'), dbesc(''), dbesc(''), dbesc('')); @unlink($src); if (!$r) { echo t('File upload failed.') . EOL; killme(); } $r = q("SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1", intval($page_owner_uid), dbesc($created), dbesc($hash)); if (!count($r)) { echo t('File upload failed.') . EOL; killme(); } $lf = "\n"; echo $lf . $lf . '[attachment]' . $r[0]['id'] . '[/attachment]' . $lf; killme(); // NOTREACHED }
function process_channel_sync_delivery($sender, $arr, $deliveries) { /** @FIXME this will sync red structures (channel, pconfig and abook). Eventually we need to make this application agnostic. */ $result = array(); foreach ($deliveries as $d) { $r = q("select * from channel where channel_hash = '%s' limit 1", dbesc($d['hash'])); if (!$r) { $result[] = array($d['hash'], 'not found'); continue; } $channel = $r[0]; $max_friends = service_class_fetch($channel['channel_id'], 'total_channels'); $max_feeds = account_service_class_fetch($channel['channel_account_id'], 'total_feeds'); if ($channel['channel_hash'] != $sender['hash']) { logger('process_channel_sync_delivery: possible forgery. Sender ' . $sender['hash'] . ' is not ' . $channel['channel_hash']); $result[] = array($d['hash'], 'channel mismatch', $channel['channel_name'], ''); continue; } if (array_key_exists('config', $arr) && is_array($arr['config']) && count($arr['config'])) { foreach ($arr['config'] as $cat => $k) { foreach ($arr['config'][$cat] as $k => $v) { set_pconfig($channel['channel_id'], $cat, $k, $v); } } } if (array_key_exists('channel', $arr) && is_array($arr['channel']) && count($arr['channel'])) { $disallowed = array('channel_id', 'channel_account_id', 'channel_primary', 'channel_prvkey', 'channel_address', 'channel_notifyflags'); $clean = array(); foreach ($arr['channel'] as $k => $v) { if (in_array($k, $disallowed)) { continue; } $clean[$k] = $v; } if (count($clean)) { foreach ($clean as $k => $v) { $r = dbq("UPDATE channel set " . dbesc($k) . " = '" . dbesc($v) . "' where channel_id = " . intval($channel['channel_id'])); } } } if (array_key_exists('abook', $arr) && is_array($arr['abook']) && count($arr['abook'])) { $total_friends = 0; $total_feeds = 0; $r = q("select abook_id, abook_flags from abook where abook_channel = %d", intval($channel['channel_id'])); if ($r) { // don't count yourself $total_friends = count($r) > 0 ? count($r) - 1 : 0; foreach ($r as $rr) { if ($rr['abook_flags'] & ABOOK_FLAG_FEED) { $total_feeds++; } } } $disallowed = array('abook_id', 'abook_account', 'abook_channel'); foreach ($arr['abook'] as $abook) { $clean = array(); if ($abook['abook_xchan'] && $abook['entry_deleted']) { logger('process_channel_sync_delivery: removing abook entry for ' . $abook['abook_xchan']); require_once 'include/Contact.php'; $r = q("select abook_id, abook_flags from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d )>0 limit 1", dbesc($abook['abook_xchan']), intval($channel['channel_id']), intval(ABOOK_FLAG_SELF)); if ($r) { contact_remove($channel['channel_id'], $r[0]['abook_id']); if ($total_friends) { $total_friends--; } if ($r[0]['abook_flags'] & ABOOK_FLAG_FEED) { $total_feeds--; } } continue; } // Perform discovery if the referenced xchan hasn't ever been seen on this hub. // This relies on the undocumented behaviour that red sites send xchan info with the abook if ($abook['abook_xchan'] && $abook['xchan_address']) { $h = zot_get_hublocs($abook['abook_xchan']); if (!$h) { $f = zot_finger($abook['xchan_address'], $channel); if (!$f['success']) { logger('process_channel_sync_delivery: abook not probe-able' . $abook['xchan_address']); continue; } $j = json_decode($f['body'], true); if (!($j['success'] && $j['guid'])) { logger('process_channel_sync_delivery: probe failed.'); continue; } $x = import_xchan($j); if (!$x['success']) { logger('process_channel_sync_delivery: import failed.'); continue; } } } foreach ($abook as $k => $v) { if (in_array($k, $disallowed) || strpos($k, 'abook') !== 0) { continue; } $clean[$k] = $v; } if (!array_key_exists('abook_xchan', $clean)) { continue; } $r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($clean['abook_xchan']), intval($channel['channel_id'])); // make sure we have an abook entry for this xchan on this system if (!$r) { if ($max_friends !== false && $total_friends > $max_friends) { logger('process_channel_sync_delivery: total_channels service class limit exceeded'); continue; } if ($max_feeds !== false && $clean['abook_flags'] & ABOOK_FLAG_FEED && $total_feeds > $max_feeds) { logger('process_channel_sync_delivery: total_feeds service class limit exceeded'); continue; } q("insert into abook ( abook_xchan, abook_channel ) values ('%s', %d ) ", dbesc($clean['abook_xchan']), intval($channel['channel_id'])); $total_friends++; if ($clean['abook_flags'] & ABOOK_FLAG_FEED) { $total_feeds++; } } if (count($clean)) { foreach ($clean as $k => $v) { if ($k == 'abook_dob') { $v = dbescdate($v); } $r = dbq("UPDATE abook set " . dbesc($k) . " = '" . dbesc($v) . "' where abook_xchan = '" . dbesc($clean['abook_xchan']) . "' and abook_channel = " . intval($channel['channel_id'])); } } } } // sync collections (privacy groups) oh joy... if (array_key_exists('collections', $arr) && is_array($arr['collections']) && count($arr['collections'])) { $x = q("select * from groups where uid = %d", intval($channel['channel_id'])); foreach ($arr['collections'] as $cl) { $found = false; if ($x) { foreach ($x as $y) { if ($cl['collection'] == $y['hash']) { $found = true; break; } } if ($found) { if ($y['name'] != $cl['name'] || $y['visible'] != $cl['visible'] || $y['deleted'] != $cl['deleted']) { q("update groups set name = '%s', visible = %d, deleted = %d where hash = '%s' and uid = %d", dbesc($cl['name']), intval($cl['visible']), intval($cl['deleted']), dbesc($cl['hash']), intval($channel['channel_id'])); } if (intval($cl['deleted']) && !intval($y['deleted'])) { q("delete from group_member where gid = %d", intval($y['id'])); } } } if (!$found) { $r = q("INSERT INTO `groups` ( hash, uid, visible, deleted, name )\n\t\t\t\t\t\tVALUES( '%s', %d, %d, %d, '%s' ) ", dbesc($cl['collection']), intval($channel['channel_id']), intval($cl['visible']), intval($cl['deleted']), dbesc($cl['name'])); } // now look for any collections locally which weren't in the list we just received. // They need to be removed by marking deleted and removing the members. // This shouldn't happen except for clones created before this function was written. if ($x) { $found_local = false; foreach ($x as $y) { foreach ($arr['collections'] as $cl) { if ($cl['collection'] == $y['hash']) { $found_local = true; break; } } if (!$found_local) { q("delete from group_member where gid = %d", intval($y['id'])); q("update groups set deleted = 1 where id = %d and uid = %d", intval($y['id']), intval($channel['channel_id'])); } } } } // reload the group list with any updates $x = q("select * from groups where uid = %d", intval($channel['channel_id'])); // now sync the members if (array_key_exists('collection_members', $arr) && is_array($arr['collection_members']) && count($arr['collection_members'])) { // first sort into groups keyed by the group hash $members = array(); foreach ($arr['collection_members'] as $cm) { if (!array_key_exists($cm['collection'], $members)) { $members[$cm['collection']] = array(); } $members[$cm['collection']][] = $cm['member']; } // our group list is already synchronised if ($x) { foreach ($x as $y) { // for each group, loop on members list we just received foreach ($members[$y['hash']] as $member) { $found = false; $z = q("select xchan from group_member where gid = %d and uid = %d and xchan = '%s' limit 1", intval($y['id']), intval($channel['channel_id']), dbesc($member)); if ($z) { $found = true; } // if somebody is in the group that wasn't before - add them if (!$found) { q("INSERT INTO `group_member` (`uid`, `gid`, `xchan`)\n\t\t\t\t\t\t\t\t\tVALUES( %d, %d, '%s' ) ", intval($channel['channel_id']), intval($y['id']), dbesc($member)); } } // now retrieve a list of members we have on this site $m = q("select xchan from group_member where gid = %d and uid = %d", intval($y['id']), intval($channel['channel_id'])); if ($m) { foreach ($m as $mm) { // if the local existing member isn't in the list we just received - remove them if (!in_array($mm['xchan'], $members[$y['hash']])) { q("delete from group_member where xchan = '%s' and gid = %d and uid = %d", dbesc($mm['xchan']), intval($y['id']), intval($channel['channel_id'])); } } } } } } } if (array_key_exists('profile', $arr) && is_array($arr['profile']) && count($arr['profile'])) { $disallowed = array('id', 'aid', 'uid'); foreach ($arr['profile'] as $profile) { $x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1", dbesc($profile['profile_guid']), intval($channel['channel_id'])); if (!$x) { q("insert into profile ( profile_guid, aid, uid ) values ('%s', %d, %d)", dbesc($profile['profile_guid']), intval($channel['channel_account_id']), intval($channel['channel_id'])); $x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1", dbesc($profile['profile_guid']), intval($channel['channel_id'])); if (!$x) { continue; } } $clean = array(); foreach ($profile as $k => $v) { if (in_array($k, $disallowed)) { continue; } $clean[$k] = $v; /** * @TODO check if these are allowed, otherwise we'll error * We also need to import local photos if a custom photo is selected */ } if (count($clean)) { foreach ($clean as $k => $v) { $r = dbq("UPDATE profile set " . dbesc($k) . " = '" . dbesc($v) . "' where profile_guid = '" . dbesc($profile['profile_guid']) . "' and uid = " . intval($channel['channel_id'])); } } } } $result[] = array($d['hash'], 'channel sync updated', $channel['channel_name'], ''); } return $result; }
public static function run($argc, $argv) { $maxsysload = intval(get_config('system', 'maxloadavg')); if ($maxsysload < 1) { $maxsysload = 50; } if (function_exists('sys_getloadavg')) { $load = sys_getloadavg(); if (intval($load[0]) > $maxsysload) { logger('system: load ' . $load . ' too high. Poller deferred to next scheduled run.'); return; } } $interval = intval(get_config('system', 'poll_interval')); if (!$interval) { $interval = get_config('system', 'delivery_interval') === false ? 3 : intval(get_config('system', 'delivery_interval')); } // Check for a lockfile. If it exists, but is over an hour old, it's stale. Ignore it. $lockfile = 'store/[data]/poller'; if (file_exists($lockfile) && filemtime($lockfile) > time() - 3600 && !get_config('system', 'override_poll_lockfile')) { logger("poller: Already running"); return; } // Create a lockfile. Needs two vars, but $x doesn't need to contain anything. file_put_contents($lockfile, $x); logger('poller: start'); $manual_id = 0; $generation = 0; $force = false; $restart = false; if ($argc > 1 && $argv[1] == 'force') { $force = true; } if ($argc > 1 && $argv[1] == 'restart') { $restart = true; $generation = intval($argv[2]); if (!$generation) { killme(); } } if ($argc > 1 && intval($argv[1])) { $manual_id = intval($argv[1]); $force = true; } $sql_extra = $manual_id ? " AND abook_id = " . intval($manual_id) . " " : ""; reload_plugins(); $d = datetime_convert(); // Only poll from those with suitable relationships $abandon_sql = $abandon_days ? sprintf(" AND account_lastlog > %s - INTERVAL %s ", db_utcnow(), db_quoteinterval(intval($abandon_days) . ' DAY')) : ''; $randfunc = db_getfunc('RAND'); $contacts = q("SELECT * FROM abook LEFT JOIN xchan on abook_xchan = xchan_hash \n\t\t\tLEFT JOIN account on abook_account = account_id\n\t\t\twhere abook_self = 0\n\t\t\t{$sql_extra} \n\t\t\tAND (( account_flags = %d ) OR ( account_flags = %d )) {$abandon_sql} ORDER BY {$randfunc}", intval(ACCOUNT_OK), intval(ACCOUNT_UNVERIFIED)); if ($contacts) { foreach ($contacts as $contact) { $update = false; $t = $contact['abook_updated']; $c = $contact['abook_connected']; if (intval($contact['abook_feed'])) { $min = service_class_fetch($contact['abook_channel'], 'minimum_feedcheck_minutes'); if (!$min) { $min = intval(get_config('system', 'minimum_feedcheck_minutes')); } if (!$min) { $min = 60; } $x = datetime_convert('UTC', 'UTC', "now - {$min} minutes"); if ($c < $x) { Master::Summon(array('Onepoll', $contact['abook_id'])); if ($interval) { @time_sleep_until(microtime(true) + (double) $interval); } } continue; } if ($contact['xchan_network'] !== 'zot') { continue; } if ($c == $t) { if (datetime_convert('UTC', 'UTC', 'now') > datetime_convert('UTC', 'UTC', $t . " + 1 day")) { $update = true; } } else { // if we've never connected with them, start the mark for death countdown from now if ($c == NULL_DATE) { $r = q("update abook set abook_connected = '%s' where abook_id = %d", dbesc(datetime_convert()), intval($contact['abook_id'])); $c = datetime_convert(); $update = true; } // He's dead, Jim if (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $c . " + 30 day")) > 0) { $r = q("update abook set abook_archived = 1 where abook_id = %d", intval($contact['abook_id'])); $update = false; continue; } if (intval($contact['abook_archived'])) { $update = false; continue; } // might be dead, so maybe don't poll quite so often // recently deceased, so keep up the regular schedule for 3 days if (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $c . " + 3 day")) > 0 && strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $t . " + 1 day")) > 0) { $update = true; } // After that back off and put them on a morphine drip if (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $t . " + 2 day")) > 0) { $update = true; } } if (intval($contact['abook_pending']) || intval($contact['abook_archived']) || intval($contact['abook_ignored']) || intval($contact['abook_blocked'])) { continue; } if (!$update && !$force) { continue; } Master::Summon(array('Onepoll', $contact['abook_id'])); if ($interval) { @time_sleep_until(microtime(true) + (double) $interval); } } } if ($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) { $r = q("SELECT u.ud_addr, u.ud_id, u.ud_last FROM updates AS u INNER JOIN (SELECT ud_addr, max(ud_id) AS ud_id FROM updates WHERE ( ud_flags & %d ) = 0 AND ud_addr != '' AND ( ud_last = '%s' OR ud_last > %s - INTERVAL %s ) GROUP BY ud_addr) AS s ON s.ud_id = u.ud_id ", intval(UPDATE_FLAGS_UPDATED), dbesc(NULL_DATE), db_utcnow(), db_quoteinterval('7 DAY')); if ($r) { foreach ($r as $rr) { // If they didn't respond when we attempted before, back off to once a day // After 7 days we won't bother anymore if ($rr['ud_last'] != NULL_DATE) { if ($rr['ud_last'] > datetime_convert('UTC', 'UTC', 'now - 1 day')) { continue; } } Master::Summon(array('Onedirsync', $rr['ud_id'])); if ($interval) { @time_sleep_until(microtime(true) + (double) $interval); } } } } set_config('system', 'lastpoll', datetime_convert()); //All done - clear the lockfile @unlink($lockfile); return; }
/** * @brief Check service_class restrictions. * * If there are no service_classes defined, everything is allowed. * If $usage is supplied, we check against a maximum count and return true if * the current usage is less than the subscriber plan allows. Otherwise we * return boolean true or false if the property is allowed (or not) in this * subscriber plan. An unset property for this service plan means the property * is allowed, so it is only necessary to provide negative properties for each * plan, or what the subscriber is not allowed to do. * * Like account_service_class_allows() but queries directly by account rather * than channel. Service classes are set for accounts, so we look up the * account for the channel and fetch the service class restrictions of the * account. * * @see account_service_class_allows() if you have a channel_id already * @see service_class_fetch() * * @param int $uid The channel_id to check * @param string $property The service class property to check for * @param string|boolean $usage (optional) The value to check against * @return boolean */ function service_class_allows($uid, $property, $usage = false) { $limit = service_class_fetch($uid, $property); if ($limit === false) { return true; } // No service class set => everything is allowed if ($usage === false) { // We use negative values for not allowed properties in a subscriber plan return x($limit) ? (bool) $limit : true; } else { return intval($usage) < intval($limit) ? true : false; } }
/** * @brief Creates a form to add new folders and upload files. * * @param \Sabre\DAV\INode $node * @param string &$output */ public function htmlActionsPanel(DAV\INode $node, &$output) { if (!$node instanceof DAV\ICollection) { return; } // We also know fairly certain that if an object is a non-extended // SimpleCollection, we won't need to show the panel either. if (get_class($node) === 'Sabre\\DAV\\SimpleCollection') { return; } // Storage and quota for the account (all channels of the owner of this directory)! $limit = engr_units_to_bytes(service_class_fetch($owner, 'attach_upload_limit')); $r = q("SELECT SUM(filesize) AS total FROM attach WHERE aid = %d", intval($this->auth->channel_account_id)); $used = $r[0]['total']; if ($used) { $quotaDesc = t('You are using %1$s of your available file storage.'); $quotaDesc = sprintf($quotaDesc, userReadableSize($used)); } if ($limit && $used) { $quotaDesc = t('You are using %1$s of %2$s available file storage. (%3$s%)'); $quotaDesc = sprintf($quotaDesc, userReadableSize($used), userReadableSize($limit), round($used / $limit, 1) * 100); } // prepare quota for template $quota = array(); $quota['used'] = $used; $quota['limit'] = $limit; $quota['desc'] = $quotaDesc; $quota['warning'] = $limit && round($used / $limit, 1) * 100 >= 90 ? t('WARNING:') : ''; // 10485760 bytes = 100MB $output .= replace_macros(get_markup_template('cloud_actionspanel.tpl'), array('$folder_header' => t('Create new folder'), '$folder_submit' => t('Create'), '$upload_header' => t('Upload file'), '$upload_submit' => t('Upload'), '$quota' => $quota)); }
/** * A lot going on in this function, and some of it is old cruft and some is new cruft * and the entire thing probably needs to be refactored. It started out just storing * files, before we had DAV. It was made extensible to do extra stuff like edit an * existing file or optionally store a separate revision using $options to choose between different * storage models. Along the way we moved from * DB data storage to file system storage. * Then DAV came along and used different upload methods depending on whether the * file was stored as a DAV directory object or updated as a file object. One of these * is essentially an update and the other is basically an upload, but doesn't use the traditional PHP * upload workflow. * Then came hubzilla and we tried to merge photo functionality with the file storage. Most of * that integration occurs within this function. * This required overlap with the old photo_upload stuff and photo albums were * completely different concepts from directories which needed to be reconciled somehow. * The old revision stuff is kind of orphaned currently. There's new revision stuff for photos * which attaches (2) etc. onto the name, but doesn't integrate with the attach table revisioning. * That's where it sits currently. I repeat it needs to be refactored, and this note is here * for future explorers and those who may be doing that work to understand where it came * from and got to be the monstrosity of tangled unrelated code that it currently is. */ function attach_store($channel, $observer_hash, $options = '', $arr = null) { require_once 'include/photos.php'; call_hooks('photo_upload_begin', $arr); $ret = array('success' => false); $channel_id = $channel['channel_id']; $sql_options = ''; $source = $arr ? $arr['source'] : ''; $album = $arr ? $arr['album'] : ''; $newalbum = $arr ? $arr['newalbum'] : ''; $hash = $arr && $arr['hash'] ? $arr['hash'] : null; $upload_path = $arr && $arr['directory'] ? $arr['directory'] : ''; $visible = $arr && $arr['visible'] ? $arr['visible'] : ''; $observer = array(); if ($observer_hash) { $x = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($observer_hash)); if ($x) { $observer = $x[0]; } } logger('arr: ' . print_r($arr, true)); if (!perm_is_allowed($channel_id, $observer_hash, 'write_storage')) { $ret['message'] = t('Permission denied.'); return $ret; } $str_group_allow = perms2str($arr['group_allow']); $str_contact_allow = perms2str($arr['contact_allow']); $str_group_deny = perms2str($arr['group_deny']); $str_contact_deny = perms2str($arr['contact_deny']); // The 'update' option sets db values without uploading a new attachment // 'replace' replaces the existing uploaded data // 'revision' creates a new revision with new upload data // Default is to upload a new file // revise or update must provide $arr['hash'] of the thing to revise/update // By default remove $src when finished $remove_when_processed = true; if ($options === 'import') { $src = $arr['src']; $filename = $arr['filename']; $filesize = @filesize($src); $hash = $arr['resource_id']; if (array_key_exists('hash', $arr)) { $hash = $arr['hash']; } if (array_key_exists('type', $arr)) { $type = $arr['type']; } if ($arr['preserve_original']) { $remove_when_processed = false; } // if importing a directory, just do it now and go home - we're done. if (array_key_exists('is_dir', $arr) && intval($arr['is_dir'])) { $x = attach_mkdir($channel, $observer_hash, $arr); if ($x['message']) { logger('import_directory: ' . $x['message']); } return; } } elseif ($options !== 'update') { $f = array('src' => '', 'filename' => '', 'filesize' => 0, 'type' => ''); call_hooks('photo_upload_file', $f); call_hooks('attach_upload_file', $f); if (x($f, 'src') && x($f, 'filesize')) { $src = $f['src']; $filename = $f['filename']; $filesize = $f['filesize']; $type = $f['type']; } else { if (!x($_FILES, 'userfile')) { $ret['message'] = t('No source file.'); return $ret; } $src = $_FILES['userfile']['tmp_name']; $filename = basename($_FILES['userfile']['name']); $filesize = intval($_FILES['userfile']['size']); } } $existing_size = 0; if ($options === 'replace') { $x = q("select id, hash, filesize from attach where id = %d and uid = %d limit 1", intval($arr['id']), intval($channel_id)); if (!$x) { $ret['message'] = t('Cannot locate file to replace'); return $ret; } $existing_id = $x[0]['id']; $existing_size = intval($x[0]['filesize']); $hash = $x[0]['hash']; } if ($options === 'revise' || $options === 'update') { $sql_options = " order by revision desc "; if ($options === 'update' && $arr && array_key_exists('revision', $arr)) { $sql_options = " and revision = " . intval($arr['revision']) . " "; } $x = q("select id, aid, uid, filename, filetype, filesize, hash, revision, folder, os_storage, is_photo, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where hash = '%s' and uid = %d {$sql_options} limit 1", dbesc($arr['hash']), intval($channel_id)); if (!$x) { $ret['message'] = t('Cannot locate file to revise/update'); return $ret; } $hash = $x[0]['hash']; } $def_extension = ''; $is_photo = 0; $gis = @getimagesize($src); logger('getimagesize: ' . print_r($gis, true), LOGGER_DATA); if ($gis && ($gis[2] === IMAGETYPE_GIF || $gis[2] === IMAGETYPE_JPEG || $gis[2] === IMAGETYPE_PNG)) { $is_photo = 1; if ($gis[2] === IMAGETYPE_GIF) { $def_extension = '.gif'; } if ($gis[2] === IMAGETYPE_JPEG) { $def_extension = '.jpg'; } if ($gis[2] === IMAGETYPE_PNG) { $def_extension = '.png'; } } $pathname = ''; if ($is_photo) { if ($newalbum) { $pathname = filepath_macro($newalbum); } elseif (array_key_exists('folder', $arr)) { $x = q("select filename from attach where hash = '%s' and uid = %d limit 1", dbesc($arr['folder']), intval($channel['channel_id'])); if ($x) { $pathname = $x[0]['filename']; } } else { $pathname = filepath_macro($album); } } else { $pathname = filepath_macro($upload_path); } $darr = array('pathname' => $pathname); // if we need to create a directory, use the channel default permissions. $darr['allow_cid'] = $channel['allow_cid']; $darr['allow_gid'] = $channel['allow_gid']; $darr['deny_cid'] = $channel['deny_cid']; $darr['deny_gid'] = $channel['deny_gid']; $direct = null; if ($pathname) { $x = attach_mkdirp($channel, $observer_hash, $darr); $folder_hash = $x['success'] ? $x['data']['hash'] : ''; $direct = $x['success'] ? $x['data'] : null; if (!$str_contact_allow && !$str_group_allow && !$str_contact_deny && !$str_group_deny) { $str_contact_allow = $x['data']['allow_cid']; $str_group_allow = $x['data']['allow_gid']; $str_contact_deny = $x['data']['deny_cid']; $str_group_deny = $x['data']['deny_gid']; } } else { $folder_hash = $arr && array_key_exists('folder', $arr) ? $arr['folder'] : ''; } if (!$options || $options === 'import') { // A freshly uploaded file. Check for duplicate and resolve with the channel's overwrite settings. $r = q("select filename, id, hash, filesize from attach where filename = '%s' and folder = '%s' ", dbesc($filename), dbesc($folder_hash)); if ($r) { $overwrite = get_pconfig($channel_id, 'system', 'overwrite_dup_files'); if ($overwrite) { $options = 'replace'; $existing_id = $x[0]['id']; $existing_size = intval($x[0]['filesize']); $hash = $x[0]['hash']; } else { if (strpos($filename, '.') !== false) { $basename = substr($filename, 0, strrpos($filename, '.')); $ext = substr($filename, strrpos($filename, '.')); } else { $basename = $filename; $ext = $def_extension; } $r = q("select filename from attach where ( filename = '%s' OR filename like '%s' ) and folder = '%s' ", dbesc($basename . $ext), dbesc($basename . '(%)' . $ext), dbesc($folder_hash)); if ($r) { $x = 1; do { $found = false; foreach ($r as $rr) { if ($rr['filename'] === $basename . '(' . $x . ')' . $ext) { $found = true; break; } } if ($found) { $x++; } } while ($found); $filename = $basename . '(' . $x . ')' . $ext; } else { $filename = $basename . $ext; } } } } if (!$hash) { $hash = random_string(); } // Check storage limits if ($options !== 'update') { $maxfilesize = get_config('system', 'maxfilesize'); if ($maxfilesize && $filesize > $maxfilesize) { $ret['message'] = sprintf(t('File exceeds size limit of %d'), $maxfilesize); if ($remove_when_processed) { @unlink($src); } call_hooks('photo_upload_end', $ret); return $ret; } $limit = service_class_fetch($channel_id, 'attach_upload_limit'); if ($limit !== false) { $r = q("select sum(filesize) as total from attach where aid = %d ", intval($channel['channel_account_id'])); if ($r && $r[0]['total'] + $filesize > $limit - $existing_size) { $ret['message'] = upgrade_message(true) . sprintf(t("You have reached your limit of %1\$.0f Mbytes attachment storage."), $limit / 1024000); if ($remove_when_processed) { @unlink($src); } call_hooks('photo_upload_end', $ret); return $ret; } } $mimetype = isset($type) && $type ? $type : z_mime_content_type($filename); } $os_basepath = 'store/' . $channel['channel_address'] . '/'; $os_relpath = ''; if ($folder_hash) { $curr = find_folder_hash_by_attach_hash($channel_id, $folder_hash, true); if ($curr) { $os_relpath .= $curr . '/'; } $os_relpath .= $folder_hash . '/'; } $os_relpath .= $hash; if ($src) { @file_put_contents($os_basepath . $os_relpath, @file_get_contents($src)); } if (array_key_exists('created', $arr)) { $created = $arr['created']; } else { $created = datetime_convert(); } if (array_key_exists('edited', $arr)) { $edited = $arr['edited']; } else { $edited = $created; } if ($options === 'replace') { $r = q("update attach set filename = '%s', filetype = '%s', folder = '%s', filesize = %d, os_storage = %d, is_photo = %d, data = '%s', edited = '%s' where id = %d and uid = %d", dbesc($filename), dbesc($mimetype), dbesc($folder_hash), intval($filesize), intval(1), intval($is_photo), dbesc($os_relpath), dbesc($created), intval($existing_id), intval($channel_id)); } elseif ($options === 'revise') { $r = q("insert into attach ( aid, uid, hash, creator, filename, filetype, folder, filesize, revision, os_storage, is_photo, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($x[0]['aid']), intval($channel_id), dbesc($x[0]['hash']), dbesc($observer_hash), dbesc($filename), dbesc($mimetype), dbesc($folder_hash), intval($filesize), intval($x[0]['revision'] + 1), intval(1), intval($is_photo), dbesc($os_relpath), dbesc($created), dbesc($created), dbesc($x[0]['allow_cid']), dbesc($x[0]['allow_gid']), dbesc($x[0]['deny_cid']), dbesc($x[0]['deny_gid'])); } elseif ($options === 'update') { $r = q("update attach set filename = '%s', filetype = '%s', folder = '%s', edited = '%s', os_storage = %d, is_photo = %d, \n\t\t\tallow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d", dbesc(array_key_exists('filename', $arr) ? $arr['filename'] : $x[0]['filename']), dbesc(array_key_exists('filetype', $arr) ? $arr['filetype'] : $x[0]['filetype']), dbesc($folder_hash ? $folder_hash : $x[0]['folder']), dbesc($created), dbesc(array_key_exists('os_storage', $arr) ? $arr['os_storage'] : $x[0]['os_storage']), dbesc(array_key_exists('is_photo', $arr) ? $arr['is_photo'] : $x[0]['is_photo']), dbesc(array_key_exists('allow_cid', $arr) ? $arr['allow_cid'] : $x[0]['allow_cid']), dbesc(array_key_exists('allow_gid', $arr) ? $arr['allow_gid'] : $x[0]['allow_gid']), dbesc(array_key_exists('deny_cid', $arr) ? $arr['deny_cid'] : $x[0]['deny_cid']), dbesc(array_key_exists('deny_gid', $arr) ? $arr['deny_gid'] : $x[0]['deny_gid']), intval($x[0]['id']), intval($x[0]['uid'])); } else { $r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, folder, filesize, revision, os_storage, is_photo, data, created, edited, allow_cid, allow_gid,deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel_id), dbesc($hash), dbesc(get_observer_hash()), dbesc($filename), dbesc($mimetype), dbesc($folder_hash), intval($filesize), intval(0), intval(1), intval($is_photo), dbesc($os_relpath), dbesc($created), dbesc($created), dbesc($arr && array_key_exists('allow_cid', $arr) ? $arr['allow_cid'] : $str_contact_allow), dbesc($arr && array_key_exists('allow_gid', $arr) ? $arr['allow_gid'] : $str_group_allow), dbesc($arr && array_key_exists('deny_cid', $arr) ? $arr['deny_cid'] : $str_contact_deny), dbesc($arr && array_key_exists('deny_gid', $arr) ? $arr['deny_gid'] : $str_group_deny)); } if ($is_photo) { $args = array('source' => $source, 'visible' => $visible, 'resource_id' => $hash, 'album' => basename($pathname), 'os_path' => $os_basepath . $os_relpath, 'filename' => $filename, 'getimagesize' => $gis, 'directory' => $direct); if ($arr['contact_allow']) { $args['contact_allow'] = $arr['contact_allow']; } if ($arr['group_allow']) { $args['group_allow'] = $arr['group_allow']; } if ($arr['contact_deny']) { $args['contact_deny'] = $arr['contact_deny']; } if ($arr['group_deny']) { $args['group_deny'] = $arr['group_deny']; } if (array_key_exists('allow_cid', $arr)) { $args['allow_cid'] = $arr['allow_cid']; } if (array_key_exists('allow_gid', $arr)) { $args['allow_gid'] = $arr['allow_gid']; } if (array_key_exists('deny_cid', $arr)) { $args['deny_cid'] = $arr['deny_cid']; } if (array_key_exists('deny_gid', $arr)) { $args['deny_gid'] = $arr['deny_gid']; } $args['created'] = $created; $args['edited'] = $edited; if ($arr['item']) { $args['item'] = $arr['item']; } $p = photo_upload($channel, $observer, $args); if ($p['success']) { $ret['body'] = $p['body']; } } if ($options !== 'update' && $remove_when_processed) { @unlink($src); } if (!$r) { $ret['message'] = t('File upload failed. Possible system limit or action terminated.'); call_hooks('photo_upload_end', $ret); return $ret; } // Caution: This re-uses $sql_options set further above $r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, os_storage, is_photo, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' {$sql_options} limit 1", intval($channel_id), dbesc($hash)); if (!$r) { $ret['message'] = t('Stored file could not be verified. Upload failed.'); call_hooks('photo_upload_end', $ret); return $ret; } $ret['success'] = true; $ret['data'] = $r[0]; if (!$is_photo) { // This would've been called already with a success result in photos_upload() if it was a photo. call_hooks('photo_upload_end', $ret); } return $ret; }
function photos_content(&$a) { // URLs: // photos/name // photos/name/album/xxxxx (xxxxx is album name) // photos/name/image/xxxxx if (get_config('system', 'block_public') && !local_channel() && !remote_channel()) { notice(t('Public access denied.') . EOL); return; } $unsafe = array_key_exists('unsafe', $_REQUEST) && $_REQUEST['unsafe'] ? 1 : 0; require_once 'include/bbcode.php'; require_once 'include/security.php'; require_once 'include/conversation.php'; if (!x($a->data, 'channel')) { notice(t('No photos selected') . EOL); return; } $ph = photo_factory(''); $phototypes = $ph->supportedTypes(); $_SESSION['photo_return'] = $a->cmd; // // Parse arguments // $can_comment = perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'post_comments'); if (argc() > 3) { $datatype = argv(2); $datum = argv(3); } else { if (argc() > 2) { $datatype = argv(2); $datum = ''; } else { $datatype = 'summary'; } } if (argc() > 4) { $cmd = argv(4); } else { $cmd = 'view'; } // // Setup permissions structures // $can_post = false; $visitor = 0; $owner_uid = $a->data['channel']['channel_id']; $owner_aid = $a->data['channel']['channel_account_id']; $observer = $a->get_observer(); $can_post = perm_is_allowed($owner_uid, $observer['xchan_hash'], 'write_storage'); $can_view = perm_is_allowed($owner_uid, $observer['xchan_hash'], 'view_storage'); if (!$can_view) { notice(t('Access to this item is restricted.') . EOL); return; } $sql_extra = permissions_sql($owner_uid); $o = ""; $o .= "<script> var profile_uid = " . $a->profile['profile_uid'] . "; var netargs = '?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n"; // tabs $_is_owner = local_channel() && local_channel() == $owner_uid; $o .= profile_tabs($a, $_is_owner, $a->data['channel']['channel_address']); /** * Display upload form */ if ($can_post) { $uploader = ''; $ret = array('post_url' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'], 'addon_text' => $uploader, 'default_upload' => true); call_hooks('photo_upload_form', $ret); /* Show space usage */ $r = q("select sum(size) as total from photo where aid = %d and scale = 0 ", intval($a->data['channel']['channel_account_id'])); $limit = service_class_fetch($a->data['channel']['channel_id'], 'photo_upload_limit'); if ($limit !== false) { $usage_message = sprintf(t("%1\$.2f MB of %2\$.2f MB photo storage used."), $r[0]['total'] / 1024000, $limit / 1024000); } else { $usage_message = sprintf(t('%1$.2f MB photo storage used.'), $r[0]['total'] / 1024000); } if ($_is_owner) { $channel = $a->get_channel(); $acl = new AccessList($channel); $channel_acl = $acl->get(); $lockstate = $acl->is_private() ? 'lock' : 'unlock'; } $aclselect = $_is_owner ? populate_acl($channel_acl, false) : ''; $selname = $datum ? hex2bin($datum) : ''; $albums = array_key_exists('albums', $a->data) ? $a->data['albums'] : photos_albums_list($a->data['channel'], $a->data['observer']); if (!$selname) { $def_album = get_pconfig($a->data['channel']['channel_id'], 'system', 'photo_path'); if ($def_album) { $selname = filepath_macro($def_album); $albums['album'][] = array('text' => $selname); } } $tpl = get_markup_template('photos_upload.tpl'); $upload_form = replace_macros($tpl, array('$pagename' => t('Upload Photos'), '$sessid' => session_id(), '$usage' => $usage_message, '$nickname' => $a->data['channel']['channel_address'], '$newalbum_label' => t('Enter an album name'), '$newalbum_placeholder' => t('or select an existing album (doubleclick)'), '$visible' => array('visible', t('Create a status post for this upload'), 0, '', array(t('No'), t('Yes'))), '$albums' => $albums['albums'], '$selname' => $selname, '$permissions' => t('Permissions'), '$aclselect' => $aclselect, '$lockstate' => $lockstate, '$uploader' => $ret['addon_text'], '$default' => $ret['default_upload'] ? true : false, '$uploadurl' => $ret['post_url'], '$submit' => t('Submit'))); } // // dispatch request // /* * Display a single photo album */ if ($datatype === 'album') { if (strlen($datum)) { if (strlen($datum) & 1 || !ctype_xdigit($datum)) { notice(t('Album name could not be decoded') . EOL); logger('mod_photos: illegal album encoding: ' . $datum); $datum = ''; } } $album = $datum ? hex2bin($datum) : ''; $r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' \n\t\t\tAND `scale` <= 4 and photo_usage IN ( %d, %d ) and is_nsfw = %d {$sql_extra} GROUP BY `resource_id`", intval($owner_uid), dbesc($album), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval($unsafe)); if (count($r)) { $a->set_pager_total(count($r)); $a->set_pager_itemspage(60); } else { goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address']); } if ($_GET['order'] === 'posted') { $order = 'ASC'; } else { $order = 'DESC'; } $r = q("SELECT p.resource_id, p.id, p.filename, p.type, p.scale, p.description, p.created FROM photo p INNER JOIN\n\t\t\t\t(SELECT resource_id, max(scale) scale FROM photo WHERE uid = %d AND album = '%s' AND scale <= 4 AND photo_usage IN ( %d, %d ) and is_nsfw = %d {$sql_extra} GROUP BY resource_id) ph \n\t\t\t\tON (p.resource_id = ph.resource_id AND p.scale = ph.scale)\n\t\t\tORDER BY created {$order} LIMIT %d OFFSET %d", intval($owner_uid), dbesc($album), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval($unsafe), intval($a->pager['itemspage']), intval($a->pager['start'])); //edit album name $album_edit = null; if ($album !== t('Profile Photos') && $album !== 'Profile Photos' && $album !== 'Contact Photos' && $album !== t('Contact Photos')) { if ($can_post) { if ($a->get_template_engine() === 'internal') { $album_e = template_escape($album); } else { $album_e = $album; } $albums = array_key_exists('albums', $a->data) ? $a->data['albums'] : photos_albums_list($a->data['channel'], $a->data['observer']); // @fixme - syncronise actions with DAV // $edit_tpl = get_markup_template('album_edit.tpl'); // $album_edit = replace_macros($edit_tpl,array( // '$nametext' => t('Enter a new album name'), // '$name_placeholder' => t('or select an existing one (doubleclick)'), // '$nickname' => $a->data['channel']['channel_address'], // '$album' => $album_e, // '$albums' => $albums['albums'], // '$hexalbum' => bin2hex($album), // '$submit' => t('Submit'), // '$dropsubmit' => t('Delete Album') // )); } } if ($_GET['order'] === 'posted') { $order = array(t('Show Newest First'), $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($album)); } else { $order = array(t('Show Oldest First'), $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($album) . '?f=&order=posted'); } $photos = array(); if (count($r)) { $twist = 'rotright'; foreach ($r as $rr) { if ($twist == 'rotright') { $twist = 'rotleft'; } else { $twist = 'rotright'; } $ext = $phototypes[$rr['type']]; $imgalt_e = $rr['filename']; $desc_e = $rr['description']; $imagelink = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $rr['resource_id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : ''); $photos[] = array('id' => $rr['id'], 'twist' => ' ' . $twist . rand(2, 4), 'link' => $imagelink, 'title' => t('View Photo'), 'src' => $a->get_baseurl() . '/photo/' . $rr['resource_id'] . '-' . $rr['scale'] . '.' . $ext, 'alt' => $imgalt_e, 'desc' => $desc_e, 'ext' => $ext, 'hash' => $rr['resource_id'], 'unknown' => t('Unknown')); } } if ($_REQUEST['aj']) { if ($photos) { $o = replace_macros(get_markup_template('photosajax.tpl'), array('$photos' => $photos)); } else { $o = '<div id="content-complete"></div>'; } echo $o; killme(); } else { $o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; $tpl = get_markup_template('photo_album.tpl'); $o .= replace_macros($tpl, array('$photos' => $photos, '$album' => $album, '$album_edit' => array(t('Edit Album'), $album_edit), '$can_post' => $can_post, '$upload' => array(t('Upload'), $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/upload/' . bin2hex($album)), '$order' => $order, '$upload_form' => $upload_form, '$usage' => $usage_message)); } if (!$photos && $_REQUEST['aj']) { $o .= '<div id="content-complete"></div>'; echo $o; killme(); } // $o .= paginate($a); return $o; } /** * Display one photo */ if ($datatype === 'image') { // fetch image, item containing image, then comments $ph = q("SELECT id,aid,uid,xchan,resource_id,created,edited,title,`description`,album,filename,`type`,height,width,`size`,scale,photo_usage,is_nsfw,allow_cid,allow_gid,deny_cid,deny_gid FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s' \n\t\t\t{$sql_extra} ORDER BY `scale` ASC ", intval($owner_uid), dbesc($datum)); if (!$ph) { /* Check again - this time without specifying permissions */ $ph = q("SELECT id FROM photo WHERE uid = %d AND resource_id = '%s' LIMIT 1", intval($owner_uid), dbesc($datum)); if ($ph) { notice(t('Permission denied. Access to this item may be restricted.') . EOL); } else { notice(t('Photo not available') . EOL); } return; } $prevlink = ''; $nextlink = ''; if ($_GET['order'] === 'posted') { $order = 'ASC'; } else { $order = 'DESC'; } $prvnxt = q("SELECT `resource_id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0 \n\t\t\t{$sql_extra} ORDER BY `created` {$order} ", dbesc($ph[0]['album']), intval($owner_uid)); if (count($prvnxt)) { for ($z = 0; $z < count($prvnxt); $z++) { if ($prvnxt[$z]['resource_id'] == $ph[0]['resource_id']) { $prv = $z - 1; $nxt = $z + 1; if ($prv < 0) { $prv = count($prvnxt) - 1; } if ($nxt >= count($prvnxt)) { $nxt = 0; } break; } } $prevlink = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $prvnxt[$prv]['resource_id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : ''); $nextlink = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $prvnxt[$nxt]['resource_id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : ''); } if (count($ph) == 1) { $hires = $lores = $ph[0]; } if (count($ph) > 1) { if ($ph[1]['scale'] == 2) { // original is 640 or less, we can display it directly $hires = $lores = $ph[0]; } else { $hires = $ph[0]; $lores = $ph[1]; } } $album_link = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($ph[0]['album']); $tools = Null; $lock = Null; if ($can_post && $ph[0]['uid'] == $owner_uid) { $tools = array('profile' => array($a->get_baseurl() . '/profile_photo/use/' . $ph[0]['resource_id'], t('Use as profile photo'))); } // lockstate $lockstate = strlen($ph[0]['allow_cid']) || strlen($ph[0]['allow_gid']) || strlen($ph[0]['deny_cid']) || strlen($ph[0]['deny_gid']) ? array('lock', t('Private Photo')) : array('unlock', Null); $a->page['htmlhead'] .= '<script>$(document).keydown(function(event) {' . "\n"; if ($prevlink) { $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 37) { event.preventDefault(); window.location.href = \'' . $prevlink . '\'; }' . "\n"; } if ($nextlink) { $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 39) { event.preventDefault(); window.location.href = \'' . $nextlink . '\'; }' . "\n"; } $a->page['htmlhead'] .= '});</script>'; if ($prevlink) { $prevlink = array($prevlink, t('Previous')); } $photo = array('href' => $a->get_baseurl() . '/photo/' . $hires['resource_id'] . '-' . $hires['scale'] . '.' . $phototypes[$hires['type']], 'title' => t('View Full Size'), 'src' => $a->get_baseurl() . '/photo/' . $lores['resource_id'] . '-' . $lores['scale'] . '.' . $phototypes[$lores['type']] . '?f=&_u=' . datetime_convert('', '', '', 'ymdhis')); if ($nextlink) { $nextlink = array($nextlink, t('Next')); } // Do we have an item for this photo? $linked_items = q("SELECT * FROM item WHERE resource_id = '%s' and resource_type = 'photo' \n\t\t\t{$sql_extra} LIMIT 1", dbesc($datum)); $map = null; if ($linked_items) { xchan_query($linked_items); $linked_items = fetch_post_tags($linked_items, true); $link_item = $linked_items[0]; $item_normal = item_normal(); $r = q("select * from item where parent_mid = '%s' \n\t\t\t\t{$item_normal} and uid = %d {$sql_extra} ", dbesc($link_item['mid']), intval($link_item['uid'])); if ($r) { xchan_query($r); $r = fetch_post_tags($r, true); $r = conv_sort($r, 'commented'); } $tags = array(); if ($link_item['term']) { $cnt = 0; foreach ($link_item['term'] as $t) { $tags[$cnt] = array(0 => format_term_for_display($t)); if ($can_post && $ph[0]['uid'] == $owner_uid) { $tags[$cnt][1] = 'tagrm/drop/' . $link_item['id'] . '/' . bin2hex($t['term']); //?f=&item=' . $link_item['id']; $tags[$cnt][2] = t('Remove'); } $cnt++; } } if (local_channel() && local_channel() == $link_item['uid']) { q("UPDATE `item` SET item_unseen = 0 WHERE parent = %d and uid = %d and item_unseen = 1", intval($link_item['parent']), intval(local_channel())); } if ($link_item['coord']) { $map = generate_map($link_item['coord']); } } // logger('mod_photo: link_item' . print_r($link_item,true)); // FIXME - remove this when we move to conversation module $r = $r[0]['children']; $edit = null; if ($can_post) { $album_e = $ph[0]['album']; $caption_e = $ph[0]['description']; $aclselect_e = $_is_owner ? populate_acl($ph[0]) : ''; $albums = array_key_exists('albums', $a->data) ? $a->data['albums'] : photos_albums_list($a->data['channel'], $a->data['observer']); $_SESSION['album_return'] = bin2hex($ph[0]['album']); $edit = array('edit' => t('Edit photo'), 'id' => $link_item['id'], 'rotatecw' => t('Rotate CW (right)'), 'rotateccw' => t('Rotate CCW (left)'), 'albums' => $albums['albums'], 'album' => $album_e, 'newalbum_label' => t('Enter a new album name'), 'newalbum_placeholder' => t('or select an existing one (doubleclick)'), 'nickname' => $a->data['channel']['channel_address'], 'resource_id' => $ph[0]['resource_id'], 'capt_label' => t('Caption'), 'caption' => $caption_e, 'tag_label' => t('Add a Tag'), 'permissions' => t('Permissions'), 'aclselect' => $aclselect_e, 'lockstate' => $lockstate[0], 'help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com'), 'item_id' => count($linked_items) ? $link_item['id'] : 0, 'adult_enabled' => feature_enabled($owner_uid, 'adult_photo_flagging'), 'adult' => array('adult', t('Flag as adult in album view'), intval($ph[0]['is_nsfw']), ''), 'submit' => t('Submit'), 'delete' => t('Delete Photo')); } if (count($linked_items)) { $cmnt_tpl = get_markup_template('comment_item.tpl'); $tpl = get_markup_template('photo_item.tpl'); $return_url = $a->cmd; $like_tpl = get_markup_template('like_noshare.tpl'); $likebuttons = ''; if ($can_post || $can_comment) { $likebuttons = array('id' => $link_item['id'], 'likethis' => t("I like this (toggle)"), 'nolike' => t("I don't like this (toggle)"), 'share' => t('Share'), 'wait' => t('Please wait')); } $comments = ''; if (!count($r)) { if ($can_post || $can_comment) { $commentbox = replace_macros($cmnt_tpl, array('$return_path' => '', '$mode' => 'photos', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $observer['xchan_url'], '$mytitle' => t('This is you'), '$myphoto' => $observer['xchan_photo_s'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), '$ww' => '', '$feature_encrypt' => false)); } } $alike = array(); $dlike = array(); $like = ''; $dislike = ''; $conv_responses = array('like' => array('title' => t('Likes', 'title')), 'dislike' => array('title' => t('Dislikes', 'title')), 'agree' => array('title' => t('Agree', 'title')), 'disagree' => array('title' => t('Disagree', 'title')), 'abstain' => array('title' => t('Abstain', 'title')), 'attendyes' => array('title' => t('Attending', 'title')), 'attendno' => array('title' => t('Not attending', 'title')), 'attendmaybe' => array('title' => t('Might attend', 'title'))); if ($r) { foreach ($r as $item) { builtin_activity_puller($item, $conv_responses); } $like_count = x($alike, $link_item['mid']) ? $alike[$link_item['mid']] : ''; $like_list = x($alike, $link_item['mid']) ? $alike[$link_item['mid'] . '-l'] : ''; if (count($like_list) > MAX_LIKERS) { $like_list_part = array_slice($like_list, 0, MAX_LIKERS); array_push($like_list_part, '<a href="#" data-toggle="modal" data-target="#likeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>'); } else { $like_list_part = ''; } $like_button_label = tt('Like', 'Likes', $like_count, 'noun'); //if (feature_enabled($conv->get_profile_owner(),'dislike')) { $dislike_count = x($dlike, $link_item['mid']) ? $dlike[$link_item['mid']] : ''; $dislike_list = x($dlike, $link_item['mid']) ? $dlike[$link_item['mid'] . '-l'] : ''; $dislike_button_label = tt('Dislike', 'Dislikes', $dislike_count, 'noun'); if (count($dislike_list) > MAX_LIKERS) { $dislike_list_part = array_slice($dislike_list, 0, MAX_LIKERS); array_push($dislike_list_part, '<a href="#" data-toggle="modal" data-target="#dislikeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>'); } else { $dislike_list_part = ''; } //} $like = isset($alike[$link_item['mid']]) ? format_like($alike[$link_item['mid']], $alike[$link_item['mid'] . '-l'], 'like', $link_item['mid']) : ''; $dislike = isset($dlike[$link_item['mid']]) ? format_like($dlike[$link_item['mid']], $dlike[$link_item['mid'] . '-l'], 'dislike', $link_item['mid']) : ''; // display comments foreach ($r as $item) { $comment = ''; $template = $tpl; $sparkle = ''; if ((activity_match($item['verb'], ACTIVITY_LIKE) || activity_match($item['verb'], ACTIVITY_DISLIKE)) && $item['id'] != $item['parent']) { continue; } $redirect_url = $a->get_baseurl() . '/redir/' . $item['cid']; $profile_url = zid($item['author']['xchan_url']); $sparkle = ''; $profile_name = $item['author']['xchan_name']; $profile_avatar = $item['author']['xchan_photo_m']; $profile_link = $profile_url; $drop = ''; if ($observer['xchan_hash'] === $item['author_xchan'] || $observer['xchan_hash'] === $item['owner_xchan']) { $drop = replace_macros(get_markup_template('photo_drop.tpl'), array('$id' => $item['id'], '$delete' => t('Delete'))); } $name_e = $profile_name; $title_e = $item['title']; unobscure($item); $body_e = prepare_text($item['body'], $item['mimetype']); $comments .= replace_macros($template, array('$id' => $item['id'], '$mode' => 'photos', '$profile_url' => $profile_link, '$name' => $name_e, '$thumb' => $profile_avatar, '$sparkle' => $sparkle, '$title' => $title_e, '$body' => $body_e, '$ago' => relative_date($item['created']), '$indent' => $item['parent'] != $item['id'] ? ' comment' : '', '$drop' => $drop, '$comment' => $comment)); } if ($can_post || $can_comment) { $commentbox = replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $observer['xchan_url'], '$mytitle' => t('This is you'), '$myphoto' => $observer['xchan_photo_s'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$ww' => '')); } } $paginate = paginate($a); } $album_e = array($album_link, $ph[0]['album']); $like_e = $like; $dislike_e = $dislike; $response_verbs = array('like'); if (feature_enabled($owner_uid, 'dislike')) { $response_verbs[] = 'dislike'; } $responses = get_responses($conv_responses, $response_verbs, '', $link_item); $photo_tpl = get_markup_template('photo_view.tpl'); $o .= replace_macros($photo_tpl, array('$id' => $ph[0]['id'], '$album' => $album_e, '$tools' => $tools, '$lock' => $lockstate[1], '$photo' => $photo, '$prevlink' => $prevlink, '$nextlink' => $nextlink, '$desc' => $ph[0]['description'], '$filename' => $ph[0]['filename'], '$unknown' => t('Unknown'), '$tag_hdr' => t('In This Photo:'), '$tags' => $tags, 'responses' => $responses, '$edit' => $edit, '$map' => $map, '$map_text' => t('Map'), '$likebuttons' => $likebuttons, '$like' => $like_e, '$dislike' => $dislike_e, '$like_count' => $like_count, '$like_list' => $like_list, '$like_list_part' => $like_list_part, '$like_button_label' => $like_button_label, '$like_modal_title' => t('Likes', 'noun'), '$dislike_modal_title' => t('Dislikes', 'noun'), '$dislike_count' => $dislike_count, '$dislike_list' => $dislike_list, '$dislike_list_part' => $dislike_list_part, '$dislike_button_label' => $dislike_button_label, '$modal_dismiss' => t('Close'), '$comments' => $comments, '$commentbox' => $commentbox, '$paginate' => $paginate)); $a->data['photo_html'] = $o; return $o; } // Default - show recent photos with upload link (if applicable) //$o = ''; $r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' \n\t\tand photo_usage in ( %d, %d ) and is_nsfw = %d {$sql_extra} GROUP BY `resource_id`", intval($a->data['channel']['channel_id']), dbesc('Contact Photos'), dbesc(t('Contact Photos')), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval($unsafe)); if (count($r)) { $a->set_pager_total(count($r)); $a->set_pager_itemspage(60); } $r = q("SELECT p.resource_id, p.id, p.filename, p.type, p.album, p.scale, p.created FROM photo p INNER JOIN \n\t\t(SELECT resource_id, max(scale) scale FROM photo \n\t\t\tWHERE uid=%d AND album != '%s' AND album != '%s' \n\t\t\tAND photo_usage IN ( %d, %d ) and is_nsfw = %d {$sql_extra} group by resource_id) ph \n\t\tON (p.resource_id = ph.resource_id and p.scale = ph.scale) ORDER by p.created DESC LIMIT %d OFFSET %d", intval($a->data['channel']['channel_id']), dbesc('Contact Photos'), dbesc(t('Contact Photos')), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval($unsafe), intval($a->pager['itemspage']), intval($a->pager['start'])); $photos = array(); if (count($r)) { $twist = 'rotright'; foreach ($r as $rr) { if ($twist == 'rotright') { $twist = 'rotleft'; } else { $twist = 'rotright'; } $ext = $phototypes[$rr['type']]; if ($a->get_template_engine() === 'internal') { $alt_e = template_escape($rr['filename']); $name_e = template_escape($rr['album']); } else { $alt_e = $rr['filename']; $name_e = $rr['album']; } $photos[] = array('id' => $rr['id'], 'twist' => ' ' . $twist . rand(2, 4), 'link' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $rr['resource_id'], 'title' => t('View Photo'), 'src' => $a->get_baseurl() . '/photo/' . $rr['resource_id'] . '-' . ($rr['scale'] == 6 ? 4 : $rr['scale']) . '.' . $ext, 'alt' => $alt_e, 'album' => array('link' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($rr['album']), 'name' => $name_e, 'alt' => t('View Album'))); } } if ($_REQUEST['aj']) { if ($photos) { $o = replace_macros(get_markup_template('photosajax.tpl'), array('$photos' => $photos)); } else { $o = '<div id="content-complete"></div>'; } echo $o; killme(); } else { $o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; $tpl = get_markup_template('photos_recent.tpl'); $o .= replace_macros($tpl, array('$title' => t('Recent Photos'), '$can_post' => $can_post, '$upload' => array(t('Upload'), $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/upload'), '$photos' => $photos, '$upload_form' => $upload_form, '$usage' => $usage_message)); } if (!$photos && $_REQUEST['aj']) { $o .= '<div id="content-complete"></div>'; echo $o; killme(); } // paginate($a); return $o; }
function item_check_service_class($channel_id, $iswebpage) { $ret = array('success' => false, 'message' => ''); if ($iswebpage) { $r = q("select count(i.id) as total from item i \n\t\t\tright join channel c on (i.author_xchan=c.channel_hash and i.uid=c.channel_id ) \n\t\t\tand i.parent=i.id and i.item_type = %d and i.item_deleted = 0 and i.uid= %d ", intval(ITEM_TYPE_WEBPAGE), intval($channel_id)); } else { $r = q("select count(id) as total from item where parent = id and item_wall = 1 and uid = %d " . item_normal(), intval($channel_id)); } if (!$r) { $ret['message'] = t('Unable to obtain post information from database.'); return $ret; } if (!$iswebpage) { $max = service_class_fetch($channel_id, 'total_items'); if (!service_class_allows($channel_id, 'total_items', $r[0]['total'])) { $result['message'] .= upgrade_message() . sprintf(t('You have reached your limit of %1$.0f top level posts.'), $max); return $result; } } else { $max = service_class_fetch($channel_id, 'total_pages'); if (!service_class_allows($channel_id, 'total_pages', $r[0]['total'])) { $result['message'] .= upgrade_message() . sprintf(t('You have reached your limit of %1$.0f webpages.'), $max); return $result; } } $ret['success'] = true; return $ret; }
/** * @brief Return quota usage. * * @fixme Should guests relly see the used/free values from filesystem of the * complete store directory? * * @return array with used and free values in bytes. */ public function getQuotaInfo() { // values from the filesystem of the complete <i>store/</i> directory $limit = disk_total_space('store'); $free = disk_free_space('store'); if ($this->auth->owner_id) { $c = q("select * from channel where channel_id = %d and channel_removed = 0 limit 1", intval($this->auth->owner_id)); $ulimit = engr_units_to_bytes(service_class_fetch($c[0]['channel_id'], 'attach_upload_limit')); $limit = $ulimit ? $ulimit : $limit; $x = q("select sum(filesize) as total from attach where aid = %d", intval($c[0]['channel_account_id'])); $free = $x ? $limit - $x[0]['total'] : 0; } return array($limit - $free, $free); }
function photos_content(&$a) { // URLs: // photos/name // photos/name/upload // photos/name/upload/xxxxx (xxxxx is album name) // photos/name/album/xxxxx // photos/name/album/xxxxx/edit // photos/name/image/xxxxx // photos/name/image/xxxxx/edit if (get_config('system', 'block_public') && !local_user() && !remote_user()) { notice(t('Public access denied.') . EOL); return; } require_once 'include/bbcode.php'; require_once 'include/security.php'; require_once 'include/conversation.php'; if (!x($a->data, 'channel')) { notice(t('No photos selected') . EOL); return; } $ph = photo_factory(''); $phototypes = $ph->supportedTypes(); $_SESSION['photo_return'] = $a->cmd; // // Parse arguments // $can_comment = perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'post_comments'); if (argc() > 3) { $datatype = argv(2); $datum = argv(3); } elseif (argc() > 2 && argv(2) === 'upload') { $datatype = 'upload'; } else { $datatype = 'summary'; } if (argc() > 4) { $cmd = argv(4); } else { $cmd = 'view'; } // // Setup permissions structures // $can_post = false; $visitor = 0; $owner_uid = $a->data['channel']['channel_id']; $owner_aid = $a->data['channel']['channel_account_id']; $observer = $a->get_observer(); $can_post = perm_is_allowed($owner_uid, $observer['xchan_hash'], 'post_photos'); $can_view = perm_is_allowed($owner_uid, $observer['xchan_hash'], 'view_photos'); if (!$can_view) { notice(t('Access to this item is restricted.') . EOL); return; } $sql_extra = permissions_sql($owner_uid); $o = ""; $o .= "<script> var profile_uid = " . $a->profile['profile_uid'] . "; var netargs = '?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n"; // tabs $_is_owner = local_user() && local_user() == $owner_uid; $o .= profile_tabs($a, $_is_owner, $a->data['channel']['channel_address']); // // dispatch request // /** * Display upload form */ if ($datatype === 'upload') { if (!$can_post) { notice(t('Permission denied.')); return; } if (array_key_exists('albums', $a->data)) { $albums = get_app()->data['albums']; } else { $albums = photos_albums_list($a->data['channel'], $a->data['observer']); } $selname = $datum ? hex2bin($datum) : ''; $albumselect = '<select id="photos-upload-album-select" name="album" size="4">'; $albumselect .= '<option value="" ' . (!$selname ? ' selected="selected" ' : '') . '> </option>'; if (count($albums['albums'])) { foreach ($albums['albums'] as $album) { if (!$album['text']) { continue; } $selected = $selname === $album['text'] ? ' selected="selected" ' : ''; $albumselect .= '<option value="' . $album['text'] . '"' . $selected . '>' . $album['text'] . '</option>'; } } $albumselect .= '</select>'; $uploader = ''; $ret = array('post_url' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'], 'addon_text' => $uploader, 'default_upload' => true); call_hooks('photo_upload_form', $ret); $default_upload = '<input id="photos-upload-choose" type="file" name="userfile" /> <div class="photos-upload-submit-wrapper" > <input type="submit" name="submit" value="' . t('Submit') . '" id="photos-upload-submit" /> </div>'; /* Show space usage */ $r = q("select sum(size) as total from photo where aid = %d and scale = 0 ", intval($a->data['channel']['channel_account_id'])); $limit = service_class_fetch($a->data['channel']['channel_id'], 'photo_upload_limit'); if ($limit !== false) { $usage_message = sprintf(t("You have used %1\$.2f Mbytes of %2\$.2f Mbytes photo storage."), $r[0]['total'] / 1024000, $limit / 1024000); } else { $usage_message = sprintf(t('You have used %1$.2f Mbytes of photo storage.'), $r[0]['total'] / 1024000); } if ($_is_owner) { $channel = $a->get_channel(); $channel_acl = array('allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], 'deny_cid' => $channel['channel_deny_cid'], 'deny_gid' => $channel['channel_deny_gid']); } $albumselect_e = $albumselect; $aclselect_e = $_is_owner ? populate_acl($channel_acl, false) : ''; $tpl = get_markup_template('photos_upload.tpl'); $o .= replace_macros($tpl, array('$pagename' => t('Upload Photos'), '$sessid' => session_id(), '$usage' => $usage_message, '$nickname' => $a->data['channel']['channel_address'], '$newalbum' => t('New album name: '), '$existalbumtext' => t('or existing album name: '), '$nosharetext' => t('Do not show a status post for this upload'), '$albumselect' => $albumselect_e, '$permissions' => t('Permissions'), '$aclselect' => $aclselect_e, '$uploader' => $ret['addon_text'], '$default' => $ret['default_upload'] ? $default_upload : '', '$uploadurl' => $ret['post_url'])); return $o; } /* * Display a single photo album */ if ($datatype === 'album') { if (strlen($datum) & 1 || !ctype_xdigit($datum)) { notice(t('Album name could not be decoded') . EOL); logger('mod_photos: illegal album encoding: ' . $datum); $datum = ''; } $album = hex2bin($datum); $r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' \n\t\t\tAND `scale` <= 4 and (photo_flags = %d or photo_flags = %d ) {$sql_extra} GROUP BY `resource_id`", intval($owner_uid), dbesc($album), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE)); if (count($r)) { $a->set_pager_total(count($r)); $a->set_pager_itemspage(60); } if ($_GET['order'] === 'posted') { $order = 'ASC'; } else { $order = 'DESC'; } $r = q("SELECT `resource_id`, `id`, `filename`, type, max(`scale`) AS `scale`, `description` FROM `photo` WHERE `uid` = %d AND `album` = '%s' \n\t\t\tAND `scale` <= 4 and (photo_flags = %d or photo_flags = %d ) {$sql_extra} GROUP BY `resource_id` ORDER BY `created` {$order} LIMIT %d , %d", intval($owner_uid), dbesc($album), intvaL(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval($a->pager['start']), intval($a->pager['itemspage'])); $o .= '<h3>' . $album . '</h3>'; if ($cmd === 'edit') { if ($album !== t('Profile Photos') && $album !== 'Contact Photos' && $album !== t('Contact Photos')) { if ($can_post) { if ($a->get_template_engine() === 'internal') { $album_e = template_escape($album); } else { $album_e = $album; } $edit_tpl = get_markup_template('album_edit.tpl'); $o .= replace_macros($edit_tpl, array('$nametext' => t('New album name: '), '$nickname' => $a->data['channel']['channel_address'], '$album' => $album_e, '$hexalbum' => bin2hex($album), '$submit' => t('Submit'), '$dropsubmit' => t('Delete Album'))); } } } else { if ($album !== t('Profile Photos') && $album !== 'Contact Photos' && $album !== t('Contact Photos')) { if ($can_post) { $o .= '<div id="album-edit-link"><a href="' . $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($album) . '/edit' . '">' . t('Edit Album') . '</a></div>'; } } } if ($_GET['order'] === 'posted') { $o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($album) . '" >' . t('Show Newest First') . '</a></div>'; } else { $o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($album) . '?f=&order=posted" >' . t('Show Oldest First') . '</a></div>'; } if ($can_post) { $o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/upload/' . bin2hex($album) . '" >' . t('Upload New Photos') . '</a></div>'; } $ajaxout = ''; $tpl = get_markup_template('photo_album.tpl'); if (count($r)) { $twist = 'rotright'; $o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; $o .= '<div id="photo-album-contents">'; foreach ($r as $rr) { if ($twist == 'rotright') { $twist = 'rotleft'; } else { $twist = 'rotright'; } $ext = $phototypes[$rr['type']]; $imgalt_e = $rr['filename']; $desc_e = $rr['description']; // prettyphoto has potential license issues, so we can no longer include it in core // The following lines would need to be modified so that they are provided in theme specific files // instead of core modules for themes that wish to make use of prettyphoto. I would suggest // the feature as a per-theme display option and putting the rel line inside a template. // if(feature_enabled($a->data['channel']['channel_id'],'prettyphoto')){ // $imagelink = ($a->get_baseurl() . '/photo/' . $rr['resource_id'] . '.' . $ext ); // $rel=("prettyPhoto[pp_gal]"); // } // else { $imagelink = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $rr['resource_id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : ''); $rel = "photo"; // } $tmp = replace_macros($tpl, array('$id' => $rr['id'], '$twist' => ' ' . $twist . rand(2, 4), '$photolink' => $imagelink, '$rel' => $rel, '$phototitle' => t('View Photo'), '$imgsrc' => $a->get_baseurl() . '/photo/' . $rr['resource_id'] . '-' . $rr['scale'] . '.' . $ext, '$imgalt' => $imgalt_e, '$desc' => $desc_e, '$ext' => $ext, '$hash' => $rr['resource_id'])); if ($_REQUEST['aj']) { $ajaxout .= $tmp; } else { $o .= $tmp; } } } if ($_REQUEST['aj']) { if (!$r) { $ajaxout .= '<div id="content-complete"></div>'; } echo $ajaxout; killme(); } $o .= '<div id="page-end"></div>'; $o .= '</div>'; // photo-album-contents $o .= '<div id="photo-album-end"></div>'; $o .= '<script>$(document).ready(function() { loadingPage = false;});</script>'; $o .= '<div id="page-spinner"></div>'; // $o .= paginate($a); return $o; } /** * Display one photo */ if ($datatype === 'image') { // fetch image, item containing image, then comments $ph = q("SELECT aid,uid,xchan,resource_id,created,edited,title,`description`,album,filename,`type`,height,width,`size`,scale,profile,photo_flags,allow_cid,allow_gid,deny_cid,deny_gid FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s' \n\t\t\tand (photo_flags = %d or photo_flags = %d ) {$sql_extra} ORDER BY `scale` ASC ", intval($owner_uid), dbesc($datum), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE)); if (!$ph) { /* Check again - this time without specifying permissions */ $ph = q("SELECT id FROM photo WHERE uid = %d AND resource_id = '%s' \n\t\t\t\tand ( photo_flags = %d or photo_flags = %d )\n\t\t\t\tLIMIT 1", intval($owner_uid), dbesc($datum), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE)); if ($ph) { notice(t('Permission denied. Access to this item may be restricted.') . EOL); } else { notice(t('Photo not available') . EOL); } return; } $prevlink = ''; $nextlink = ''; if ($_GET['order'] === 'posted') { $order = 'ASC'; } else { $order = 'DESC'; } $prvnxt = q("SELECT `resource_id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0 \n\t\t\tand ( photo_flags = %d or photo_flags = %d ) {$sql_extra} ORDER BY `created` {$order} ", dbesc($ph[0]['album']), intval($owner_uid), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE)); if (count($prvnxt)) { for ($z = 0; $z < count($prvnxt); $z++) { if ($prvnxt[$z]['resource_id'] == $ph[0]['resource_id']) { $prv = $z - 1; $nxt = $z + 1; if ($prv < 0) { $prv = count($prvnxt) - 1; } if ($nxt >= count($prvnxt)) { $nxt = 0; } break; } } $prevlink = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $prvnxt[$prv]['resource_id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : ''); $nextlink = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $prvnxt[$nxt]['resource_id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : ''); } if (count($ph) == 1) { $hires = $lores = $ph[0]; } if (count($ph) > 1) { if ($ph[1]['scale'] == 2) { // original is 640 or less, we can display it directly $hires = $lores = $ph[0]; } else { $hires = $ph[0]; $lores = $ph[1]; } } $album_link = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($ph[0]['album']); $tools = Null; $lock = Null; if ($can_post && $ph[0]['uid'] == $owner_uid) { $tools = array('profile' => array($a->get_baseurl() . '/profile_photo/use/' . $ph[0]['resource_id'], t('Use as profile photo'))); // lock $lock = $ph[0]['uid'] == local_user() && (strlen($ph[0]['allow_cid']) || strlen($ph[0]['allow_gid']) || strlen($ph[0]['deny_cid']) || strlen($ph[0]['deny_gid'])) ? t('Private Message') : Null; } $a->page['htmlhead'] .= '<script>$(document).keydown(function(event) {' . "\n"; if ($prevlink) { $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 37) { event.preventDefault(); window.location.href = \'' . $prevlink . '\'; }' . "\n"; } if ($nextlink) { $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 39) { event.preventDefault(); window.location.href = \'' . $nextlink . '\'; }' . "\n"; } $a->page['htmlhead'] .= '});</script>'; if ($prevlink) { $prevlink = array($prevlink, '<i class="icon-backward photo-icons""></i>'); } $photo = array('href' => $a->get_baseurl() . '/photo/' . $hires['resource_id'] . '-' . $hires['scale'] . '.' . $phototypes[$hires['type']], 'title' => t('View Full Size'), 'src' => $a->get_baseurl() . '/photo/' . $lores['resource_id'] . '-' . $lores['scale'] . '.' . $phototypes[$lores['type']] . '?f=&_u=' . datetime_convert('', '', '', 'ymdhis')); if ($nextlink) { $nextlink = array($nextlink, '<i class="icon-forward photo-icons"></i>'); } // Do we have an item for this photo? $linked_items = q("SELECT * FROM item WHERE resource_id = '%s' and resource_type = 'photo' \n\t\t\t{$sql_extra} LIMIT 1", dbesc($datum)); if ($linked_items) { xchan_query($linked_items); $linked_items = fetch_post_tags($linked_items, true); $link_item = $linked_items[0]; $r = q("select * from item where parent_mid = '%s' \n\t\t\t\tand item_restrict = 0 and uid = %d {$sql_extra} ", dbesc($link_item['mid']), intval($link_item['uid'])); if ($r) { xchan_query($r); $r = fetch_post_tags($r, true); $r = conv_sort($r, 'commented'); } $tags = array(); if ($link_item['term']) { $cnt = 0; foreach ($link_item['term'] as $t) { $tags[$cnt] = array(0 => format_term_for_display($t)); } if ($can_post && $ph[0]['uid'] == $owner_uid) { $tags[$cnt][1] = 'tagrm?f=&item=' . $link_item['id']; $tags[$cnt][2] = t('Remove'); } $cnt++; } if (local_user() && local_user() == $link_item['uid']) { q("UPDATE `item` SET item_flags = (item_flags ^ %d) WHERE parent = %d and uid = %d and (item_flags & %d)", intval(ITEM_UNSEEN), intval($link_item['parent']), intval(local_user()), intval(ITEM_UNSEEN)); } } // logger('mod_photo: link_item' . print_r($link_item,true)); // FIXME - remove this when we move to conversation module $r = $r[0]['children']; $edit = null; if ($can_post) { if (array_key_exists('albums', $a->data)) { $albums = get_app()->data['albums']; } else { $albums = photos_albums_list($a->data['channel'], $a->data['observer']); } $album_e = $ph[0]['album']; $caption_e = $ph[0]['description']; $aclselect_e = populate_acl($ph[0]); $edit = array('edit' => t('Edit photo'), 'id' => $ph[0]['id'], 'rotatecw' => t('Rotate CW (right)'), 'rotateccw' => t('Rotate CCW (left)'), 'albums' => $albums['albums'], 'album' => $album_e, 'newalbum' => t('New album name'), 'nickname' => $a->data['channel']['channel_address'], 'resource_id' => $ph[0]['resource_id'], 'capt_label' => t('Caption'), 'caption' => $caption_e, 'tag_label' => t('Add a Tag'), 'permissions' => t('Permissions'), 'aclselect' => $aclselect_e, 'help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com, #California, #camping'), 'item_id' => count($linked_items) ? $link_item['id'] : 0, 'submit' => t('Submit'), 'delete' => t('Delete Photo')); } if (count($linked_items)) { $cmnt_tpl = get_markup_template('comment_item.tpl'); $tpl = get_markup_template('photo_item.tpl'); $return_url = $a->cmd; $like_tpl = get_markup_template('like_noshare.tpl'); $likebuttons = ''; if ($can_post || $can_comment) { $likebuttons = replace_macros($like_tpl, array('$id' => $link_item['id'], '$likethis' => t("I like this (toggle)"), '$nolike' => t("I don't like this (toggle)"), '$share' => t('Share'), '$wait' => t('Please wait'))); } $comments = ''; if (!count($r)) { if ($can_post || $can_comment) { $comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$mode' => 'photos', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $observer['xchan_url'], '$mytitle' => t('This is you'), '$myphoto' => $observer['xchan_photo_s'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), '$ww' => '', '$feature_encrypt' => false)); } } $alike = array(); $dlike = array(); $like = ''; $dislike = ''; // display comments if ($r) { foreach ($r as $item) { like_puller($a, $item, $alike, 'like'); like_puller($a, $item, $dlike, 'dislike'); } $like = isset($alike[$link_item['id']]) ? format_like($alike[$link_item['id']], $alike[$link_item['id'] . '-l'], 'like', $link_item['id']) : ''; $dislike = isset($dlike[$link_item['id']]) ? format_like($dlike[$link_item['id']], $dlike[$link_item['id'] . '-l'], 'dislike', $link_item['id']) : ''; foreach ($r as $item) { $comment = ''; $template = $tpl; $sparkle = ''; if ((activity_match($item['verb'], ACTIVITY_LIKE) || activity_match($item['verb'], ACTIVITY_DISLIKE)) && $item['id'] != $item['parent']) { continue; } $redirect_url = $a->get_baseurl() . '/redir/' . $item['cid']; $profile_url = zid($item['author']['xchan_url']); $sparkle = ''; $profile_name = $item['author']['xchan_name']; $profile_avatar = $item['author']['xchan_photo_m']; $profile_link = $profile_url; $drop = ''; if ($observer['xchan_hash'] === $item['author_xchan'] || $observer['xchan_hash'] === $item['owner_xchan']) { $drop = replace_macros(get_markup_template('photo_drop.tpl'), array('$id' => $item['id'], '$delete' => t('Delete'))); } $name_e = $profile_name; $title_e = $item['title']; unobscure($item); $body_e = prepare_text($item['body'], $item['mimetype']); $comments .= replace_macros($template, array('$id' => $item['item_id'], '$mode' => 'photos', '$profile_url' => $profile_link, '$name' => $name_e, '$thumb' => $profile_avatar, '$sparkle' => $sparkle, '$title' => $title_e, '$body' => $body_e, '$ago' => relative_date($item['created']), '$indent' => $item['parent'] != $item['item_id'] ? ' comment' : '', '$drop' => $drop, '$comment' => $comment)); } if ($can_post || $can_comment) { $comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $observer['xchan_url'], '$mytitle' => t('This is you'), '$myphoto' => $observer['xchan_photo_s'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$ww' => '')); } } $paginate = paginate($a); } $album_e = array($album_link, $ph[0]['album']); $like_e = $like; $dislike_e = $dislike; $photo_tpl = get_markup_template('photo_view.tpl'); $o .= replace_macros($photo_tpl, array('$id' => $ph[0]['id'], '$album' => $album_e, '$tools' => $tools, '$lock' => $lock, '$photo' => $photo, '$prevlink' => $prevlink, '$nextlink' => $nextlink, '$desc' => $ph[0]['description'], '$tag_hdr' => t('In This Photo:'), '$tags' => $tags, '$edit' => $edit, '$likebuttons' => $likebuttons, '$like' => $like_e, '$dislike' => $dislike_e, '$comments' => $comments, '$paginate' => $paginate)); $a->data['photo_html'] = $o; return $o; } // Default - show recent photos with upload link (if applicable) //$o = ''; $r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' \n\t\tand ( photo_flags = %d or photo_flags = %d ) {$sql_extra} GROUP BY `resource_id`", intval($a->data['channel']['channel_id']), dbesc('Contact Photos'), dbesc(t('Contact Photos')), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE)); if (count($r)) { $a->set_pager_total(count($r)); $a->set_pager_itemspage(60); } $r = q("SELECT `resource_id`, `id`, `filename`, type, `album`, max(`scale`) AS `scale` FROM `photo`\n\t\tWHERE `uid` = %d AND `album` != '%s' AND `album` != '%s'\n\t\tand ( photo_flags = %d or photo_flags = %d ) \n\t\t{$sql_extra} GROUP BY `resource_id` ORDER BY `created` DESC LIMIT %d , %d", intval($a->data['channel']['channel_id']), dbesc('Contact Photos'), dbesc(t('Contact Photos')), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval($a->pager['start']), intval($a->pager['itemspage'])); $photos = array(); if (count($r)) { $twist = 'rotright'; foreach ($r as $rr) { if ($twist == 'rotright') { $twist = 'rotleft'; } else { $twist = 'rotright'; } $ext = $phototypes[$rr['type']]; if ($a->get_template_engine() === 'internal') { $alt_e = template_escape($rr['filename']); $name_e = template_escape($rr['album']); } else { $alt_e = $rr['filename']; $name_e = $rr['album']; } $photos[] = array('id' => $rr['id'], 'twist' => ' ' . $twist . rand(2, 4), 'link' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $rr['resource_id'], 'title' => t('View Photo'), 'src' => $a->get_baseurl() . '/photo/' . $rr['resource_id'] . '-' . ($rr['scale'] == 6 ? 4 : $rr['scale']) . '.' . $ext, 'alt' => $alt_e, 'album' => array('link' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($rr['album']), 'name' => $name_e, 'alt' => t('View Album'))); } } if ($_REQUEST['aj']) { if ($photos) { $o = replace_macros(get_markup_template('photosajax.tpl'), array('$photos' => $photos)); } else { $o = '<div id="content-complete"></div>'; } echo $o; killme(); } else { $o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; $tpl = get_markup_template('photos_recent.tpl'); $o .= replace_macros($tpl, array('$title' => t('Recent Photos'), '$can_post' => $can_post, '$upload' => array(t('Upload New Photos'), $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/upload'), '$photos' => $photos)); } if (!$photos && $_REQUEST['aj']) { $o .= '<div id="content-complete"></div>'; echo $o; killme(); } // $o .= paginate($a); return $o; }
/** * @brief * * @param array $channel * @param array $observer * @param array $args * @return array */ function photo_upload($channel, $observer, $args) { $ret = array('success' => false); $channel_id = $channel['channel_id']; $account_id = $channel['channel_account_id']; if (!perm_is_allowed($channel_id, $observer['xchan_hash'], 'write_storage')) { $ret['message'] = t('Permission denied.'); return $ret; } // call_hooks('photo_upload_begin', $args); /* * Determine the album to use */ $album = $args['album']; if (intval($args['visible']) || $args['visible'] === 'true') { $visible = 1; } else { $visible = 0; } $deliver = true; if (array_key_exists('deliver', $args)) { $deliver = intval($args['deliver']); } // Set to default channel permissions. If the parent directory (album) has permissions set, // use those instead. If we have specific permissions supplied, they take precedence over // all other settings. 'allow_cid' being passed from an external source takes priority over channel settings. // ...messy... needs re-factoring once the photos/files integration stabilises $acl = new Zotlabs\Access\AccessList($channel); if (array_key_exists('directory', $args) && $args['directory']) { $acl->set($args['directory']); } if (array_key_exists('allow_cid', $args)) { $acl->set($args); } if (array_key_exists('group_allow', $args) || array_key_exists('contact_allow', $args) || array_key_exists('group_deny', $args) || array_key_exists('contact_deny', $args)) { $acl->set_from_array($args); } $ac = $acl->get(); $os_storage = 0; if ($args['os_path'] && $args['getimagesize']) { $imagedata = @file_get_contents($args['os_path']); $filename = $args['filename']; $filesize = strlen($imagedata); // this is going to be deleted if it exists $src = '/tmp/deletemenow'; $type = $args['getimagesize']['mime']; $os_storage = 1; } elseif ($args['data'] || $args['content']) { // allow an import from a binary string representing the image. // This bypasses the upload step and max size limit checking $imagedata = $args['content'] ? $args['content'] : $args['data']; $filename = $args['filename']; $filesize = strlen($imagedata); // this is going to be deleted if it exists $src = '/tmp/deletemenow'; $type = $args['mimetype'] ? $args['mimetype'] : $args['type']; } else { $f = array('src' => '', 'filename' => '', 'filesize' => 0, 'type' => ''); // call_hooks('photo_upload_file',$f); if (x($f, 'src') && x($f, 'filesize')) { $src = $f['src']; $filename = $f['filename']; $filesize = $f['filesize']; $type = $f['type']; } else { $src = $_FILES['userfile']['tmp_name']; $filename = basename($_FILES['userfile']['name']); $filesize = intval($_FILES['userfile']['size']); $type = $_FILES['userfile']['type']; } if (!$type) { $type = guess_image_type($filename); } logger('photo_upload: received file: ' . $filename . ' as ' . $src . ' (' . $type . ') ' . $filesize . ' bytes', LOGGER_DEBUG); $maximagesize = get_config('system', 'maximagesize'); if ($maximagesize && $filesize > $maximagesize) { $ret['message'] = sprintf(t('Image exceeds website size limit of %lu bytes'), $maximagesize); @unlink($src); call_hooks('photo_upload_end', $ret); return $ret; } if (!$filesize) { $ret['message'] = t('Image file is empty.'); @unlink($src); call_hooks('photo_post_end', $ret); return $ret; } logger('photo_upload: loading the contents of ' . $src, LOGGER_DEBUG); $imagedata = @file_get_contents($src); } $r = q("select sum(filesize) as total from photo where aid = %d and imgscale = 0 ", intval($account_id)); $limit = engr_units_to_bytes(service_class_fetch($channel_id, 'photo_upload_limit')); if ($r && $limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) { $ret['message'] = upgrade_message(); @unlink($src); call_hooks('photo_post_end', $ret); return $ret; } $ph = photo_factory($imagedata, $type); if (!$ph->is_valid()) { $ret['message'] = t('Unable to process image'); logger('photo_upload: unable to process image'); @unlink($src); call_hooks('photo_upload_end', $ret); return $ret; } $exif = $ph->orient($args['os_path'] ? $args['os_path'] : $src); @unlink($src); $max_length = get_config('system', 'max_image_length'); if (!$max_length) { $max_length = MAX_IMAGE_LENGTH; } if ($max_length > 0) { $ph->scaleImage($max_length); } $width = $ph->getWidth(); $height = $ph->getHeight(); $smallest = 0; $photo_hash = $args['resource_id'] ? $args['resource_id'] : photo_new_resource(); $visitor = ''; if ($channel['channel_hash'] !== $observer['xchan_hash']) { $visitor = $observer['xchan_hash']; } $errors = false; $p = array('aid' => $account_id, 'uid' => $channel_id, 'xchan' => $visitor, 'resource_id' => $photo_hash, 'filename' => $filename, 'album' => $album, 'imgscale' => 0, 'photo_usage' => PHOTO_NORMAL, 'allow_cid' => $ac['allow_cid'], 'allow_gid' => $ac['allow_gid'], 'deny_cid' => $ac['deny_cid'], 'deny_gid' => $ac['deny_gid'], 'os_storage' => $os_storage, 'os_path' => $args['os_path']); if ($args['created']) { $p['created'] = $args['created']; } if ($args['edited']) { $p['edited'] = $args['edited']; } if ($args['title']) { $p['title'] = $args['title']; } if ($args['description']) { $p['description'] = $args['description']; } $link = array(); $r0 = $ph->save($p); $link[0] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/photo/' . $photo_hash . '-0.' . $ph->getExt(), 'width' => $ph->getWidth(), 'height' => $ph->getHeight()); if (!$r0) { $errors = true; } unset($p['os_storage']); unset($p['os_path']); if (($width > 1024 || $height > 1024) && !$errors) { $ph->scaleImage(1024); } $p['imgscale'] = 1; $r1 = $ph->save($p); $link[1] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/photo/' . $photo_hash . '-1.' . $ph->getExt(), 'width' => $ph->getWidth(), 'height' => $ph->getHeight()); if (!$r1) { $errors = true; } if (($width > 640 || $height > 640) && !$errors) { $ph->scaleImage(640); } $p['imgscale'] = 2; $r2 = $ph->save($p); $link[2] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/photo/' . $photo_hash . '-2.' . $ph->getExt(), 'width' => $ph->getWidth(), 'height' => $ph->getHeight()); if (!$r2) { $errors = true; } if (($width > 320 || $height > 320) && !$errors) { $ph->scaleImage(320); } $p['imgscale'] = 3; $r3 = $ph->save($p); $link[3] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/photo/' . $photo_hash . '-3.' . $ph->getExt(), 'width' => $ph->getWidth(), 'height' => $ph->getHeight()); if (!$r3) { $errors = true; } if ($errors) { q("delete from photo where resource_id = '%s' and uid = %d", dbesc($photo_hash), intval($channel_id)); $ret['message'] = t('Photo storage failed.'); logger('photo_upload: photo store failed.'); call_hooks('photo_upload_end', $ret); return $ret; } $item_hidden = $visible ? 0 : 1; $lat = $lon = null; if ($exif && $exif['GPS']) { if (feature_enabled($channel_id, 'photo_location')) { $lat = getGps($exif['GPS']['GPSLatitude'], $exif['GPS']['GPSLatitudeRef']); $lon = getGps($exif['GPS']['GPSLongitude'], $exif['GPS']['GPSLongitudeRef']); } } $title = $args['description'] ? $args['description'] : $args['filename']; $large_photos = feature_enabled($channel['channel_id'], 'large_photos'); linkify_tags($a, $args['body'], $channel_id); if ($large_photos) { $scale = 1; $width = $link[1]['width']; $height = $link[1]['height']; $tag = $r1 ? '[zmg=' . $width . 'x' . $height . ']' : '[zmg]'; } else { $scale = 2; $width = $link[2]['width']; $height = $link[2]['height']; $tag = $r2 ? '[zmg=' . $width . 'x' . $height . ']' : '[zmg]'; } $author_link = '[zrl=' . z_root() . '/channel/' . $channel['channel_address'] . ']' . $channel['channel_name'] . '[/zrl]'; $photo_link = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . t('a new photo') . '[/zrl]'; $album_link = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/album/' . bin2hex($album) . ']' . (strlen($album) ? $album : '/') . '[/zrl]'; $activity_format = sprintf(t('%1$s posted %2$s to %3$s', 'photo_upload'), $author_link, $photo_link, $album_link); $summary = ($args['body'] ? $args['body'] : '') . '[footer]' . $activity_format . '[/footer]'; $obj_body = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . $tag . z_root() . "/photo/{$photo_hash}-{$scale}." . $ph->getExt() . '[/zmg]' . '[/zrl]'; // Create item object $object = array('type' => ACTIVITY_OBJ_PHOTO, 'title' => $title, 'created' => $p['created'], 'edited' => $p['edited'], 'id' => z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash, 'link' => $link, 'body' => $obj_body); $target = array('type' => ACTIVITY_OBJ_ALBUM, 'title' => $album ? $album : '/', 'id' => z_root() . '/photos/' . $channel['channel_address'] . '/album/' . bin2hex($album)); // Create item container if ($args['item']) { foreach ($args['item'] as $i) { $item = get_item_elements($i); $force = false; if ($item['mid'] === $item['parent_mid']) { $item['body'] = $summary; $item['obj_type'] = ACTIVITY_OBJ_PHOTO; $item['obj'] = json_encode($object); $item['tgt_type'] = ACTIVITY_OBJ_ALBUM; $item['target'] = json_encode($target); if ($item['author_xchan'] === $channel['channel_hash']) { $item['sig'] = base64url_encode(rsa_sign($item['body'], $channel['channel_prvkey'])); $item['item_verified'] = 1; } else { $item['sig'] = ''; } $force = true; } $r = q("select id, edited from item where mid = '%s' and uid = %d limit 1", dbesc($item['mid']), intval($channel['channel_id'])); if ($r) { if ($item['edited'] > $r[0]['edited'] || $force) { $item['id'] = $r[0]['id']; $item['uid'] = $channel['channel_id']; item_store_update($item, false, $deliver); continue; } } else { $item['aid'] = $channel['channel_account_id']; $item['uid'] = $channel['channel_id']; $item_result = item_store($item, false, $deliver); } } } else { $mid = item_message_id(); $arr = array(); if ($lat && $lon) { $arr['coord'] = $lat . ' ' . $lon; } $arr['aid'] = $account_id; $arr['uid'] = $channel_id; $arr['mid'] = $mid; $arr['parent_mid'] = $mid; $arr['item_hidden'] = $item_hidden; $arr['resource_type'] = 'photo'; $arr['resource_id'] = $photo_hash; $arr['owner_xchan'] = $channel['channel_hash']; $arr['author_xchan'] = $observer['xchan_hash']; $arr['title'] = $title; $arr['allow_cid'] = $ac['allow_cid']; $arr['allow_gid'] = $ac['allow_gid']; $arr['deny_cid'] = $ac['deny_cid']; $arr['deny_gid'] = $ac['deny_gid']; $arr['verb'] = ACTIVITY_POST; $arr['obj_type'] = ACTIVITY_OBJ_PHOTO; $arr['obj'] = json_encode($object); $arr['tgt_type'] = ACTIVITY_OBJ_ALBUM; $arr['target'] = json_encode($target); $arr['item_wall'] = 1; $arr['item_origin'] = 1; $arr['item_thread_top'] = 1; $arr['item_private'] = intval($acl->is_private()); $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid']; $arr['body'] = $summary; // this one is tricky because the item and the photo have the same permissions, those of the photo. // Use the channel read_stream permissions to get the correct public_policy for the item and recalculate the // private flag accordingly. This may cause subtle bugs due to custom permissions roles. We want to use // public policy when federating items to other sites, but should probably ignore them when accessing the item // in the photos pages - using the photos permissions instead. We need the public policy to keep the photo // linked item from leaking into the feed when somebody has a channel with read_stream restrictions. $arr['public_policy'] = map_scope($channel['channel_r_stream'], true); if ($arr['public_policy']) { $arr['item_private'] = 1; } $result = item_store($arr, false, $deliver); $item_id = $result['item_id']; if ($visible && $deliver) { Zotlabs\Daemon\Master::Summon(array('Notifier', 'wall-new', $item_id)); } } $ret['success'] = true; $ret['item'] = $arr; $ret['body'] = $obj_body; $ret['resource_id'] = $photo_hash; $ret['photoitem_id'] = $item_id; call_hooks('photo_upload_end', $ret); return $ret; }
/** * @brief Creates the directory listing for the given path. * * @param string $path which should be displayed */ public function generateDirectoryIndex($path) { // (owner_id = channel_id) is visitor owner of this directory? $is_owner = local_channel() && $this->auth->owner_id == local_channel() ? true : false; if ($this->auth->getTimezone()) { date_default_timezone_set($this->auth->getTimezone()); } require_once 'include/conversation.php'; require_once 'include/text.php'; if ($this->auth->owner_nick) { $html = profile_tabs(get_app(), $is_owner ? true : false, $this->auth->owner_nick); } $files = $this->server->getPropertiesForPath($path, array('{DAV:}displayname', '{DAV:}resourcetype', '{DAV:}getcontenttype', '{DAV:}getcontentlength', '{DAV:}getlastmodified'), 1); $parent = $this->server->tree->getNodeForPath($path); $parentpath = array(); // only show parent if not leaving /cloud/; TODO how to improve this? if ($path && $path != "cloud") { list($parentUri) = DAV\URLUtil::splitPath($path); $fullPath = DAV\URLUtil::encodePath($this->server->getBaseUri() . $parentUri); $parentpath['icon'] = $this->enableAssets ? '<a href="' . $fullPath . '"><img src="' . $this->getAssetUrl('icons/parent' . $this->iconExtension) . '" width="24" alt="' . t('parent') . '"></a>' : ''; $parentpath['path'] = $fullPath; } $f = array(); foreach ($files as $file) { $ft = array(); $type = null; // This is the current directory, we can skip it if (rtrim($file['href'], '/') == $path) { continue; } list(, $name) = DAV\URLUtil::splitPath($file['href']); if (isset($file[200]['{DAV:}resourcetype'])) { $type = $file[200]['{DAV:}resourcetype']->getValue(); // resourcetype can have multiple values if (!is_array($type)) { $type = array($type); } foreach ($type as $k => $v) { // Some name mapping is preferred switch ($v) { case '{DAV:}collection': $type[$k] = t('Collection'); break; case '{DAV:}principal': $type[$k] = t('Principal'); break; case '{urn:ietf:params:xml:ns:carddav}addressbook': $type[$k] = t('Addressbook'); break; case '{urn:ietf:params:xml:ns:caldav}calendar': $type[$k] = t('Calendar'); break; case '{urn:ietf:params:xml:ns:caldav}schedule-inbox': $type[$k] = t('Schedule Inbox'); break; case '{urn:ietf:params:xml:ns:caldav}schedule-outbox': $type[$k] = t('Schedule Outbox'); break; case '{http://calendarserver.org/ns/}calendar-proxy-read': $type[$k] = 'Proxy-Read'; break; case '{http://calendarserver.org/ns/}calendar-proxy-write': $type[$k] = 'Proxy-Write'; break; } } $type = implode(', ', $type); } // If no resourcetype was found, we attempt to use // the contenttype property if (!$type && isset($file[200]['{DAV:}getcontenttype'])) { $type = $file[200]['{DAV:}getcontenttype']; } if (!$type) { $type = t('Unknown'); } $size = isset($file[200]['{DAV:}getcontentlength']) ? (int) $file[200]['{DAV:}getcontentlength'] : ''; $lastmodified = isset($file[200]['{DAV:}getlastmodified']) ? $file[200]['{DAV:}getlastmodified']->getTime()->format('Y-m-d H:i:s') : ''; $fullPath = DAV\URLUtil::encodePath('/' . trim($this->server->getBaseUri() . ($path ? $path . '/' : '') . $name, '/')); $displayName = isset($file[200]['{DAV:}displayname']) ? $file[200]['{DAV:}displayname'] : $name; $displayName = $this->escapeHTML($displayName); $type = $this->escapeHTML($type); $icon = ''; if ($this->enableAssets) { $node = $this->server->tree->getNodeForPath(($path ? $path . '/' : '') . $name); foreach (array_reverse($this->iconMap) as $class => $iconName) { if ($node instanceof $class) { $icon = '<a href="' . $fullPath . '"><img src="' . $this->getAssetUrl($iconName . $this->iconExtension) . '" alt="" width="24"></a>'; break; } } } $parentHash = ''; $owner = $this->auth->owner_id; $splitPath = split('/', $fullPath); if (count($splitPath) > 3) { for ($i = 3; $i < count($splitPath); $i++) { $attachName = urldecode($splitPath[$i]); $attachHash = $this->findAttachHash($owner, $parentHash, $attachName); $parentHash = $attachHash; } } $attachIcon = ""; // "<a href=\"attach/".$attachHash."\" title=\"".$displayName."\"><i class=\"icon-download\"></i></a>"; // put the array for this file together $ft['attachId'] = $this->findAttachIdByHash($attachHash); $ft['fileStorageUrl'] = substr($fullPath, 0, strpos($fullPath, "cloud/")) . "filestorage/" . $this->auth->getCurrentUser(); $ft['icon'] = $icon; $ft['attachIcon'] = $size ? $attachIcon : ''; // @todo Should this be an item value, not a global one? $ft['is_owner'] = $is_owner; $ft['fullPath'] = $fullPath; $ft['displayName'] = $displayName; $ft['type'] = $type; $ft['size'] = $size; $ft['sizeFormatted'] = userReadableSize($size); $ft['lastmodified'] = $lastmodified ? datetime_convert('UTC', date_default_timezone_get(), $lastmodified) : ''; $ft['iconFromType'] = getIconFromType($type); $f[] = $ft; } // Storage and quota for the account (all channels of the owner of this directory)! $limit = service_class_fetch($owner, 'attach_upload_limit'); $r = q("SELECT SUM(filesize) AS total FROM attach WHERE aid = %d", intval($this->auth->channel_account_id)); $used = $r[0]['total']; if ($used) { $quotaDesc = t('%1$s used'); $quotaDesc = sprintf($quotaDesc, userReadableSize($used)); } if ($limit && $used) { $quotaDesc = t('%1$s used of %2$s (%3$s%)'); $quotaDesc = sprintf($quotaDesc, userReadableSize($used), userReadableSize($limit), round($used / $limit, 1)); } // prepare quota for template $quota = array(); $quota['used'] = $used; $quota['limit'] = $limit; $quota['desc'] = $quotaDesc; $output = ''; if ($this->enablePost) { $this->server->broadcastEvent('onHTMLActionsPanel', array($parent, &$output)); } $html .= replace_macros(get_markup_template('cloud.tpl'), array('$header' => t('Files') . ": " . $this->escapeHTML($path) . "/", '$quota' => $quota, '$total' => t('Total'), '$actionspanel' => $output, '$shared' => t('Shared'), '$create' => t('Create'), '$upload' => t('Upload'), '$is_owner' => $is_owner, '$parentpath' => $parentpath, '$entries' => $f, '$name' => t('Name'), '$type' => t('Type'), '$size' => t('Size'), '$lastmod' => t('Last Modified'), '$parent' => t('parent'), '$edit' => t('Edit'), '$delete' => t('Delete'), '$nick' => $this->auth->getCurrentUser())); $a = get_app(); $a->page['content'] = $html; load_pdl($a); $theme_info_file = "view/theme/" . current_theme() . "/php/theme.php"; if (file_exists($theme_info_file)) { require_once $theme_info_file; if (function_exists(str_replace('-', '_', current_theme()) . '_init')) { $func = str_replace('-', '_', current_theme()) . '_init'; $func($a); } } construct_page($a); }
/** * @brief * * @param array $channel * @param array $observer * @param array $args * @return array */ function photo_upload($channel, $observer, $args) { $ret = array('success' => false); $channel_id = $channel['channel_id']; $account_id = $channel['channel_account_id']; if (!perm_is_allowed($channel_id, $observer['xchan_hash'], 'post_photos')) { $ret['message'] = t('Permission denied.'); return $ret; } call_hooks('photo_upload_begin', $args); /* * Determine the album to use */ $album = $args['album']; $newalbum = $args['newalbum']; logger('photo_upload: album= ' . $album . ' newalbum= ' . $newalbum, LOGGER_DEBUG); if (!$album) { if ($newalbum) { $album = $newalbum; } else { $album = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y-m'); } } if (intval($args['visible']) || $args['visible'] === 'true') { $visible = 1; } else { $visible = 0; } $str_group_allow = perms2str(is_array($args['group_allow']) ? $args['group_allow'] : explode(',', $args['group_allow'])); $str_contact_allow = perms2str(is_array($args['contact_allow']) ? $args['contact_allow'] : explode(',', $args['contact_allow'])); $str_group_deny = perms2str(is_array($args['group_deny']) ? $args['group_deny'] : explode(',', $args['group_deny'])); $str_contact_deny = perms2str(is_array($args['contact_deny']) ? $args['contact_deny'] : explode(',', $args['contact_deny'])); if ($args['data']) { // allow an import from a binary string representing the image. // This bypasses the upload step and max size limit checking $imagedata = $args['data']; $filename = $args['filename']; $filesize = strlen($imagedata); // this is going to be deleted if it exists $src = '/tmp/deletemenow'; $type = $args['type']; } else { $f = array('src' => '', 'filename' => '', 'filesize' => 0, 'type' => ''); call_hooks('photo_upload_file', $f); if (x($f, 'src') && x($f, 'filesize')) { $src = $f['src']; $filename = $f['filename']; $filesize = $f['filesize']; $type = $f['type']; } else { $src = $_FILES['userfile']['tmp_name']; $filename = basename($_FILES['userfile']['name']); $filesize = intval($_FILES['userfile']['size']); $type = $_FILES['userfile']['type']; } if (!$type) { $type = guess_image_type($filename); } logger('photo_upload: received file: ' . $filename . ' as ' . $src . ' (' . $type . ') ' . $filesize . ' bytes', LOGGER_DEBUG); $maximagesize = get_config('system', 'maximagesize'); if ($maximagesize && $filesize > $maximagesize) { $ret['message'] = sprintf(t('Image exceeds website size limit of %lu bytes'), $maximagesize); @unlink($src); call_hooks('photo_upload_end', $ret); return $ret; } if (!$filesize) { $ret['message'] = t('Image file is empty.'); @unlink($src); call_hooks('photo_post_end', $ret); return $ret; } logger('photo_upload: loading the contents of ' . $src, LOGGER_DEBUG); $imagedata = @file_get_contents($src); } $r = q("select sum(size) as total from photo where aid = %d and scale = 0 ", intval($account_id)); $limit = service_class_fetch($channel_id, 'photo_upload_limit'); if ($r && $limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) { $ret['message'] = upgrade_message(); @unlink($src); call_hooks('photo_post_end', $ret); return $ret; } $ph = photo_factory($imagedata, $type); if (!$ph->is_valid()) { $ret['message'] = t('Unable to process image'); logger('photo_upload: unable to process image'); @unlink($src); call_hooks('photo_upload_end', $ret); return $ret; } $exif = $ph->orient($src); @unlink($src); $max_length = get_config('system', 'max_image_length'); if (!$max_length) { $max_length = MAX_IMAGE_LENGTH; } if ($max_length > 0) { $ph->scaleImage($max_length); } $width = $ph->getWidth(); $height = $ph->getHeight(); $smallest = 0; $photo_hash = $args['resource_id'] ? $args['resource_id'] : photo_new_resource(); $visitor = ''; if ($channel['channel_hash'] !== $observer['xchan_hash']) { $visitor = $observer['xchan_hash']; } $errors = false; $p = array('aid' => $account_id, 'uid' => $channel_id, 'xchan' => $visitor, 'resource_id' => $photo_hash, 'filename' => $filename, 'album' => $album, 'scale' => 0, 'photo_flags' => PHOTO_NORMAL, 'allow_cid' => $str_contact_allow, 'allow_gid' => $str_group_allow, 'deny_cid' => $str_contact_deny, 'deny_gid' => $str_group_deny); if ($args['created']) { $p['created'] = $args['created']; } if ($args['edited']) { $p['edited'] = $args['edited']; } if ($args['title']) { $p['title'] = $args['title']; } if ($args['description']) { $p['description'] = $args['description']; } $r1 = $ph->save($p); if (!$r1) { $errors = true; } if (($width > 640 || $height > 640) && !$errors) { $ph->scaleImage(640); $p['scale'] = 1; $r2 = $ph->save($p); $smallest = 1; if (!$r2) { $errors = true; } } if (($width > 320 || $height > 320) && !$errors) { $ph->scaleImage(320); $p['scale'] = 2; $r3 = $ph->save($p); $smallest = 2; if (!$r3) { $errors = true; } } if ($errors) { q("delete from photo where resource_id = '%s' and uid = %d", dbesc($photo_hash), intval($channel_id)); $ret['message'] = t('Photo storage failed.'); logger('photo_upload: photo store failed.'); call_hooks('photo_upload_end', $ret); return $ret; } // This will be the width and height of the smallest representation $width_x_height = $ph->getWidth() . 'x' . $ph->getHeight(); $mid = item_message_id(); // Create item container $lat = $lon = null; if ($exif && $exif['GPS']) { if (feature_enabled($channel_id, 'photo_location')) { $lat = getGps($exif['GPS']['GPSLatitude'], $exif['GPS']['GPSLatitudeRef']); $lon = getGps($exif['GPS']['GPSLongitude'], $exif['GPS']['GPSLongitudeRef']); } } $item_flags = ITEM_WALL | ITEM_ORIGIN | ITEM_THREAD_TOP; $item_restrict = $visible ? ITEM_VISIBLE : ITEM_HIDDEN; $title = ''; $mid = item_message_id(); $arr = array(); if ($lat && $lon) { $arr['coord'] = $lat . ' ' . $lon; } $arr['aid'] = $account_id; $arr['uid'] = $channel_id; $arr['mid'] = $mid; $arr['parent_mid'] = $mid; $arr['item_flags'] = $item_flags; $arr['item_restrict'] = $item_restrict; $arr['resource_type'] = 'photo'; $arr['resource_id'] = $photo_hash; $arr['owner_xchan'] = $channel['channel_hash']; $arr['author_xchan'] = $observer['xchan_hash']; $arr['title'] = $title; $arr['allow_cid'] = $str_contact_allow; $arr['allow_gid'] = $str_group_allow; $arr['deny_cid'] = $str_contact_deny; $arr['deny_gid'] = $str_group_deny; $arr['verb'] = ACTIVITY_POST; $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid']; // We should also put a width_x_height on large photos. Left as an exercise for // devs looking fo simple stuff to fix. $larger = feature_enabled($channel['channel_id'], 'large_photos'); if ($larger) { $tag = '[zmg]'; if ($r2) { $smallest = 1; } else { $smallest = 0; } } else { if ($width_x_height) { $tag = '[zmg=' . $width_x_height . ']'; } else { $tag = '[zmg]'; } } $arr['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . $tag . z_root() . "/photo/{$photo_hash}-{$smallest}." . $ph->getExt() . '[/zmg]' . '[/zrl]'; $result = item_store($arr); $item_id = $result['item_id']; if ($visible) { proc_run('php', "include/notifier.php", 'wall-new', $item_id); } $ret['success'] = true; $ret['item'] = $arr; $ret['body'] = $arr['body']; $ret['resource_id'] = $photo_hash; $ret['photoitem_id'] = $item_id; call_hooks('photo_upload_end', $ret); return $ret; }
function poller_run($argv, $argc) { cli_startup(); $a = get_app(); $maxsysload = intval(get_config('system', 'maxloadavg')); if ($maxsysload < 1) { $maxsysload = 50; } if (function_exists('sys_getloadavg')) { $load = sys_getloadavg(); if (intval($load[0]) > $maxsysload) { logger('system: load ' . $load . ' too high. Poller deferred to next scheduled run.'); return; } } $interval = intval(get_config('system', 'poll_interval')); if (!$interval) { $interval = get_config('system', 'delivery_interval') === false ? 3 : intval(get_config('system', 'delivery_interval')); } // Check for a lockfile. If it exists, but is over an hour old, it's stale. Ignore it. $lockfile = 'store/[data]/poller'; if (file_exists($lockfile) && filemtime($lockfile) > time() - 3600 && !get_config('system', 'override_poll_lockfile')) { logger("poller: Already running"); return; } // Create a lockfile. Needs two vars, but $x doesn't need to contain anything. file_put_contents($lockfile, $x); logger('poller: start'); // run queue delivery process in the background proc_run('php', "include/queue.php"); // maintenance for mod sharedwithme - check for updated items and remove them require_once 'include/sharedwithme.php'; apply_updates(); // expire any expired mail q("delete from mail where expires != '%s' and expires < %s ", dbesc(NULL_DATE), db_utcnow()); // expire any expired items $r = q("select id from item where expires != '%s' and expires < %s \n\t\tand item_deleted = 0 ", dbesc(NULL_DATE), db_utcnow()); if ($r) { require_once 'include/items.php'; foreach ($r as $rr) { drop_item($rr['id'], false); } } // Ensure that every channel pings a directory server once a month. This way we can discover // channels and sites that quietly vanished and prevent the directory from accumulating stale // or dead entries. $r = q("select channel_id from channel where channel_dirdate < %s - INTERVAL %s", db_utcnow(), db_quoteinterval('30 DAY')); if ($r) { foreach ($r as $rr) { proc_run('php', 'include/directory.php', $rr['channel_id'], 'force'); if ($interval) { @time_sleep_until(microtime(true) + (double) $interval); } } } // publish any applicable items that were set to be published in the future // (time travel posts). Restrict to items that have come of age in the last // couple of days to limit the query to something reasonable. $r = q("select id from item where item_delayed = 1 and created <= %s and created > '%s' ", db_utcnow(), dbesc(datetime_convert('UTC', 'UTC', 'now - 2 days'))); if ($r) { foreach ($r as $rr) { $x = q("update item set item_delayed = 0 where id = %d", intval($rr['id'])); if ($x) { proc_run('php', 'include/notifier.php', 'wall-new', $rr['id']); } } } $abandon_days = intval(get_config('system', 'account_abandon_days')); if ($abandon_days < 1) { $abandon_days = 0; } // once daily run birthday_updates and then expire in background // FIXME: add birthday updates, both locally and for xprof for use // by directory servers $d1 = intval(get_config('system', 'last_expire_day')); $d2 = intval(datetime_convert('UTC', 'UTC', 'now', 'd')); // Allow somebody to staggger daily activities if they have more than one site on their server, // or if it happens at an inconvenient (busy) hour. $h1 = intval(get_config('system', 'cron_hour')); $h2 = intval(datetime_convert('UTC', 'UTC', 'now', 'G')); $dirmode = get_config('system', 'directory_mode'); /** * Cron Daily * * Actions in the following block are executed once per day, not on every poller run * */ if ($d2 != $d1 && $h1 == $h2) { require_once 'include/dir_fns.php'; check_upstream_directory(); call_hooks('cron_daily', datetime_convert()); $d3 = intval(datetime_convert('UTC', 'UTC', 'now', 'N')); if ($d3 == 7) { /** * Cron Weekly * * Actions in the following block are executed once per day only on Sunday (once per week). * */ call_hooks('cron_weekly', datetime_convert()); z_check_cert(); require_once 'include/hubloc.php'; prune_hub_reinstalls(); require_once 'include/Contact.php'; mark_orphan_hubsxchans(); // get rid of really old poco records q("delete from xlink where xlink_updated < %s - INTERVAL %s and xlink_static = 0 ", db_utcnow(), db_quoteinterval('14 DAY')); $dirmode = intval(get_config('system', 'directory_mode')); if ($dirmode === DIRECTORY_MODE_SECONDARY || $dirmode === DIRECTORY_MODE_PRIMARY) { logger('regdir: ' . print_r(z_fetch_url(get_directory_primary() . '/regdir?f=&url=' . urlencode(z_root()) . '&realm=' . urlencode(get_directory_realm())), true)); } // Check for dead sites proc_run('php', 'include/checksites.php'); // update searchable doc indexes proc_run('php', 'include/importdoc.php'); /** * End Cron Weekly */ } update_birthdays(); //update statistics in config require_once 'include/statistics_fns.php'; update_channels_total_stat(); update_channels_active_halfyear_stat(); update_channels_active_monthly_stat(); update_local_posts_stat(); // expire any read notifications over a month old q("delete from notify where seen = 1 and date < %s - INTERVAL %s", db_utcnow(), db_quoteinterval('30 DAY')); // expire old delivery reports $keep_reports = intval(get_config('system', 'expire_delivery_reports')); if ($keep_reports === 0) { $keep_reports = 30; } q("delete from dreport where dreport_time < %s - INTERVAL %s", db_utcnow(), db_quoteinterval($keep_reports . ' DAY')); // expire any expired accounts downgrade_accounts(); // If this is a directory server, request a sync with an upstream // directory at least once a day, up to once every poll interval. // Pull remote changes and push local changes. // potential issue: how do we keep from creating an endless update loop? if ($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) { require_once 'include/dir_fns.php'; sync_directories($dirmode); } set_config('system', 'last_expire_day', $d2); proc_run('php', 'include/expire.php'); proc_run('php', 'include/cli_suggest.php'); require_once 'include/hubloc.php'; remove_obsolete_hublocs(); /** * End Cron Daily */ } // update any photos which didn't get imported properly // This should be rare $r = q("select xchan_photo_l, xchan_hash from xchan where xchan_photo_l != '' and xchan_photo_m = '' \n\t\tand xchan_photo_date < %s - INTERVAL %s", db_utcnow(), db_quoteinterval('1 DAY')); if ($r) { require_once 'include/photo/photo_driver.php'; foreach ($r as $rr) { $photos = import_xchan_photo($rr['xchan_photo_l'], $rr['xchan_hash']); $x = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s'\n\t\t\t\twhere xchan_hash = '%s'", dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), dbesc($photos[3]), dbesc($rr['xchan_hash'])); } } // pull in some public posts if (!get_config('system', 'disable_discover_tab')) { proc_run('php', 'include/externals.php'); } $manual_id = 0; $generation = 0; $force = false; $restart = false; if ($argc > 1 && $argv[1] == 'force') { $force = true; } if ($argc > 1 && $argv[1] == 'restart') { $restart = true; $generation = intval($argv[2]); if (!$generation) { killme(); } } if ($argc > 1 && intval($argv[1])) { $manual_id = intval($argv[1]); $force = true; } $sql_extra = $manual_id ? " AND abook_id = " . intval($manual_id) . " " : ""; reload_plugins(); $d = datetime_convert(); // TODO check to see if there are any cronhooks before wasting a process if (!$restart) { proc_run('php', 'include/cronhooks.php'); } // Only poll from those with suitable relationships $abandon_sql = $abandon_days ? sprintf(" AND account_lastlog > %s - INTERVAL %s ", db_utcnow(), db_quoteinterval(intval($abandon_days) . ' DAY')) : ''; $randfunc = db_getfunc('RAND'); $contacts = q("SELECT * FROM abook LEFT JOIN xchan on abook_xchan = xchan_hash \n\t\tLEFT JOIN account on abook_account = account_id\n\t\twhere abook_self = 0\n\t\t{$sql_extra} \n\t\tAND (( account_flags = %d ) OR ( account_flags = %d )) {$abandon_sql} ORDER BY {$randfunc}", intval(ACCOUNT_OK), intval(ACCOUNT_UNVERIFIED)); if ($contacts) { foreach ($contacts as $contact) { $update = false; $t = $contact['abook_updated']; $c = $contact['abook_connected']; if (intval($contact['abook_feed'])) { $min = service_class_fetch($contact['abook_channel'], 'minimum_feedcheck_minutes'); if (!$min) { $min = intval(get_config('system', 'minimum_feedcheck_minutes')); } if (!$min) { $min = 60; } $x = datetime_convert('UTC', 'UTC', "now - {$min} minutes"); if ($c < $x) { proc_run('php', 'include/onepoll.php', $contact['abook_id']); if ($interval) { @time_sleep_until(microtime(true) + (double) $interval); } } continue; } if ($contact['xchan_network'] !== 'zot') { continue; } if ($c == $t) { if (datetime_convert('UTC', 'UTC', 'now') > datetime_convert('UTC', 'UTC', $t . " + 1 day")) { $update = true; } } else { // if we've never connected with them, start the mark for death countdown from now if ($c == NULL_DATE) { $r = q("update abook set abook_connected = '%s' where abook_id = %d", dbesc(datetime_convert()), intval($contact['abook_id'])); $c = datetime_convert(); $update = true; } // He's dead, Jim if (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $c . " + 30 day")) > 0) { $r = q("update abook set abook_archived = 1 where abook_id = %d", intval($contact['abook_id'])); $update = false; continue; } if (intval($contact['abook_archived'])) { $update = false; continue; } // might be dead, so maybe don't poll quite so often // recently deceased, so keep up the regular schedule for 3 days if (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $c . " + 3 day")) > 0 && strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $t . " + 1 day")) > 0) { $update = true; } // After that back off and put them on a morphine drip if (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $t . " + 2 day")) > 0) { $update = true; } } if (intval($contact['abook_pending']) || intval($contact['abook_archived']) || intval($contact['abook_ignored']) || intval($contact['abook_blocked'])) { continue; } if (!$update && !$force) { continue; } proc_run('php', 'include/onepoll.php', $contact['abook_id']); if ($interval) { @time_sleep_until(microtime(true) + (double) $interval); } } } if ($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) { $r = q("SELECT u.ud_addr, u.ud_id, u.ud_last FROM updates AS u INNER JOIN (SELECT ud_addr, max(ud_id) AS ud_id FROM updates WHERE ( ud_flags & %d ) = 0 AND ud_addr != '' AND ( ud_last = '%s' OR ud_last > %s - INTERVAL %s ) GROUP BY ud_addr) AS s ON s.ud_id = u.ud_id ", intval(UPDATE_FLAGS_UPDATED), dbesc(NULL_DATE), db_utcnow(), db_quoteinterval('7 DAY')); if ($r) { foreach ($r as $rr) { // If they didn't respond when we attempted before, back off to once a day // After 7 days we won't bother anymore if ($rr['ud_last'] != NULL_DATE) { if ($rr['ud_last'] > datetime_convert('UTC', 'UTC', 'now - 1 day')) { continue; } } proc_run('php', 'include/onedirsync.php', $rr['ud_id']); if ($interval) { @time_sleep_until(microtime(true) + (double) $interval); } } } } set_config('system', 'lastpoll', datetime_convert()); //All done - clear the lockfile @unlink($lockfile); return; }
/** * @brief Updates the data of the file. * * @param resource $data * @return void */ public function put($data) { logger('put file: ' . basename($this->name), LOGGER_DEBUG); $size = 0; // @todo only 3 values are needed $c = q("SELECT * FROM channel WHERE channel_id = %d AND (channel_pageflags & %d) = 0 LIMIT 1", intval($this->auth->owner_id), intval(PAGE_REMOVED)); $r = q("SELECT flags, folder, data FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($this->data['hash']), intval($c[0]['channel_id'])); if ($r) { if ($r[0]['flags'] & ATTACH_FLAG_OS) { $fname = dbunescbin($r[0]['data']); $f = 'store/' . $this->auth->owner_nick . '/' . ($fname ? $fname : ''); // @todo check return value and set $size directly @file_put_contents($f, $data); $size = @filesize($f); logger('filename: ' . $f . ' size: ' . $size, LOGGER_DEBUG); } else { $r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d", dbescbin(stream_get_contents($data)), dbesc($this->data['hash']), intval($this->data['uid'])); $r = q("SELECT length(data) AS fsize FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($this->data['hash']), intval($this->data['uid'])); if ($r) { $size = $r[0]['fsize']; } } } // returns now() $edited = datetime_convert(); $d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($size), dbesc($edited), dbesc($this->data['hash']), intval($c[0]['channel_id'])); // update the folder's lastmodified timestamp $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($edited), dbesc($r[0]['folder']), intval($c[0]['channel_id'])); // @todo do we really want to remove the whole file if an update fails // because of maxfilesize or quota? // There is an Exception "InsufficientStorage" or "PaymentRequired" for // our service class from SabreDAV we could use. $maxfilesize = get_config('system', 'maxfilesize'); if ($maxfilesize && $size > $maxfilesize) { attach_delete($c[0]['channel_id'], $this->data['hash']); return; } $limit = service_class_fetch($c[0]['channel_id'], 'attach_upload_limit'); if ($limit !== false) { $x = q("select sum(filesize) as total from attach where aid = %d ", intval($c[0]['channel_account_id'])); if ($x && $x[0]['total'] + $size > $limit) { logger('service class limit exceeded for ' . $c[0]['channel_name'] . ' total usage is ' . $x[0]['total'] . ' limit is ' . $limit); attach_delete($c[0]['channel_id'], $this->data['hash']); return; } } }
/** * @brief Creates a form to add new folders and upload files. * * @param \Sabre\DAV\INode $node * @param string &$output */ public function htmlActionsPanel(DAV\INode $node, &$output, $path) { if (!$node instanceof DAV\ICollection) { return; } // We also know fairly certain that if an object is a non-extended // SimpleCollection, we won't need to show the panel either. if (get_class($node) === 'Sabre\\DAV\\SimpleCollection') { return; } require_once 'include/acl_selectors.php'; $aclselect = null; $lockstate = ''; if ($this->auth->owner_id) { $channel = channelx_by_n($this->auth->owner_id); if ($channel) { $acl = new \Zotlabs\Access\AccessList($channel); $channel_acl = $acl->get(); $lockstate = $acl->is_private() ? 'lock' : 'unlock'; $aclselect = local_channel() == $this->auth->owner_id ? populate_acl($channel_acl, false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_storage')) : ''; } } // Storage and quota for the account (all channels of the owner of this directory)! $limit = engr_units_to_bytes(service_class_fetch($owner, 'attach_upload_limit')); $r = q("SELECT SUM(filesize) AS total FROM attach WHERE aid = %d", intval($this->auth->channel_account_id)); $used = $r[0]['total']; if ($used) { $quotaDesc = t('You are using %1$s of your available file storage.'); $quotaDesc = sprintf($quotaDesc, userReadableSize($used)); } if ($limit && $used) { $quotaDesc = t('You are using %1$s of %2$s available file storage. (%3$s%)'); $quotaDesc = sprintf($quotaDesc, userReadableSize($used), userReadableSize($limit), round($used / $limit, 1) * 100); } // prepare quota for template $quota = array(); $quota['used'] = $used; $quota['limit'] = $limit; $quota['desc'] = $quotaDesc; $quota['warning'] = $limit && round($used / $limit, 1) * 100 >= 90 ? t('WARNING:') : ''; // 10485760 bytes = 100MB $path = trim(str_replace('cloud/' . $this->auth->owner_nick, '', $path), '/'); $output .= replace_macros(get_markup_template('cloud_actionspanel.tpl'), array('$folder_header' => t('Create new folder'), '$folder_submit' => t('Create'), '$upload_header' => t('Upload file'), '$upload_submit' => t('Upload'), '$quota' => $quota, '$channick' => $this->auth->owner_nick, '$aclselect' => $aclselect, '$allow_cid' => acl2json($channel_acl['allow_cid']), '$allow_gid' => acl2json($channel_acl['allow_gid']), '$deny_cid' => acl2json($channel_acl['deny_cid']), '$deny_gid' => acl2json($channel_acl['deny_gid']), '$lockstate' => $lockstate, '$return_url' => \App::$cmd, '$path' => $path, '$folder' => find_folder_hash_by_path($this->auth->owner_id, $path), '$dragdroptext' => t('Drop files here to immediately upload'))); }
/** * @brief Updates the data of the file. * * @param resource $data * @return void */ public function put($data) { logger('put file: ' . basename($this->name), LOGGER_DEBUG); $size = 0; // @todo only 3 values are needed $c = q("SELECT * FROM channel WHERE channel_id = %d AND channel_removed = 0 LIMIT 1", intval($this->auth->owner_id)); $is_photo = false; $album = ''; $r = q("SELECT flags, folder, os_storage, filename, is_photo FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($this->data['hash']), intval($c[0]['channel_id'])); if ($r) { if (intval($r[0]['os_storage'])) { $d = q("select folder, data from attach where hash = '%s' and uid = %d limit 1", dbesc($this->data['hash']), intval($c[0]['channel_id'])); if ($d) { if ($d[0]['folder']) { $f1 = q("select * from attach where is_dir = 1 and hash = '%s' and uid = %d limit 1", dbesc($d[0]['folder']), intval($c[0]['channel_id'])); if ($f1) { $album = $f1[0]['filename']; $direct = $f1[0]; } } $fname = dbunescbin($d[0]['data']); $f = 'store/' . $this->auth->owner_nick . '/' . ($fname ? $fname : ''); // @todo check return value and set $size directly @file_put_contents($f, $data); $size = @filesize($f); logger('filename: ' . $f . ' size: ' . $size, LOGGER_DEBUG); } $gis = @getimagesize($f); logger('getimagesize: ' . print_r($gis, true), LOGGER_DATA); if ($gis && ($gis[2] === IMAGETYPE_GIF || $gis[2] === IMAGETYPE_JPEG || $gis[2] === IMAGETYPE_PNG)) { $is_photo = 1; } } else { // this shouldn't happen any more $r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d", dbescbin(stream_get_contents($data)), dbesc($this->data['hash']), intval($this->data['uid'])); $r = q("SELECT length(data) AS fsize FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($this->data['hash']), intval($this->data['uid'])); if ($r) { $size = $r[0]['fsize']; } } } // returns now() $edited = datetime_convert(); $d = q("UPDATE attach SET filesize = '%s', is_photo = %d, edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($size), intval($is_photo), dbesc($edited), dbesc($this->data['hash']), intval($c[0]['channel_id'])); if ($is_photo) { require_once 'include/photos.php'; $args = array('resource_id' => $this->data['hash'], 'album' => $album, 'os_path' => $f, 'filename' => $r[0]['filename'], 'getimagesize' => $gis, 'directory' => $direct); $p = photo_upload($c[0], get_app()->get_observer(), $args); } // update the folder's lastmodified timestamp $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($edited), dbesc($r[0]['folder']), intval($c[0]['channel_id'])); // @todo do we really want to remove the whole file if an update fails // because of maxfilesize or quota? // There is an Exception "InsufficientStorage" or "PaymentRequired" for // our service class from SabreDAV we could use. $maxfilesize = get_config('system', 'maxfilesize'); if ($maxfilesize && $size > $maxfilesize) { attach_delete($c[0]['channel_id'], $this->data['hash']); return; } $limit = service_class_fetch($c[0]['channel_id'], 'attach_upload_limit'); if ($limit !== false) { $x = q("select sum(filesize) as total from attach where aid = %d ", intval($c[0]['channel_account_id'])); if ($x && $x[0]['total'] + $size > $limit) { logger('service class limit exceeded for ' . $c[0]['channel_name'] . ' total usage is ' . $x[0]['total'] . ' limit is ' . $limit); attach_delete($c[0]['channel_id'], $this->data['hash']); return; } } }
function wall_upload_post(&$a) { logger("wall upload: starting new upload", LOGGER_DEBUG); if ($a->argc > 1) { if (!x($_FILES, 'media')) { $nick = $a->argv[1]; $r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($nick)); if (!count($r)) { return; } } else { $user_info = api_get_user($a); $r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($user_info['screen_name'])); } } else { return; } $can_post = false; $visitor = 0; $page_owner_uid = $r[0]['uid']; $default_cid = $r[0]['id']; $page_owner_nick = $r[0]['nickname']; $community_page = $r[0]['page-flags'] == PAGE_COMMUNITY ? true : false; if (local_user() && local_user() == $page_owner_uid) { $can_post = true; } else { if ($community_page && remote_user()) { $cid = 0; if (is_array($_SESSION['remote'])) { foreach ($_SESSION['remote'] as $v) { if ($v['uid'] == $page_owner_uid) { $cid = $v['cid']; break; } } } if ($cid) { $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($cid), intval($page_owner_uid)); if (count($r)) { $can_post = true; $visitor = $cid; } } } } if (!$can_post) { notice(t('Permission denied.') . EOL); killme(); } if (!x($_FILES, 'userfile') && !x($_FILES, 'media')) { killme(); } if (x($_FILES, 'userfile')) { $src = $_FILES['userfile']['tmp_name']; $filename = basename($_FILES['userfile']['name']); $filesize = intval($_FILES['userfile']['size']); $filetype = $_FILES['userfile']['type']; } elseif (x($_FILES, 'media')) { $src = $_FILES['media']['tmp_name']; $filename = basename($_FILES['media']['name']); $filesize = intval($_FILES['media']['size']); $filetype = $_FILES['media']['type']; } if ($filetype == "") { $filetype = guess_image_type($filename); } $maximagesize = get_config('system', 'maximagesize'); if ($maximagesize && $filesize > $maximagesize) { echo sprintf(t('Image exceeds size limit of %d'), $maximagesize) . EOL; @unlink($src); killme(); } $r = q("select sum(octet_length(data)) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ", intval($page_owner_uid)); $limit = service_class_fetch($page_owner_uid, 'photo_upload_limit'); if ($limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) { echo upgrade_message(true) . EOL; @unlink($src); killme(); } $imagedata = @file_get_contents($src); $ph = new Photo($imagedata, $filetype); if (!$ph->is_valid()) { echo t('Unable to process image.') . EOL; @unlink($src); killme(); } $ph->orient($src); @unlink($src); $max_length = get_config('system', 'max_image_length'); if (!$max_length) { $max_length = MAX_IMAGE_LENGTH; } if ($max_length > 0) { $ph->scaleImage($max_length); } $width = $ph->getWidth(); $height = $ph->getHeight(); $hash = photo_new_resource(); $smallest = 0; $defperm = '<' . $default_cid . '>'; $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, $defperm); if (!$r) { echo t('Image upload failed.') . EOL; killme(); } if ($width > 640 || $height > 640) { $ph->scaleImage(640); $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, $defperm); if ($r) { $smallest = 1; } } if ($width > 320 || $height > 320) { $ph->scaleImage(320); $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, $defperm); if ($r) { $smallest = 2; } } $basename = basename($filename); /* mod Waitman Gobble NO WARRANTY */ //if we get the signal then return the image url info in BBCODE, otherwise this outputs the info and bails (for the ajax image uploader on wall post) if ($_REQUEST['hush'] != 'yeah') { if (local_user() && (!feature_enabled(local_user(), 'richtext') || x($_REQUEST['nomce']))) { echo "\n\n" . '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "[/img][/url]\n\n"; } else { echo '<br /><br /><a href="' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '" ><img src="' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "\" alt=\"{$basename}\" /></a><br /><br />"; } } else { $m = '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "[/img][/url]"; return $m; } /* mod Waitman Gobble NO WARRANTY */ killme(); // NOTREACHED }
/** * @brief * * @param $channel channel array of owner * @param $observer_hash hash of current observer * @param $options (optional) * @param $arr (optional) */ function attach_store($channel, $observer_hash, $options = '', $arr = null) { $ret = array('success' => false); $channel_id = $channel['channel_id']; $sql_options = ''; if (!perm_is_allowed($channel_id, get_observer_hash(), 'write_storage')) { $ret['message'] = t('Permission denied.'); return $ret; } // The 'update' option sets db values without uploading a new attachment // 'replace' replaces the existing uploaded data // 'revision' creates a new revision with new upload data // Default is to upload a new file // revise or update must provide $arr['hash'] of the thing to revise/update if ($options !== 'update') { if (!x($_FILES, 'userfile')) { $ret['message'] = t('No source file.'); return $ret; } $src = $_FILES['userfile']['tmp_name']; $filename = basename($_FILES['userfile']['name']); $filesize = intval($_FILES['userfile']['size']); } $existing_size = 0; if ($options === 'replace') { $x = q("select id, hash, filesize from attach where id = %d and uid = %d limit 1", intval($replace), intval($channel_id)); if (!$x) { $ret['message'] = t('Cannot locate file to replace'); return $ret; } $existing_id = $x[0]['id']; $existing_size = intval($x[0]['filesize']); $hash = $x[0]['hash']; } if ($options === 'revise' || $options === 'update') { $sql_options = " order by revision desc "; if ($options === 'update' && $arr && array_key_exists('revision', $arr)) { $sql_options = " and revision = " . intval($arr['revision']) . " "; } $x = q("select id, aid, uid, filename, filetype, filesize, hash, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where hash = '%s' and uid = %d {$sql_options} limit 1", dbesc($arr['hash']), intval($channel_id)); if (!$x) { $ret['message'] = t('Cannot locate file to revise/update'); return $ret; } $hash = $x[0]['hash']; } // Check storage limits if ($options !== 'update') { $maxfilesize = get_config('system', 'maxfilesize'); if ($maxfilesize && $filesize > $maxfilesize) { $ret['message'] = sprintf(t('File exceeds size limit of %d'), $maxfilesize); @unlink($src); return $ret; } $limit = service_class_fetch($channel_id, 'attach_upload_limit'); if ($limit !== false) { $r = q("select sum(filesize) as total from attach where aid = %d ", intval($channel['channel_account_id'])); if ($r && $r[0]['total'] + $filesize > $limit - $existing_size) { $ret['message'] = upgrade_message(true) . sprintf(t("You have reached your limit of %1\$.0f Mbytes attachment storage."), $limit / 1024000); @unlink($src); return $ret; } } $mimetype = z_mime_content_type($filename); } if (!isset($hash)) { $hash = random_string(); } $created = datetime_convert(); if ($options === 'replace') { $r = q("update attach set filename = '%s', filetype = '%s', filesize = %d, data = '%s', edited = '%s' where id = %d and uid = %d limit 1", dbesc($filename), dbesc($mimetype), intval($filesize), dbesc(@file_get_contents($src)), dbesc($created), intval($existing_id), intval($channel_id)); } elseif ($options === 'revise') { $r = q("insert into attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($x[0]['aid']), intval($channel_id), dbesc($x[0]['hash']), dbesc(get_observer_hash()), dbesc($filename), dbesc($mimetype), intval($filesize), intval($x[0]['revision'] + 1), dbesc(@file_get_contents($src)), dbesc($created), dbesc($created), dbesc($x[0]['allow_cid']), dbesc($x[0]['allow_gid']), dbesc($x[0]['deny_cid']), dbesc($x[0]['deny_gid'])); } elseif ($options === 'update') { $r = q("update attach set filename = '%s', filetype = '%s', edited = '%s', \n\t\t\tallow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d limit 1", dbesc(array_key_exists('filename', $arr) ? $arr['filename'] : $x[0]['filename']), dbesc(array_key_exists('filetype', $arr) ? $arr['filetype'] : $x[0]['filetype']), dbesc($created), dbesc(array_key_exists('allow_cid', $arr) ? $arr['allow_cid'] : $x[0]['allow_cid']), dbesc(array_key_exists('allow_gid', $arr) ? $arr['allow_gid'] : $x[0]['allow_gid']), dbesc(array_key_exists('deny_cid', $arr) ? $arr['deny_cid'] : $x[0]['deny_cid']), dbesc(array_key_exists('deny_gid', $arr) ? $arr['deny_gid'] : $x[0]['deny_gid']), intval($x[0]['id']), intval($x[0]['uid'])); } else { $r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid,deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel_id), dbesc($hash), dbesc(get_observer_hash()), dbesc($filename), dbesc($mimetype), intval($filesize), intval(0), dbesc(@file_get_contents($src)), dbesc($created), dbesc($created), dbesc($arr && array_key_exists('allow_cid', $arr) ? $arr['allow_cid'] : '<' . $channel['channel_hash'] . '>'), dbesc($arr && array_key_exists('allow_gid', $arr) ? $arr['allow_gid'] : ''), dbesc($arr && array_key_exists('deny_cid', $arr) ? $arr['deny_cid'] : ''), dbesc($arr && array_key_exists('deny_gid', $arr) ? $arr['deny_gid'] : '')); } if ($options !== 'update') { @unlink($src); } if (!$r) { $ret['message'] = t('File upload failed. Possible system limit or action terminated.'); return $ret; } // Caution: This re-uses $sql_options set further above $r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' {$sql_options} limit 1", intval($channel_id), dbesc($hash)); if (!$r) { $ret['message'] = t('Stored file could not be verified. Upload failed.'); return $ret; } $ret['success'] = true; $ret['data'] = $r[0]; return $ret; }
public static function run($argc, $argv) { cli_startup(); // perform final cleanup on previously delete items $r = q("select id from item where item_deleted = 1 and item_pending_remove = 0 and changed < %s - INTERVAL %s", db_utcnow(), db_quoteinterval('10 DAY')); if ($r) { foreach ($r as $rr) { drop_item($rr['id'], false, DROPITEM_PHASE2); } } // physically remove anything that has been deleted for more than two months /** @FIXME - this is a wretchedly inefficient query */ $r = q("delete from item where item_pending_remove = 1 and changed < %s - INTERVAL %s", db_utcnow(), db_quoteinterval('36 DAY')); /** @FIXME make this optional as it could have a performance impact on large sites */ if (intval(get_config('system', 'optimize_items'))) { q("optimize table item"); } logger('expire: start', LOGGER_DEBUG); $site_expire = get_config('system', 'default_expire_days'); logger('site_expire: ' . $site_expire); $r = q("SELECT channel_id, channel_system, channel_address, channel_expire_days from channel where true"); if ($r) { foreach ($r as $rr) { // expire the sys channel separately if (intval($rr['channel_system'])) { continue; } // service class default (if non-zero) over-rides the site default $service_class_expire = service_class_fetch($rr['channel_id'], 'expire_days'); if (intval($service_class_expire)) { $channel_expire = $service_class_expire; } else { $channel_expire = $site_expire; } if (intval($channel_expire) && intval($channel_expire) < intval($rr['channel_expire_days']) || intval($rr['channel_expire_days'] == 0)) { $expire_days = $channel_expire; } else { $expire_days = $rr['channel_expire_days']; } // if the site or service class expiration is non-zero and less than person expiration, use that logger('Expire: ' . $rr['channel_address'] . ' interval: ' . $expire_days, LOGGER_DEBUG); item_expire($rr['channel_id'], $expire_days); } } $x = get_sys_channel(); if ($x) { // this should probably just fetch the channel_expire_days from the sys channel, // but there's no convenient way to set it. $expire_days = get_config('system', 'sys_expire_days'); if ($expire_days === false) { $expire_days = 30; } if (intval($site_expire) && intval($site_expire) < intval($expire_days)) { $expire_days = $site_expire; } logger('Expire: sys interval: ' . $expire_days, LOGGER_DEBUG); if ($expire_days) { item_expire($x['channel_id'], $expire_days); } logger('Expire: sys: done', LOGGER_DEBUG); } }
function item_check_service_class($channel_id, $iswebpage) { $ret = array('success' => false, 'message' => ''); if ($iswebpage) { // note: we aren't counting comanche templates and blocks, only webpages $r = q("select count(id) as total from item where parent = id \n\t\t\tand ( item_restrict & %d ) > 0 and ( item_restrict & %d ) = 0 and uid = %d ", intval(ITEM_WEBPAGE), intval(ITEM_DELETED), intval($channel_id)); } else { $r = q("select count(id) as total from item where parent = id and item_restrict = 0 and (item_flags & %d) > 0 and uid = %d ", intval(ITEM_WALL), intval($channel_id)); } if (!$r) { $ret['message'] = t('Unable to obtain post information from database.'); return $ret; } if (!$iswebpage) { $max = service_class_fetch($channel_id, 'total_items'); if (!service_class_allows($channel_id, 'total_items', $r[0]['total'])) { $result['message'] .= upgrade_message() . sprintf(t('You have reached your limit of %1$.0f top level posts.'), $max); return $result; } } else { $max = service_class_fetch($channel_id, 'total_pages'); if (!service_class_allows($channel_id, 'total_pages', $r[0]['total'])) { $result['message'] .= upgrade_message() . sprintf(t('You have reached your limit of %1$.0f webpages.'), $max); return $result; } } $ret['success'] = true; return $ret; }
function post() { if (!local_channel()) { return; } if ($_SESSION['delegate']) { return; } $channel = \App::get_channel(); logger('mod_settings: ' . print_r($_REQUEST, true)); if (argc() > 1 && argv(1) === 'oauth' && x($_POST, 'remove')) { check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth'); $key = $_POST['remove']; q("DELETE FROM tokens WHERE id='%s' AND uid=%d", dbesc($key), local_channel()); goaway(z_root() . "/settings/oauth/"); return; } if (argc() > 2 && argv(1) === 'oauth' && (argv(2) === 'edit' || argv(2) === 'add') && x($_POST, 'submit')) { check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth'); $name = x($_POST, 'name') ? $_POST['name'] : ''; $key = x($_POST, 'key') ? $_POST['key'] : ''; $secret = x($_POST, 'secret') ? $_POST['secret'] : ''; $redirect = x($_POST, 'redirect') ? $_POST['redirect'] : ''; $icon = x($_POST, 'icon') ? $_POST['icon'] : ''; $ok = true; if ($name == '') { $ok = false; notice(t('Name is required') . EOL); } if ($key == '' || $secret == '') { $ok = false; notice(t('Key and Secret are required') . EOL); } if ($ok) { if ($_POST['submit'] == t("Update")) { $r = q("UPDATE clients SET\n\t\t\t\t\t\t\t\tclient_id='%s',\n\t\t\t\t\t\t\t\tpw='%s',\n\t\t\t\t\t\t\t\tclname='%s',\n\t\t\t\t\t\t\t\tredirect_uri='%s',\n\t\t\t\t\t\t\t\ticon='%s',\n\t\t\t\t\t\t\t\tuid=%d\n\t\t\t\t\t\t\tWHERE client_id='%s'", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), intval(local_channel()), dbesc($key)); } else { $r = q("INSERT INTO clients (client_id, pw, clname, redirect_uri, icon, uid)\n\t\t\t\t\t\tVALUES ('%s','%s','%s','%s','%s',%d)", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), intval(local_channel())); $r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ", dbesc($key), intval(local_channel()), dbesc('all')); } } goaway(z_root() . "/settings/oauth/"); return; } if (argc() > 1 && argv(1) == 'featured') { check_form_security_token_redirectOnErr('/settings/featured', 'settings_featured'); call_hooks('feature_settings_post', $_POST); build_sync_packet(); return; } if (argc() > 1 && argv(1) == 'tokens') { check_form_security_token_redirectOnErr('/settings/tokens', 'settings_tokens'); $token_errs = 0; if (array_key_exists('token', $_POST)) { $atoken_id = $_POST['atoken_id'] ? intval($_POST['atoken_id']) : 0; $name = trim(escape_tags($_POST['name'])); $token = trim($_POST['token']); if (!$name || !$token) { $token_errs++; } if (trim($_POST['expires'])) { $expires = datetime_convert(date_default_timezone_get(), 'UTC', $_POST['expires']); } else { $expires = NULL_DATE; } $max_atokens = service_class_fetch(local_channel(), 'access_tokens'); if ($max_atokens) { $r = q("select count(atoken_id) as total where atoken_uid = %d", intval(local_channel())); if ($r && intval($r[0]['total']) >= $max_tokens) { notice(sprintf(t('This channel is limited to %d tokens'), $max_tokens) . EOL); return; } } } if ($token_errs) { notice(t('Name and Password are required.') . EOL); return; } if ($atoken_id) { $r = q("update atoken set atoken_name = '%s', atoken_token = '%s' atoken_expires = '%s' \n\t\t\t\t\twhere atoken_id = %d and atoken_uid = %d", dbesc($name), dbesc($token), dbesc($expires), intval($atoken_id), intval($channel['channel_id'])); } else { $r = q("insert into atoken ( atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expires )\n\t\t\t\t\tvalues ( %d, %d, '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel['channel_id']), dbesc($name), dbesc($token), dbesc($expires)); } info(t('Token saved.') . EOL); return; } if (argc() > 1 && argv(1) === 'features') { check_form_security_token_redirectOnErr('/settings/features', 'settings_features'); // Build list of features and check which are set $features = get_features(); $all_features = array(); foreach ($features as $k => $v) { foreach ($v as $f) { $all_features[] = $f[0]; } } foreach ($all_features as $k) { if (x($_POST, "feature_{$k}")) { set_pconfig(local_channel(), 'feature', $k, 1); } else { set_pconfig(local_channel(), 'feature', $k, 0); } } build_sync_packet(); return; } if (argc() > 1 && argv(1) == 'display') { check_form_security_token_redirectOnErr('/settings/display', 'settings_display'); $theme = x($_POST, 'theme') ? notags(trim($_POST['theme'])) : \App::$channel['channel_theme']; $mobile_theme = x($_POST, 'mobile_theme') ? notags(trim($_POST['mobile_theme'])) : ''; $preload_images = x($_POST, 'preload_images') ? intval($_POST['preload_images']) : 0; $user_scalable = x($_POST, 'user_scalable') ? intval($_POST['user_scalable']) : 0; $nosmile = x($_POST, 'nosmile') ? intval($_POST['nosmile']) : 0; $title_tosource = x($_POST, 'title_tosource') ? intval($_POST['title_tosource']) : 0; $channel_list_mode = x($_POST, 'channel_list_mode') ? intval($_POST['channel_list_mode']) : 0; $network_list_mode = x($_POST, 'network_list_mode') ? intval($_POST['network_list_mode']) : 0; $channel_divmore_height = x($_POST, 'channel_divmore_height') ? intval($_POST['channel_divmore_height']) : 400; if ($channel_divmore_height < 50) { $channel_divmore_height = 50; } $network_divmore_height = x($_POST, 'network_divmore_height') ? intval($_POST['network_divmore_height']) : 400; if ($network_divmore_height < 50) { $network_divmore_height = 50; } $browser_update = x($_POST, 'browser_update') ? intval($_POST['browser_update']) : 0; $browser_update = $browser_update * 1000; if ($browser_update < 10000) { $browser_update = 10000; } $itemspage = x($_POST, 'itemspage') ? intval($_POST['itemspage']) : 20; if ($itemspage > 100) { $itemspage = 100; } if ($mobile_theme == "---") { del_pconfig(local_channel(), 'system', 'mobile_theme'); } else { set_pconfig(local_channel(), 'system', 'mobile_theme', $mobile_theme); } set_pconfig(local_channel(), 'system', 'preload_images', $preload_images); set_pconfig(local_channel(), 'system', 'user_scalable', $user_scalable); set_pconfig(local_channel(), 'system', 'update_interval', $browser_update); set_pconfig(local_channel(), 'system', 'itemspage', $itemspage); set_pconfig(local_channel(), 'system', 'no_smilies', 1 - intval($nosmile)); set_pconfig(local_channel(), 'system', 'title_tosource', $title_tosource); set_pconfig(local_channel(), 'system', 'channel_list_mode', $channel_list_mode); set_pconfig(local_channel(), 'system', 'network_list_mode', $network_list_mode); set_pconfig(local_channel(), 'system', 'channel_divmore_height', $channel_divmore_height); set_pconfig(local_channel(), 'system', 'network_divmore_height', $network_divmore_height); if ($theme == \App::$channel['channel_theme']) { // call theme_post only if theme has not been changed if (($themeconfigfile = $this->get_theme_config_file($theme)) != null) { require_once $themeconfigfile; theme_post($a); } } $r = q("UPDATE channel SET channel_theme = '%s' WHERE channel_id = %d", dbesc($theme), intval(local_channel())); call_hooks('display_settings_post', $_POST); build_sync_packet(); goaway(z_root() . '/settings/display'); return; // NOTREACHED } if (argc() > 1 && argv(1) === 'account') { check_form_security_token_redirectOnErr('/settings/account', 'settings_account'); call_hooks('account_settings_post', $_POST); // call_hooks('settings_account', $_POST); $errs = array(); $email = x($_POST, 'email') ? trim(notags($_POST['email'])) : ''; $account = \App::get_account(); if ($email != $account['account_email']) { if (!valid_email($email)) { $errs[] = t('Not valid email.'); } $adm = trim(get_config('system', 'admin_email')); if ($adm && strcasecmp($email, $adm) == 0) { $errs[] = t('Protected email address. Cannot change to that email.'); $email = \App::$user['email']; } if (!$errs) { $r = q("update account set account_email = '%s' where account_id = %d", dbesc($email), intval($account['account_id'])); if (!$r) { $errs[] = t('System failure storing new email. Please try again.'); } } } if ($errs) { foreach ($errs as $err) { notice($err . EOL); } $errs = array(); } if (x($_POST, 'npassword') || x($_POST, 'confirm')) { $origpass = trim($_POST['origpass']); require_once 'include/auth.php'; if (!account_verify_password($email, $origpass)) { $errs[] = t('Password verification failed.'); } $newpass = trim($_POST['npassword']); $confirm = trim($_POST['confirm']); if ($newpass != $confirm) { $errs[] = t('Passwords do not match. Password unchanged.'); } if (!x($newpass) || !x($confirm)) { $errs[] = t('Empty passwords are not allowed. Password unchanged.'); } if (!$errs) { $salt = random_string(32); $password_encoded = hash('whirlpool', $salt . $newpass); $r = q("update account set account_salt = '%s', account_password = '******', account_password_changed = '%s' \n\t\t\t\t\t\twhere account_id = %d", dbesc($salt), dbesc($password_encoded), dbesc(datetime_convert()), intval(get_account_id())); if ($r) { info(t('Password changed.') . EOL); } else { $errs[] = t('Password update failed. Please try again.'); } } } if ($errs) { foreach ($errs as $err) { notice($err . EOL); } } goaway(z_root() . '/settings/account'); } check_form_security_token_redirectOnErr('/settings', 'settings'); call_hooks('settings_post', $_POST); $set_perms = ''; $role = x($_POST, 'permissions_role') ? notags(trim($_POST['permissions_role'])) : ''; $oldrole = get_pconfig(local_channel(), 'system', 'permissions_role'); if ($role != $oldrole || $role === 'custom') { if ($role === 'custom') { $hide_presence = x($_POST, 'hide_presence') && intval($_POST['hide_presence']) == 1 ? 1 : 0; $publish = x($_POST, 'profile_in_directory') && intval($_POST['profile_in_directory']) == 1 ? 1 : 0; $def_group = x($_POST, 'group-selection') ? notags(trim($_POST['group-selection'])) : ''; $r = q("update channel set channel_default_group = '%s' where channel_id = %d", dbesc($def_group), intval(local_channel())); $global_perms = get_perms(); foreach ($global_perms as $k => $v) { $set_perms .= ', ' . $v[0] . ' = ' . intval($_POST[$k]) . ' '; } $acl = new \Zotlabs\Access\AccessList($channel); $acl->set_from_array($_POST); $x = $acl->get(); $r = q("update channel set channel_allow_cid = '%s', channel_allow_gid = '%s', \n\t\t\t\t\tchannel_deny_cid = '%s', channel_deny_gid = '%s' where channel_id = %d", dbesc($x['allow_cid']), dbesc($x['allow_gid']), dbesc($x['deny_cid']), dbesc($x['deny_gid']), intval(local_channel())); } else { $role_permissions = get_role_perms($_POST['permissions_role']); if (!$role_permissions) { notice('Permissions category could not be found.'); return; } $hide_presence = 1 - intval($role_permissions['online']); if ($role_permissions['default_collection']) { $r = q("select hash from groups where uid = %d and gname = '%s' limit 1", intval(local_channel()), dbesc(t('Friends'))); if (!$r) { require_once 'include/group.php'; group_add(local_channel(), t('Friends')); group_add_member(local_channel(), t('Friends'), $channel['channel_hash']); $r = q("select hash from groups where uid = %d and gname = '%s' limit 1", intval(local_channel()), dbesc(t('Friends'))); } if ($r) { q("update channel set channel_default_group = '%s', channel_allow_gid = '%s', channel_allow_cid = '', channel_deny_gid = '', channel_deny_cid = '' where channel_id = %d", dbesc($r[0]['hash']), dbesc('<' . $r[0]['hash'] . '>'), intval(local_channel())); } else { notice(sprintf('Default privacy group \'%s\' not found. Please create and re-submit permission change.', t('Friends')) . EOL); return; } } else { q("update channel set channel_default_group = '', channel_allow_gid = '', channel_allow_cid = '', channel_deny_gid = '', \n\t\t\t\t\t\tchannel_deny_cid = '' where channel_id = %d", intval(local_channel())); } $r = q("update abook set abook_my_perms = %d where abook_channel = %d and abook_self = 1", intval(array_key_exists('perms_accept', $role_permissions) ? $role_permissions['perms_accept'] : 0), intval(local_channel())); set_pconfig(local_channel(), 'system', 'autoperms', $role_permissions['perms_auto'] ? intval($role_permissions['perms_accept']) : 0); foreach ($role_permissions as $p => $v) { if (strpos($p, 'channel_') !== false) { $set_perms .= ', ' . $p . ' = ' . intval($v) . ' '; } if ($p === 'directory_publish') { $publish = intval($v); } } } set_pconfig(local_channel(), 'system', 'hide_online_status', $hide_presence); set_pconfig(local_channel(), 'system', 'permissions_role', $role); } $username = x($_POST, 'username') ? notags(trim($_POST['username'])) : ''; $timezone = x($_POST, 'timezone_select') ? notags(trim($_POST['timezone_select'])) : ''; $defloc = x($_POST, 'defloc') ? notags(trim($_POST['defloc'])) : ''; $openid = x($_POST, 'openid_url') ? notags(trim($_POST['openid_url'])) : ''; $maxreq = x($_POST, 'maxreq') ? intval($_POST['maxreq']) : 0; $expire = x($_POST, 'expire') ? intval($_POST['expire']) : 0; $evdays = x($_POST, 'evdays') ? intval($_POST['evdays']) : 3; $photo_path = x($_POST, 'photo_path') ? escape_tags(trim($_POST['photo_path'])) : ''; $attach_path = x($_POST, 'attach_path') ? escape_tags(trim($_POST['attach_path'])) : ''; $channel_menu = x($_POST['channel_menu']) ? htmlspecialchars_decode(trim($_POST['channel_menu']), ENT_QUOTES) : ''; $expire_items = x($_POST, 'expire_items') ? intval($_POST['expire_items']) : 0; $expire_starred = x($_POST, 'expire_starred') ? intval($_POST['expire_starred']) : 0; $expire_photos = x($_POST, 'expire_photos') ? intval($_POST['expire_photos']) : 0; $expire_network_only = x($_POST, 'expire_network_only') ? intval($_POST['expire_network_only']) : 0; $allow_location = x($_POST, 'allow_location') && intval($_POST['allow_location']) == 1 ? 1 : 0; $blocktags = x($_POST, 'blocktags') && intval($_POST['blocktags']) == 1 ? 0 : 1; // this setting is inverted! $unkmail = x($_POST, 'unkmail') && intval($_POST['unkmail']) == 1 ? 1 : 0; $cntunkmail = x($_POST, 'cntunkmail') ? intval($_POST['cntunkmail']) : 0; $suggestme = x($_POST, 'suggestme') ? intval($_POST['suggestme']) : 0; $post_newfriend = $_POST['post_newfriend'] == 1 ? 1 : 0; $post_joingroup = $_POST['post_joingroup'] == 1 ? 1 : 0; $post_profilechange = $_POST['post_profilechange'] == 1 ? 1 : 0; $adult = $_POST['adult'] == 1 ? 1 : 0; $cal_first_day = x($_POST, 'first_day') && intval($_POST['first_day']) == 1 ? 1 : 0; $channel = \App::get_channel(); $pageflags = $channel['channel_pageflags']; $existing_adult = $pageflags & PAGE_ADULT ? 1 : 0; if ($adult != $existing_adult) { $pageflags = $pageflags ^ PAGE_ADULT; } $notify = 0; if (x($_POST, 'notify1')) { $notify += intval($_POST['notify1']); } if (x($_POST, 'notify2')) { $notify += intval($_POST['notify2']); } if (x($_POST, 'notify3')) { $notify += intval($_POST['notify3']); } if (x($_POST, 'notify4')) { $notify += intval($_POST['notify4']); } if (x($_POST, 'notify5')) { $notify += intval($_POST['notify5']); } if (x($_POST, 'notify6')) { $notify += intval($_POST['notify6']); } if (x($_POST, 'notify7')) { $notify += intval($_POST['notify7']); } if (x($_POST, 'notify8')) { $notify += intval($_POST['notify8']); } $vnotify = 0; if (x($_POST, 'vnotify1')) { $vnotify += intval($_POST['vnotify1']); } if (x($_POST, 'vnotify2')) { $vnotify += intval($_POST['vnotify2']); } if (x($_POST, 'vnotify3')) { $vnotify += intval($_POST['vnotify3']); } if (x($_POST, 'vnotify4')) { $vnotify += intval($_POST['vnotify4']); } if (x($_POST, 'vnotify5')) { $vnotify += intval($_POST['vnotify5']); } if (x($_POST, 'vnotify6')) { $vnotify += intval($_POST['vnotify6']); } if (x($_POST, 'vnotify7')) { $vnotify += intval($_POST['vnotify7']); } if (x($_POST, 'vnotify8')) { $vnotify += intval($_POST['vnotify8']); } if (x($_POST, 'vnotify9')) { $vnotify += intval($_POST['vnotify9']); } if (x($_POST, 'vnotify10')) { $vnotify += intval($_POST['vnotify10']); } if (x($_POST, 'vnotify11')) { $vnotify += intval($_POST['vnotify11']); } $always_show_in_notices = x($_POST, 'always_show_in_notices') ? 1 : 0; $channel = \App::get_channel(); $err = ''; $name_change = false; if ($username != $channel['channel_name']) { $name_change = true; require_once 'include/channel.php'; $err = validate_channelname($username); if ($err) { notice($err); return; } } if ($timezone != $channel['channel_timezone']) { if (strlen($timezone)) { date_default_timezone_set($timezone); } } set_pconfig(local_channel(), 'system', 'use_browser_location', $allow_location); set_pconfig(local_channel(), 'system', 'suggestme', $suggestme); set_pconfig(local_channel(), 'system', 'post_newfriend', $post_newfriend); set_pconfig(local_channel(), 'system', 'post_joingroup', $post_joingroup); set_pconfig(local_channel(), 'system', 'post_profilechange', $post_profilechange); set_pconfig(local_channel(), 'system', 'blocktags', $blocktags); set_pconfig(local_channel(), 'system', 'channel_menu', $channel_menu); set_pconfig(local_channel(), 'system', 'vnotify', $vnotify); set_pconfig(local_channel(), 'system', 'always_show_in_notices', $always_show_in_notices); set_pconfig(local_channel(), 'system', 'evdays', $evdays); set_pconfig(local_channel(), 'system', 'photo_path', $photo_path); set_pconfig(local_channel(), 'system', 'attach_path', $attach_path); set_pconfig(local_channel(), 'system', 'cal_first_day', $cal_first_day); $r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d {$set_perms} where channel_id = %d", dbesc($username), intval($pageflags), dbesc($timezone), dbesc($defloc), intval($notify), intval($unkmail), intval($maxreq), intval($expire), intval(local_channel())); if ($r) { info(t('Settings updated.') . EOL); } if (!is_null($publish)) { $r = q("UPDATE profile SET publish = %d WHERE is_default = 1 AND uid = %d", intval($publish), intval(local_channel())); } if ($name_change) { $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s' where xchan_hash = '%s'", dbesc($username), dbesc(datetime_convert()), dbesc($channel['channel_hash'])); $r = q("update profile set fullname = '%s' where uid = %d and is_default = 1", dbesc($username), intval($channel['channel_id'])); } \Zotlabs\Daemon\Master::Summon(array('Directory', local_channel())); build_sync_packet(); //$_SESSION['theme'] = $theme; if ($email_changed && \App::$config['system']['register_policy'] == REGISTER_VERIFY) { // FIXME - set to un-verified, blocked and redirect to logout // Why? Are we verifying people or email addresses? } goaway(z_root() . '/settings'); return; // NOTREACHED }
function wall_upload_post(&$a, $desktopmode = true) { logger("wall upload: starting new upload", LOGGER_DEBUG); $r_json = x($_GET, 'response') && $_GET['response'] == 'json'; if ($a->argc > 1) { if (!x($_FILES, 'media')) { $nick = $a->argv[1]; $r = q("SELECT `user`.*, `contact`.`id` FROM `user` INNER JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($nick)); if (!count($r)) { if ($r_json) { echo json_encode(['error' => t('Invalid request.')]); killme(); } return; } } else { $user_info = api_get_user($a); $r = q("SELECT `user`.*, `contact`.`id` FROM `user` INNER JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($user_info['screen_name'])); } } else { if ($r_json) { echo json_encode(['error' => t('Invalid request.')]); killme(); } return; } $can_post = false; $visitor = 0; $page_owner_uid = $r[0]['uid']; $default_cid = $r[0]['id']; $page_owner_nick = $r[0]['nickname']; $community_page = $r[0]['page-flags'] == PAGE_COMMUNITY ? true : false; if (local_user() && local_user() == $page_owner_uid) { $can_post = true; } else { if ($community_page && remote_user()) { $cid = 0; if (is_array($_SESSION['remote'])) { foreach ($_SESSION['remote'] as $v) { if ($v['uid'] == $page_owner_uid) { $cid = $v['cid']; break; } } } if ($cid) { $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($cid), intval($page_owner_uid)); if (count($r)) { $can_post = true; $visitor = $cid; } } } } if (!$can_post) { if ($r_json) { echo json_encode(['error' => t('Permission denied.')]); killme(); } notice(t('Permission denied.') . EOL); killme(); } if (!x($_FILES, 'userfile') && !x($_FILES, 'media')) { if ($r_json) { echo json_encode(['error' => t('Invalid request.')]); killme(); } killme(); } $src = ""; if (x($_FILES, 'userfile')) { $src = $_FILES['userfile']['tmp_name']; $filename = basename($_FILES['userfile']['name']); $filesize = intval($_FILES['userfile']['size']); $filetype = $_FILES['userfile']['type']; } elseif (x($_FILES, 'media')) { if (is_array($_FILES['media']['tmp_name'])) { $src = $_FILES['media']['tmp_name'][0]; } else { $src = $_FILES['media']['tmp_name']; } if (is_array($_FILES['media']['name'])) { $filename = basename($_FILES['media']['name'][0]); } else { $filename = basename($_FILES['media']['name']); } if (is_array($_FILES['media']['size'])) { $filesize = intval($_FILES['media']['size'][0]); } else { $filesize = intval($_FILES['media']['size']); } if (is_array($_FILES['media']['type'])) { $filetype = $_FILES['media']['type'][0]; } else { $filetype = $_FILES['media']['type']; } } if ($src == "") { if ($r_json) { echo json_encode(['error' => t('Invalid request.')]); killme(); } notice(t('Invalid request.') . EOL); killme(); } // This is a special treatment for picture upload from Twidere if ($filename == "octet-stream" and $filetype != "") { $filename = $filetype; $filetype = ""; } if ($filetype == "") { $filetype = guess_image_type($filename); } // If there is a temp name, then do a manual check // This is more reliable than the provided value $imagedata = getimagesize($src); if ($imagedata) { $filetype = $imagedata['mime']; } logger("File upload src: " . $src . " - filename: " . $filename . " - size: " . $filesize . " - type: " . $filetype, LOGGER_DEBUG); $maximagesize = get_config('system', 'maximagesize'); if ($maximagesize && $filesize > $maximagesize) { $msg = sprintf(t('Image exceeds size limit of %s'), formatBytes($maximagesize)); if ($r_json) { echo json_encode(['error' => $msg]); } else { echo $msg . EOL; } @unlink($src); killme(); } $r = q("select sum(octet_length(data)) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ", intval($page_owner_uid)); $limit = service_class_fetch($page_owner_uid, 'photo_upload_limit'); if ($limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) { $msg = upgrade_message(true); if ($r_json) { echo json_encode(['error' => $msg]); } else { echo $msg . EOL; } @unlink($src); killme(); } $imagedata = @file_get_contents($src); $ph = new Photo($imagedata, $filetype); if (!$ph->is_valid()) { $msg = t('Unable to process image.'); if ($r_json) { echo json_encode(['error' => $msg]); } else { echo $msg . EOL; } @unlink($src); killme(); } $ph->orient($src); @unlink($src); $max_length = get_config('system', 'max_image_length'); if (!$max_length) { $max_length = MAX_IMAGE_LENGTH; } if ($max_length > 0) { $ph->scaleImage($max_length); logger("File upload: Scaling picture to new size " . $max_length, LOGGER_DEBUG); } $width = $ph->getWidth(); $height = $ph->getHeight(); $hash = photo_new_resource(); $smallest = 0; $defperm = '<' . $default_cid . '>'; $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, $defperm); if (!$r) { $msg = t('Image upload failed.'); if ($r_json) { echo json_encode(['error' => $msg]); } else { echo $msg . EOL; } killme(); } if ($width > 640 || $height > 640) { $ph->scaleImage(640); $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, $defperm); if ($r) { $smallest = 1; } } if ($width > 320 || $height > 320) { $ph->scaleImage(320); $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, $defperm); if ($r and $smallest == 0) { $smallest = 2; } } $basename = basename($filename); if (!$desktopmode) { $r = q("SELECT `id`, `datasize`, `width`, `height`, `type` FROM `photo` WHERE `resource-id` = '%s' ORDER BY `width` DESC LIMIT 1", $hash); if (!$r) { if ($r_json) { echo json_encode(['error' => '']); killme(); } return false; } $picture = array(); $picture["id"] = $r[0]["id"]; $picture["size"] = $r[0]["datasize"]; $picture["width"] = $r[0]["width"]; $picture["height"] = $r[0]["height"]; $picture["type"] = $r[0]["type"]; $picture["albumpage"] = $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash; $picture["picture"] = $a->get_baseurl() . "/photo/{$hash}-0." . $ph->getExt(); $picture["preview"] = $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt(); if ($r_json) { echo json_encode(['picture' => $picture]); killme(); } return $picture; } if ($r_json) { echo json_encode(['ok' => true]); killme(); } /* mod Waitman Gobble NO WARRANTY */ //if we get the signal then return the image url info in BBCODE, otherwise this outputs the info and bails (for the ajax image uploader on wall post) if ($_REQUEST['hush'] != 'yeah') { if (local_user() && (!feature_enabled(local_user(), 'richtext') || x($_REQUEST['nomce']))) { echo "\n\n" . '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "[/img][/url]\n\n"; } else { echo '<br /><br /><a href="' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '" ><img src="' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "\" alt=\"{$basename}\" /></a><br /><br />"; } } else { $m = '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "[/img][/url]"; return $m; } /* mod Waitman Gobble NO WARRANTY */ killme(); // NOTREACHED }
function photos_content(&$a) { // URLs: // photos/name // photos/name/upload // photos/name/upload/xxxxx (xxxxx is album name) // photos/name/album/xxxxx // photos/name/album/xxxxx/edit // photos/name/image/xxxxx // photos/name/image/xxxxx/edit if (get_config('system', 'block_public') && !local_user() && !remote_user()) { notice(t('Public access denied.') . EOL); return; } require_once 'include/bbcode.php'; require_once 'include/security.php'; require_once 'include/conversation.php'; if (!x($a->data, 'user')) { notice(t('No photos selected') . EOL); return; } $phototypes = Photo::supportedTypes(); $_SESSION['photo_return'] = $a->cmd; // // Parse arguments // if ($a->argc > 3) { $datatype = $a->argv[2]; $datum = $a->argv[3]; } elseif ($a->argc > 2 && $a->argv[2] === 'upload') { $datatype = 'upload'; } else { $datatype = 'summary'; } if ($a->argc > 4) { $cmd = $a->argv[4]; } else { $cmd = 'view'; } // // Setup permissions structures // $can_post = false; $visitor = 0; $contact = null; $remote_contact = false; $contact_id = 0; $owner_uid = $a->data['user']['uid']; $community_page = $a->data['user']['page-flags'] == PAGE_COMMUNITY ? true : false; if (local_user() && local_user() == $owner_uid) { $can_post = true; } else { if ($community_page && remote_user()) { if (is_array($_SESSION['remote'])) { foreach ($_SESSION['remote'] as $v) { if ($v['uid'] == $owner_uid) { $contact_id = $v['cid']; break; } } } if ($contact_id) { $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($owner_uid)); if (count($r)) { $can_post = true; $contact = $r[0]; $remote_contact = true; $visitor = $cid; } } } } // perhaps they're visiting - but not a community page, so they wouldn't have write access if (remote_user() && !$visitor) { $contact_id = 0; if (is_array($_SESSION['remote'])) { foreach ($_SESSION['remote'] as $v) { if ($v['uid'] == $owner_uid) { $contact_id = $v['cid']; break; } } } if ($contact_id) { $groups = init_groups_visitor($contact_id); $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($owner_uid)); if (count($r)) { $contact = $r[0]; $remote_contact = true; } } } if (!$remote_contact) { if (local_user()) { $contact_id = $_SESSION['cid']; $contact = $a->contact; } } if ($a->data['user']['hidewall'] && local_user() != $owner_uid && !$remote_contact) { notice(t('Access to this item is restricted.') . EOL); return; } $sql_extra = permissions_sql($owner_uid, $remote_contact, $groups); $o = ""; // tabs $_is_owner = local_user() && local_user() == $owner_uid; $o .= profile_tabs($a, $_is_owner, $a->data['user']['nickname']); // // dispatch request // if ($datatype === 'upload') { if (!$can_post) { notice(t('Permission denied.')); return; } $selname = $datum ? hex2bin($datum) : ''; $albumselect = ''; $albumselect .= '<option value="" ' . (!$selname ? ' selected="selected" ' : '') . '> </option>'; if (count($a->data['albums'])) { foreach ($a->data['albums'] as $album) { if ($album['album'] === '' || $album['album'] === 'Contact Photos' || $album['album'] === t('Contact Photos')) { continue; } $selected = $selname === $album['album'] ? ' selected="selected" ' : ''; $albumselect .= '<option value="' . $album['album'] . '"' . $selected . '>' . $album['album'] . '</option>'; } } $celeb = $a->user['page-flags'] == PAGE_SOAPBOX || $a->user['page-flags'] == PAGE_COMMUNITY ? true : false; $uploader = ''; $ret = array('post_url' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'], 'addon_text' => $uploader, 'default_upload' => true); call_hooks('photo_upload_form', $ret); $default_upload_box = replace_macros(get_markup_template('photos_default_uploader_box.tpl'), array()); $default_upload_submit = replace_macros(get_markup_template('photos_default_uploader_submit.tpl'), array('$submit' => t('Submit'))); $usage_message = ''; $limit = service_class_fetch($a->data['user']['uid'], 'photo_upload_limit'); if ($limit !== false) { $r = q("select sum(datasize) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ", intval($a->data['user']['uid'])); $usage_message = sprintf(t("You have used %1\$.2f Mbytes of %2\$.2f Mbytes photo storage."), $r[0]['total'] / 1024000, $limit / 1024000); } // Private/public post links for the non-JS ACL form $private_post = 1; if ($_REQUEST['public']) { $private_post = 0; } $query_str = $a->query_string; if (strpos($query_str, 'public=1') !== false) { $query_str = str_replace(array('?public=1', '&public=1'), array('', ''), $query_str); } // I think $a->query_string may never have ? in it, but I could be wrong // It looks like it's from the index.php?q=[etc] rewrite that the web // server does, which converts any ? to &, e.g. suggest&ignore=61 for suggest?ignore=61 if (strpos($query_str, '?') === false) { $public_post_link = '?public=1'; } else { $public_post_link = '&public=1'; } $tpl = get_markup_template('photos_upload.tpl'); if ($a->theme['template_engine'] === 'internal') { $albumselect_e = template_escape($albumselect); $aclselect_e = $visitor ? '' : template_escape(populate_acl($a->user, $celeb)); } else { $albumselect_e = $albumselect; $aclselect_e = $visitor ? '' : populate_acl($a->user, $celeb); } $o .= replace_macros($tpl, array('$pagename' => t('Upload Photos'), '$sessid' => session_id(), '$usage' => $usage_message, '$nickname' => $a->data['user']['nickname'], '$newalbum' => t('New album name: '), '$existalbumtext' => t('or existing album name: '), '$nosharetext' => t('Do not show a status post for this upload'), '$albumselect' => $albumselect_e, '$permissions' => t('Permissions'), '$aclselect' => $aclselect_e, '$alt_uploader' => $ret['addon_text'], '$default_upload_box' => $ret['default_upload'] ? $default_upload_box : '', '$default_upload_submit' => $ret['default_upload'] ? $default_upload_submit : '', '$uploadurl' => $ret['post_url'], '$acl_data' => construct_acl_data($a, $a->user), '$group_perms' => t('Show to Groups'), '$contact_perms' => t('Show to Contacts'), '$private' => t('Private Photo'), '$public' => t('Public Photo'), '$is_private' => $private_post, '$return_path' => $query_str, '$public_link' => $public_post_link)); return $o; } if ($datatype === 'album') { $album = hex2bin($datum); $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' \n\t\t\tAND `scale` <= 4 {$sql_extra} GROUP BY `resource-id`", intval($owner_uid), dbesc($album)); if (count($r)) { $a->set_pager_total(count($r)); $a->set_pager_itemspage(20); } if ($_GET['order'] === 'posted') { $order = 'ASC'; } else { $order = 'DESC'; } $r = q("SELECT `resource-id`, `id`, `filename`, type, max(`scale`) AS `scale`, `desc` FROM `photo` WHERE `uid` = %d AND `album` = '%s' \n\t\t\tAND `scale` <= 4 {$sql_extra} GROUP BY `resource-id` ORDER BY `created` {$order} LIMIT %d , %d", intval($owner_uid), dbesc($album), intval($a->pager['start']), intval($a->pager['itemspage'])); $o .= '<h3 id="photo-album-title">' . $album . '</h3>'; if ($cmd === 'edit') { if ($album !== t('Profile Photos') && $album !== 'Contact Photos' && $album !== t('Contact Photos')) { if ($can_post) { $edit_tpl = get_markup_template('album_edit.tpl'); if ($a->theme['template_engine'] === 'internal') { $album_e = template_escape($album); } else { $album_e = $album; } $o .= replace_macros($edit_tpl, array('$nametext' => t('New album name: '), '$nickname' => $a->data['user']['nickname'], '$album' => $album_e, '$hexalbum' => bin2hex($album), '$submit' => t('Submit'), '$dropsubmit' => t('Delete Album'))); } } } else { if ($album !== t('Profile Photos') && $album !== 'Contact Photos' && $album !== t('Contact Photos')) { if ($can_post) { $o .= '<div id="album-edit-link"><a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '/edit' . '">' . t('Edit Album') . '</a></div>'; } } } if ($_GET['order'] === 'posted') { $o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '" >' . t('Show Newest First') . '</a></div>'; } else { $o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '?f=&order=posted" >' . t('Show Oldest First') . '</a></div>'; } if ($can_post) { $o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/upload/' . bin2hex($album) . '" >' . t('Upload New Photos') . '</a></div>'; } $tpl = get_markup_template('photo_album.tpl'); if (count($r)) { $twist = 'rotright'; } foreach ($r as $rr) { if ($twist == 'rotright') { $twist = 'rotleft'; } else { $twist = 'rotright'; } $ext = $phototypes[$rr['type']]; if ($a->theme['template_engine'] === 'internal') { $imgalt_e = template_escape($rr['filename']); $desc_e = template_escape($rr['desc']); } else { $imgalt_e = $rr['filename']; $desc_e = $rr['desc']; } $o .= replace_macros($tpl, array('$id' => $rr['id'], '$twist' => ' ' . $twist . rand(2, 4), '$photolink' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $rr['resource-id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : ''), '$phototitle' => t('View Photo'), '$imgsrc' => $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . $rr['scale'] . '.' . $ext, '$imgalt' => $imgalt_e, '$desc' => $desc_e)); } $o .= '<div id="photo-album-end"></div>'; $o .= paginate($a); return $o; } if ($datatype === 'image') { //$o = ''; // fetch image, item containing image, then comments $ph = q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' \n\t\t\t{$sql_extra} ORDER BY `scale` ASC ", intval($owner_uid), dbesc($datum)); if (!count($ph)) { $ph = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'\n\t\t\t\tLIMIT 1", intval($owner_uid), dbesc($datum)); if (count($ph)) { notice(t('Permission denied. Access to this item may be restricted.')); } else { notice(t('Photo not available') . EOL); } return; } $prevlink = ''; $nextlink = ''; if ($_GET['order'] === 'posted') { $order = 'ASC'; } else { $order = 'DESC'; } $prvnxt = q("SELECT `resource-id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0\n\t\t\t{$sql_extra} ORDER BY `created` {$order} ", dbesc($ph[0]['album']), intval($owner_uid)); if (count($prvnxt)) { for ($z = 0; $z < count($prvnxt); $z++) { if ($prvnxt[$z]['resource-id'] == $ph[0]['resource-id']) { $prv = $z - 1; $nxt = $z + 1; if ($prv < 0) { $prv = count($prvnxt) - 1; } if ($nxt >= count($prvnxt)) { $nxt = 0; } break; } } $edit_suffix = $cmd === 'edit' && $can_post ? '/edit' : ''; $prevlink = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$prv]['resource-id'] . $edit_suffix . ($_GET['order'] === 'posted' ? '?f=&order=posted' : ''); $nextlink = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$nxt]['resource-id'] . $edit_suffix . ($_GET['order'] === 'posted' ? '?f=&order=posted' : ''); } if (count($ph) == 1) { $hires = $lores = $ph[0]; } if (count($ph) > 1) { if ($ph[1]['scale'] == 2) { // original is 640 or less, we can display it directly $hires = $lores = $ph[0]; } else { $hires = $ph[0]; $lores = $ph[1]; } } $album_link = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($ph[0]['album']); $tools = Null; $lock = Null; if ($can_post && $ph[0]['uid'] == $owner_uid) { $tools = array('edit' => array($a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $datum . ($cmd === 'edit' ? '' : '/edit'), $cmd === 'edit' ? t('View photo') : t('Edit photo')), 'profile' => array($a->get_baseurl() . '/profile_photo/use/' . $ph[0]['resource-id'], t('Use as profile photo'))); // lock $lock = $ph[0]['uid'] == local_user() && (strlen($ph[0]['allow_cid']) || strlen($ph[0]['allow_gid']) || strlen($ph[0]['deny_cid']) || strlen($ph[0]['deny_gid'])) ? t('Private Message') : Null; } if ($cmd === 'edit') { $tpl = get_markup_template('photo_edit_head.tpl'); $a->page['htmlhead'] .= replace_macros($tpl, array('$prevlink' => $prevlink, '$nextlink' => $nextlink)); } if ($prevlink) { $prevlink = array($prevlink, '<div class="icon prev"></div>'); } $photo = array('href' => $a->get_baseurl() . '/photo/' . $hires['resource-id'] . '-' . $hires['scale'] . '.' . $phototypes[$hires['type']], 'title' => t('View Full Size'), 'src' => $a->get_baseurl() . '/photo/' . $lores['resource-id'] . '-' . $lores['scale'] . '.' . $phototypes[$lores['type']] . '?f=&_u=' . datetime_convert('', '', '', 'ymdhis'), 'height' => $hires['height'], 'width' => $hires['width'], 'album' => $hires['album'], 'filename' => $hires['filename']); if ($nextlink) { $nextlink = array($nextlink, '<div class="icon next"></div>'); } // Do we have an item for this photo? // FIXME! - replace following code to display the conversation with our normal // conversation functions so that it works correctly and tracks changes // in the evolving conversation code. // The difference is that we won't be displaying the conversation head item // as a "post" but displaying instead the photo it is linked to $linked_items = q("SELECT * FROM `item` WHERE `resource-id` = '%s' {$sql_extra} LIMIT 1", dbesc($datum)); if (count($linked_items)) { $link_item = $linked_items[0]; $r = q("SELECT COUNT(*) AS `total`\n\t\t\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\t\t\tWHERE `parent-uri` = '%s' AND `uri` != '%s' AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\t\tAND `item`.`uid` = %d\n\t\t\t\t{$sql_extra} ", dbesc($link_item['uri']), dbesc($link_item['uri']), intval($link_item['uid'])); if (count($r)) { $a->set_pager_total($r[0]['total']); } $r = q("SELECT `item`.*, `item`.`id` AS `item_id`,\n\t\t\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`network`,\n\t\t\t\t`contact`.`rel`, `contact`.`thumb`, `contact`.`self`,\n\t\t\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`\n\t\t\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\t\t\tWHERE `parent-uri` = '%s' AND `uri` != '%s' AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\t\tAND `item`.`uid` = %d\n\t\t\t\t{$sql_extra}\n\t\t\t\tORDER BY `parent` DESC, `id` ASC LIMIT %d ,%d ", dbesc($link_item['uri']), dbesc($link_item['uri']), intval($link_item['uid']), intval($a->pager['start']), intval($a->pager['itemspage'])); if (local_user() && local_user() == $link_item['uid']) { q("UPDATE `item` SET `unseen` = 0 WHERE `parent` = %d and `uid` = %d", intval($link_item['parent']), intval(local_user())); update_thread($link_item['parent']); } } $tags = Null; if (count($linked_items) && strlen($link_item['tag'])) { $arr = explode(',', $link_item['tag']); // parse tags and add links $tag_str = ''; foreach ($arr as $t) { if (strlen($tag_str)) { $tag_str .= ', '; } $tag_str .= bbcode($t); } $tags = array(t('Tags: '), $tag_str); if ($cmd === 'edit') { $tags[] = $a->get_baseurl() . '/tagrm/' . $link_item['id']; $tags[] = t('[Remove any tag]'); } } $edit = Null; if ($cmd === 'edit' && $can_post) { $edit_tpl = get_markup_template('photo_edit.tpl'); // Private/public post links for the non-JS ACL form $private_post = 1; if ($_REQUEST['public']) { $private_post = 0; } $query_str = $a->query_string; if (strpos($query_str, 'public=1') !== false) { $query_str = str_replace(array('?public=1', '&public=1'), array('', ''), $query_str); } // I think $a->query_string may never have ? in it, but I could be wrong // It looks like it's from the index.php?q=[etc] rewrite that the web // server does, which converts any ? to &, e.g. suggest&ignore=61 for suggest?ignore=61 if (strpos($query_str, '?') === false) { $public_post_link = '?public=1'; } else { $public_post_link = '&public=1'; } if ($a->theme['template_engine'] === 'internal') { $album_e = template_escape($ph[0]['album']); $caption_e = template_escape($ph[0]['desc']); $aclselect_e = template_escape(populate_acl($ph[0])); } else { $album_e = $ph[0]['album']; $caption_e = $ph[0]['desc']; $aclselect_e = populate_acl($ph[0]); } $edit = replace_macros($edit_tpl, array('$id' => $ph[0]['id'], '$rotatecw' => t('Rotate CW (right)'), '$rotateccw' => t('Rotate CCW (left)'), '$album' => $album_e, '$newalbum' => t('New album name'), '$nickname' => $a->data['user']['nickname'], '$resource_id' => $ph[0]['resource-id'], '$capt_label' => t('Caption'), '$caption' => $caption_e, '$tag_label' => t('Add a Tag'), '$tags' => $link_item['tag'], '$permissions' => t('Permissions'), '$aclselect' => $aclselect_e, '$help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com, #California, #camping'), '$item_id' => count($linked_items) ? $link_item['id'] : 0, '$submit' => t('Submit'), '$delete' => t('Delete Photo'), '$acl_data' => construct_acl_data($a, $ph[0]), '$group_perms' => t('Show to Groups'), '$contact_perms' => t('Show to Contacts'), '$private' => t('Private photo'), '$public' => t('Public photo'), '$is_private' => $private_post, '$return_path' => $query_str, '$public_link' => $public_post_link)); } if (count($linked_items)) { $cmnt_tpl = get_markup_template('comment_item.tpl'); $tpl = get_markup_template('photo_item.tpl'); $return_url = $a->cmd; $like_tpl = get_markup_template('like_noshare.tpl'); $likebuttons = ''; if ($can_post || can_write_wall($a, $owner_uid)) { $likebuttons = replace_macros($like_tpl, array('$id' => $link_item['id'], '$likethis' => t("I like this (toggle)"), '$nolike' => feature_enabled(local_user(), 'dislike') ? t("I don't like this (toggle)") : '', '$share' => t('Share'), '$wait' => t('Please wait'), '$return_path' => $a->query_string)); } $comments = ''; if (!count($r)) { if ($can_post || can_write_wall($a, $owner_uid)) { if ($link_item['last-child']) { $comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $contact['url'], '$mytitle' => t('This is you'), '$myphoto' => $contact['thumb'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), '$sourceapp' => t($a->sourcename), '$ww' => '', '$rand_num' => random_digits(12))); } } } $alike = array(); $dlike = array(); $like = ''; $dislike = ''; // display comments if (count($r)) { foreach ($r as $item) { like_puller($a, $item, $alike, 'like'); like_puller($a, $item, $dlike, 'dislike'); } $like = isset($alike[$link_item['id']]) ? format_like($alike[$link_item['id']], $alike[$link_item['id'] . '-l'], 'like', $link_item['id']) : ''; $dislike = isset($dlike[$link_item['id']]) ? format_like($dlike[$link_item['id']], $dlike[$link_item['id'] . '-l'], 'dislike', $link_item['id']) : ''; if ($can_post || can_write_wall($a, $owner_uid)) { if ($link_item['last-child']) { $comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $contact['url'], '$mytitle' => t('This is you'), '$myphoto' => $contact['thumb'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), '$sourceapp' => t($a->sourcename), '$ww' => '', '$rand_num' => random_digits(12))); } } foreach ($r as $item) { $comment = ''; $template = $tpl; $sparkle = ''; if ((activity_match($item['verb'], ACTIVITY_LIKE) || activity_match($item['verb'], ACTIVITY_DISLIKE)) && $item['id'] != $item['parent']) { continue; } $redirect_url = $a->get_baseurl() . '/redir/' . $item['cid']; if (local_user() && $item['contact-uid'] == local_user() && $item['network'] == 'dfrn' && !$item['self']) { $profile_url = $redirect_url; $sparkle = ' sparkle'; } else { $profile_url = $item['url']; $sparkle = ''; } $diff_author = $item['url'] !== $item['author-link'] ? true : false; $profile_name = strlen($item['author-name']) && $diff_author ? $item['author-name'] : $item['name']; $profile_avatar = strlen($item['author-avatar']) && $diff_author ? $item['author-avatar'] : $item['thumb']; $profile_link = $profile_url; $dropping = $item['contact-id'] == $contact_id || $item['uid'] == local_user(); $drop = array('dropping' => $dropping, 'pagedrop' => false, 'select' => t('Select'), 'delete' => t('Delete')); if ($a->theme['template_engine'] === 'internal') { $name_e = template_escape($profile_name); $title_e = template_escape($item['title']); $body_e = template_escape(bbcode($item['body'])); } else { $name_e = $profile_name; $title_e = $item['title']; $body_e = bbcode($item['body']); } $comments .= replace_macros($template, array('$id' => $item['item_id'], '$profile_url' => $profile_link, '$name' => $name_e, '$thumb' => $profile_avatar, '$sparkle' => $sparkle, '$title' => $title_e, '$body' => $body_e, '$ago' => relative_date($item['created']), '$indent' => $item['parent'] != $item['item_id'] ? ' comment' : '', '$drop' => $drop, '$comment' => $comment)); if ($can_post || can_write_wall($a, $owner_uid)) { if ($item['last-child']) { $comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $item['item_id'], '$parent' => $item['parent'], '$profile_uid' => $owner_uid, '$mylink' => $contact['url'], '$mytitle' => t('This is you'), '$myphoto' => $contact['thumb'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), '$sourceapp' => t($a->sourcename), '$ww' => '', '$rand_num' => random_digits(12))); } } } } $paginate = paginate($a); } $photo_tpl = get_markup_template('photo_view.tpl'); if ($a->theme['template_engine'] === 'internal') { $album_e = array($album_link, template_escape($ph[0]['album'])); $tags_e = template_escape($tags); $like_e = template_escape($like); $dislike_e = template_escape($dislike); } else { $album_e = array($album_link, $ph[0]['album']); $tags_e = $tags; $like_e = $like; $dislike_e = $dislike; } $o .= replace_macros($photo_tpl, array('$id' => $ph[0]['id'], '$album' => $album_e, '$tools' => $tools, '$lock' => $lock, '$photo' => $photo, '$prevlink' => $prevlink, '$nextlink' => $nextlink, '$desc' => $ph[0]['desc'], '$tags' => $tags_e, '$edit' => $edit, '$likebuttons' => $likebuttons, '$like' => $like_e, '$dislike' => $dikslike_e, '$comments' => $comments, '$paginate' => $paginate)); $a->page['htmlhead'] .= "\n" . '<meta name="twitter:card" content="photo" />' . "\n"; $a->page['htmlhead'] .= '<meta name="twitter:title" content="' . $photo["album"] . '" />' . "\n"; $a->page['htmlhead'] .= '<meta name="twitter:image" content="' . $photo["href"] . '" />' . "\n"; $a->page['htmlhead'] .= '<meta name="twitter:image:width" content="' . $photo["width"] . '" />' . "\n"; $a->page['htmlhead'] .= '<meta name="twitter:image:height" content="' . $photo["height"] . '" />' . "\n"; return $o; } // Default - show recent photos with upload link (if applicable) //$o = ''; $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' \n\t\t{$sql_extra} GROUP BY `resource-id`", intval($a->data['user']['uid']), dbesc('Contact Photos'), dbesc(t('Contact Photos'))); if (count($r)) { $a->set_pager_total(count($r)); $a->set_pager_itemspage(20); } $r = q("SELECT `resource-id`, `id`, `filename`, type, `album`, max(`scale`) AS `scale` FROM `photo`\n\t\tWHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' \n\t\t{$sql_extra} GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d", intval($a->data['user']['uid']), dbesc('Contact Photos'), dbesc(t('Contact Photos')), intval($a->pager['start']), intval($a->pager['itemspage'])); $photos = array(); if (count($r)) { $twist = 'rotright'; foreach ($r as $rr) { if ($twist == 'rotright') { $twist = 'rotleft'; } else { $twist = 'rotright'; } $ext = $phototypes[$rr['type']]; if ($a->theme['template_engine'] === 'internal') { $alt_e = template_escape($rr['filename']); $name_e = template_escape($rr['album']); } else { $alt_e = $rr['filename']; $name_e = $rr['album']; } $photos[] = array('id' => $rr['id'], 'twist' => ' ' . $twist . rand(2, 4), 'link' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $rr['resource-id'], 'title' => t('View Photo'), 'src' => $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . ($rr['scale'] == 6 ? 4 : $rr['scale']) . '.' . $ext, 'alt' => $alt_e, 'album' => array('link' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($rr['album']), 'name' => $name_e, 'alt' => t('View Album'))); } } $tpl = get_markup_template('photos_recent.tpl'); $o .= replace_macros($tpl, array('$title' => t('Recent Photos'), '$can_post' => $can_post, '$upload' => array(t('Upload New Photos'), $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/upload'), '$photos' => $photos)); $o .= paginate($a); return $o; }
/** * @brief * * @param array $sender * @param array $arr * @param array $deliveries * @return array */ function process_channel_sync_delivery($sender, $arr, $deliveries) { require_once 'include/import.php'; /** @FIXME this will sync red structures (channel, pconfig and abook). Eventually we need to make this application agnostic. */ $result = array(); foreach ($deliveries as $d) { $r = q("select * from channel where channel_hash = '%s' limit 1", dbesc($d['hash'])); if (!$r) { $result[] = array($d['hash'], 'not found'); continue; } $channel = $r[0]; $max_friends = service_class_fetch($channel['channel_id'], 'total_channels'); $max_feeds = account_service_class_fetch($channel['channel_account_id'], 'total_feeds'); if ($channel['channel_hash'] != $sender['hash']) { logger('process_channel_sync_delivery: possible forgery. Sender ' . $sender['hash'] . ' is not ' . $channel['channel_hash']); $result[] = array($d['hash'], 'channel mismatch', $channel['channel_name'], ''); continue; } if (array_key_exists('config', $arr) && is_array($arr['config']) && count($arr['config'])) { foreach ($arr['config'] as $cat => $k) { foreach ($arr['config'][$cat] as $k => $v) { set_pconfig($channel['channel_id'], $cat, $k, $v); } } } if (array_key_exists('obj', $arr) && $arr['obj']) { sync_objs($channel, $arr['obj']); } if (array_key_exists('likes', $arr) && $arr['likes']) { import_likes($channel, $arr['likes']); } if (array_key_exists('app', $arr) && $arr['app']) { sync_apps($channel, $arr['app']); } if (array_key_exists('chatroom', $arr) && $arr['chatroom']) { sync_chatrooms($channel, $arr['chatroom']); } if (array_key_exists('conv', $arr) && $arr['conv']) { import_conv($channel, $arr['conv']); } if (array_key_exists('mail', $arr) && $arr['mail']) { import_mail($channel, $arr['mail']); } if (array_key_exists('event', $arr) && $arr['event']) { sync_events($channel, $arr['event']); } if (array_key_exists('event_item', $arr) && $arr['event_item']) { sync_items($channel, $arr['event_item']); } if (array_key_exists('item', $arr) && $arr['item']) { sync_items($channel, $arr['item']); } if (array_key_exists('item_id', $arr) && $arr['item_id']) { sync_items($channel, $arr['item_id']); } if (array_key_exists('menu', $arr) && $arr['menu']) { sync_menus($channel, $arr['menu']); } if (array_key_exists('channel', $arr) && is_array($arr['channel']) && count($arr['channel'])) { if (array_key_exists('channel_pageflags', $arr['channel']) && intval($arr['channel']['channel_pageflags'])) { // These flags cannot be sync'd. // remove the bits from the incoming flags. // These correspond to PAGE_REMOVED and PAGE_SYSTEM on redmatrix if ($arr['channel']['channel_pageflags'] & 0x8000) { $arr['channel']['channel_pageflags'] = $arr['channel']['channel_pageflags'] - 0x8000; } if ($arr['channel']['channel_pageflags'] & 0x1000) { $arr['channel']['channel_pageflags'] = $arr['channel']['channel_pageflags'] - 0x1000; } } $disallowed = array('channel_id', 'channel_account_id', 'channel_primary', 'channel_prvkey', 'channel_address', 'channel_notifyflags', 'channel_removed', 'channel_deleted', 'channel_system'); $clean = array(); foreach ($arr['channel'] as $k => $v) { if (in_array($k, $disallowed)) { continue; } $clean[$k] = $v; } if (count($clean)) { foreach ($clean as $k => $v) { $r = dbq("UPDATE channel set " . dbesc($k) . " = '" . dbesc($v) . "' where channel_id = " . intval($channel['channel_id'])); } } } if (array_key_exists('abook', $arr) && is_array($arr['abook']) && count($arr['abook'])) { $total_friends = 0; $total_feeds = 0; $r = q("select abook_id, abook_feed from abook where abook_channel = %d", intval($channel['channel_id'])); if ($r) { // don't count yourself $total_friends = count($r) > 0 ? count($r) - 1 : 0; foreach ($r as $rr) { if (intval($rr['abook_feed'])) { $total_feeds++; } } } $disallowed = array('abook_id', 'abook_account', 'abook_channel', 'abook_rating', 'abook_rating_text'); foreach ($arr['abook'] as $abook) { if (!array_key_exists('abook_blocked', $abook)) { // convert from redmatrix $abook['abook_blocked'] = $abook['abook_flags'] & 0x1 ? 1 : 0; $abook['abook_ignored'] = $abook['abook_flags'] & 0x2 ? 1 : 0; $abook['abook_hidden'] = $abook['abook_flags'] & 0x4 ? 1 : 0; $abook['abook_archived'] = $abook['abook_flags'] & 0x8 ? 1 : 0; $abook['abook_pending'] = $abook['abook_flags'] & 0x10 ? 1 : 0; $abook['abook_unconnected'] = $abook['abook_flags'] & 0x20 ? 1 : 0; $abook['abook_self'] = $abook['abook_flags'] & 0x80 ? 1 : 0; $abook['abook_feed'] = $abook['abook_flags'] & 0x100 ? 1 : 0; } $clean = array(); if ($abook['abook_xchan'] && $abook['entry_deleted']) { logger('process_channel_sync_delivery: removing abook entry for ' . $abook['abook_xchan']); require_once 'include/Contact.php'; $r = q("select abook_id, abook_feed from abook where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 limit 1", dbesc($abook['abook_xchan']), intval($channel['channel_id'])); if ($r) { contact_remove($channel['channel_id'], $r[0]['abook_id']); if ($total_friends) { $total_friends--; } if (intval($r[0]['abook_feed'])) { $total_feeds--; } } continue; } // Perform discovery if the referenced xchan hasn't ever been seen on this hub. // This relies on the undocumented behaviour that red sites send xchan info with the abook // and import_author_xchan will look them up on all federated networks if ($abook['abook_xchan'] && $abook['xchan_addr']) { $h = zot_get_hublocs($abook['abook_xchan']); if (!$h) { $xhash = import_author_xchan(encode_item_xchan($abook)); if (!$xhash) { logger('process_channel_sync_delivery: import of ' . $abook['xchan_addr'] . ' failed.'); continue; } } } foreach ($abook as $k => $v) { if (in_array($k, $disallowed) || strpos($k, 'abook') !== 0) { continue; } $clean[$k] = $v; } if (!array_key_exists('abook_xchan', $clean)) { continue; } $r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($clean['abook_xchan']), intval($channel['channel_id'])); // make sure we have an abook entry for this xchan on this system if (!$r) { if ($max_friends !== false && $total_friends > $max_friends) { logger('process_channel_sync_delivery: total_channels service class limit exceeded'); continue; } if ($max_feeds !== false && intval($clean['abook_feed']) && $total_feeds > $max_feeds) { logger('process_channel_sync_delivery: total_feeds service class limit exceeded'); continue; } q("insert into abook ( abook_xchan, abook_channel ) values ('%s', %d ) ", dbesc($clean['abook_xchan']), intval($channel['channel_id'])); $total_friends++; if (intval($clean['abook_feed'])) { $total_feeds++; } } if (count($clean)) { foreach ($clean as $k => $v) { if ($k == 'abook_dob') { $v = dbescdate($v); } $r = dbq("UPDATE abook set " . dbesc($k) . " = '" . dbesc($v) . "' where abook_xchan = '" . dbesc($clean['abook_xchan']) . "' and abook_channel = " . intval($channel['channel_id'])); } } } } // sync collections (privacy groups) oh joy... if (array_key_exists('collections', $arr) && is_array($arr['collections']) && count($arr['collections'])) { $x = q("select * from groups where uid = %d", intval($channel['channel_id'])); foreach ($arr['collections'] as $cl) { $found = false; if ($x) { foreach ($x as $y) { if ($cl['collection'] == $y['hash']) { $found = true; break; } } if ($found) { if ($y['name'] != $cl['name'] || $y['visible'] != $cl['visible'] || $y['deleted'] != $cl['deleted']) { q("update groups set name = '%s', visible = %d, deleted = %d where hash = '%s' and uid = %d", dbesc($cl['name']), intval($cl['visible']), intval($cl['deleted']), dbesc($cl['hash']), intval($channel['channel_id'])); } if (intval($cl['deleted']) && !intval($y['deleted'])) { q("delete from group_member where gid = %d", intval($y['id'])); } } } if (!$found) { $r = q("INSERT INTO `groups` ( hash, uid, visible, deleted, name )\n\t\t\t\t\t\tVALUES( '%s', %d, %d, %d, '%s' ) ", dbesc($cl['collection']), intval($channel['channel_id']), intval($cl['visible']), intval($cl['deleted']), dbesc($cl['name'])); } // now look for any collections locally which weren't in the list we just received. // They need to be removed by marking deleted and removing the members. // This shouldn't happen except for clones created before this function was written. if ($x) { $found_local = false; foreach ($x as $y) { foreach ($arr['collections'] as $cl) { if ($cl['collection'] == $y['hash']) { $found_local = true; break; } } if (!$found_local) { q("delete from group_member where gid = %d", intval($y['id'])); q("update groups set deleted = 1 where id = %d and uid = %d", intval($y['id']), intval($channel['channel_id'])); } } } } // reload the group list with any updates $x = q("select * from groups where uid = %d", intval($channel['channel_id'])); // now sync the members if (array_key_exists('collection_members', $arr) && is_array($arr['collection_members']) && count($arr['collection_members'])) { // first sort into groups keyed by the group hash $members = array(); foreach ($arr['collection_members'] as $cm) { if (!array_key_exists($cm['collection'], $members)) { $members[$cm['collection']] = array(); } $members[$cm['collection']][] = $cm['member']; } // our group list is already synchronised if ($x) { foreach ($x as $y) { // for each group, loop on members list we just received foreach ($members[$y['hash']] as $member) { $found = false; $z = q("select xchan from group_member where gid = %d and uid = %d and xchan = '%s' limit 1", intval($y['id']), intval($channel['channel_id']), dbesc($member)); if ($z) { $found = true; } // if somebody is in the group that wasn't before - add them if (!$found) { q("INSERT INTO `group_member` (`uid`, `gid`, `xchan`)\n\t\t\t\t\t\t\t\t\tVALUES( %d, %d, '%s' ) ", intval($channel['channel_id']), intval($y['id']), dbesc($member)); } } // now retrieve a list of members we have on this site $m = q("select xchan from group_member where gid = %d and uid = %d", intval($y['id']), intval($channel['channel_id'])); if ($m) { foreach ($m as $mm) { // if the local existing member isn't in the list we just received - remove them if (!in_array($mm['xchan'], $members[$y['hash']])) { q("delete from group_member where xchan = '%s' and gid = %d and uid = %d", dbesc($mm['xchan']), intval($y['id']), intval($channel['channel_id'])); } } } } } } } if (array_key_exists('profile', $arr) && is_array($arr['profile']) && count($arr['profile'])) { $disallowed = array('id', 'aid', 'uid'); foreach ($arr['profile'] as $profile) { $x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1", dbesc($profile['profile_guid']), intval($channel['channel_id'])); if (!$x) { q("insert into profile ( profile_guid, aid, uid ) values ('%s', %d, %d)", dbesc($profile['profile_guid']), intval($channel['channel_account_id']), intval($channel['channel_id'])); $x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1", dbesc($profile['profile_guid']), intval($channel['channel_id'])); if (!$x) { continue; } } $clean = array(); foreach ($profile as $k => $v) { if (in_array($k, $disallowed)) { continue; } $clean[$k] = $v; /** * @TODO check if these are allowed, otherwise we'll error * We also need to import local photos if a custom photo is selected */ } if (count($clean)) { foreach ($clean as $k => $v) { $r = dbq("UPDATE profile set `" . dbesc($k) . "` = '" . dbesc($v) . "' where profile_guid = '" . dbesc($profile['profile_guid']) . "' and uid = " . intval($channel['channel_id'])); } } } } if (array_key_exists('item', $arr) && $arr['item']) { sync_items($channel, $arr['item']); } if (array_key_exists('item_id', $arr) && $arr['item_id']) { sync_items($channel, $arr['item_id']); } $addon = array('channel' => $channel, 'data' => $arr); call_hooks('process_channel_sync_delivery', $addon); // we should probably do this for all items, but usually we only send one. require_once 'include/DReport.php'; if (array_key_exists('item', $arr) && is_array($arr['item'][0])) { $DR = new DReport(z_root(), $d['hash'], $d['hash'], $arr['item'][0]['message_id'], 'channel sync processed'); $DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>'); } else { $DR = new DReport(z_root(), $d['hash'], $d['hash'], 'sync packet', 'channel sync delivered'); } $result[] = $DR->get(); } return $result; }
function manage_content(&$a) { if (!get_account_id()) { notice(t('Permission denied.') . EOL); return; } require_once 'include/security.php'; $change_channel = argc() > 1 ? intval(argv(1)) : 0; if (argc() > 2 && argv(2) === 'default') { $r = q("select channel_id from channel where channel_id = %d and channel_account_id = %d limit 1", intval($change_channel), intval(get_account_id())); if ($r) { q("update account set account_default_channel = %d where account_id = %d limit 1", intval($change_channel), intval(get_account_id())); } goaway(z_root() . '/manage'); } if ($change_channel) { $r = change_channel($change_channel); if ($r && $r['channel_startpage']) { goaway(z_root() . '/' . $r['channel_startpage']); } goaway(z_root()); } $channels = null; if (local_user()) { $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and not ( channel_pageflags & %d ) order by channel_name ", intval(get_account_id()), intval(PAGE_REMOVED)); $selected_channel = null; $account = get_app()->get_account(); if ($r && count($r)) { $channels = $r; for ($x = 0; $x < count($channels); $x++) { $channels[$x]['link'] = 'manage/' . intval($channels[$x]['channel_id']); if ($channels[$x]['channel_id'] == local_user()) { $selected_channel = $channels[$x]; } $channels[$x]['default'] = $channels[$x]['channel_id'] == $account['account_default_channel'] ? "1" : ''; $channels[$x]['default_links'] = '1'; $c = q("SELECT id, item_restrict, item_flags FROM item\n\t\t\t\t\tWHERE (item_restrict = %d) and ( item_flags & %d ) and uid = %d", intval(ITEM_VISIBLE), intval(ITEM_UNSEEN), intval($channels[$x]['channel_id'])); if ($c) { foreach ($c as $it) { if ($it['item_flags'] & ITEM_WALL) { $channels[$x]['home']++; } else { $channels[$x]['network']++; } } } $intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) and not ((abook_flags & %d) or (xchan_flags & %d))", intval($channels[$x]['channel_id']), intval(ABOOK_FLAG_PENDING), intval(ABOOK_FLAG_SELF | ABOOK_FLAG_IGNORED), intval(XCHAN_FLAGS_DELETED | XCHAN_FLAGS_ORPHAN)); if ($intr) { $channels[$x]['intros'] = intval($intr[0]['total']); } $mails = q("SELECT count(id) as total from mail WHERE channel_id = %d AND not (mail_flags & %d) and from_xchan != '%s' ", intval($channels[$x]['channel_id']), intval(MAIL_SEEN), dbesc($channels[$x]['channel_hash'])); if ($mails) { $channels[$x]['mail'] = intval($mails[0]['total']); } $events = q("SELECT type, start, adjust FROM `event`\n\t\t\t\t\tWHERE `event`.`uid` = %d AND start < '%s' AND start > '%s' and `ignore` = 0\n\t\t\t\t\tORDER BY `start` ASC ", intval($channels[$x]['channel_id']), dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now + 7 days')), dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now - 1 days'))); if ($events) { $channels[$x]['all_events'] = count($events); if ($channels[$x]['all_events']) { $str_now = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y-m-d'); foreach ($events as $e) { $bd = false; if ($e['type'] === 'birthday') { $channels[$x]['birthdays']++; $bd = true; } else { $channels[$x]['events']++; } if (datetime_convert('UTC', intval($e['adjust']) ? date_default_timezone_get() : 'UTC', $e['start'], 'Y-m-d') === $str_now) { $channels[$x]['all_events_today']++; if ($bd) { $channels[$x]['birthdays_today']++; } else { $channels[$x]['events_today']++; } } } } } } } $r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d )", intval(get_account_id()), intval(PAGE_REMOVED)); $limit = service_class_fetch(local_user(), 'total_identities'); if ($limit !== false) { $channel_usage_message = sprintf(t("You have created %1\$.0f of %2\$.0f allowed channels."), $r[0]['total'], $limit); } else { $channel_usage_message = ''; } } $links = array(array('new_channel', t('Create a new channel'), t('Create a new channel'))); $o = replace_macros(get_markup_template('channels.tpl'), array('$header' => t('Channel Manager'), '$msg_selected' => t('Current Channel'), '$selected' => $selected_channel, '$desc' => t('Attach to one of your channels by selecting it.'), '$msg_default' => t('Default Channel'), '$msg_make_default' => t('Make Default'), '$links' => $links, '$all_channels' => $channels, '$channel_usage_message' => $channel_usage_message)); return $o; }
function widget_follow($args) { if (!local_user()) { return ''; } $a = get_app(); $uid = $a->channel['channel_id']; $r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d) ", intval($uid), intval(ABOOK_FLAG_SELF)); if ($r) { $total_channels = $r[0]['total']; } $limit = service_class_fetch($uid, 'total_channels'); if ($limit !== false) { $abook_usage_message = sprintf(t("You have %1\$.0f of %2\$.0f allowed connections."), $total_channels, $limit); } else { $abook_usage_message = ''; } return replace_macros(get_markup_template('follow.tpl'), array('$connect' => t('Add New Connection'), '$desc' => t('Enter the channel address'), '$hint' => t('Example: bob@example.com, http://example.com/barbara'), '$follow' => t('Connect'), '$abook_usage_message' => $abook_usage_message)); }
/** * @brief * * @param array $channel * @param array $observer * @param array $args * @return array */ function photo_upload($channel, $observer, $args) { $ret = array('success' => false); $channel_id = $channel['channel_id']; $account_id = $channel['channel_account_id']; if (!perm_is_allowed($channel_id, $observer['xchan_hash'], 'write_storage')) { $ret['message'] = t('Permission denied.'); return $ret; } // call_hooks('photo_upload_begin', $args); /* * Determine the album to use */ $album = $args['album']; if (intval($args['visible']) || $args['visible'] === 'true') { $visible = 1; } else { $visible = 0; } // Set to default channel permissions. If the parent directory (album) has permissions set, // use those instead. If we have specific permissions supplied, they take precedence over // all other settings. 'allow_cid' being passed from an external source takes priority over channel settings. // ...messy... needs re-factoring once the photos/files integration stabilises $acl = new AccessList($channel); if (array_key_exists('directory', $args) && $args['directory']) { $acl->set($args['directory']); } if (array_key_exists('allow_cid', $args)) { $acl->set($args); } if (array_key_exists('group_allow', $args) || array_key_exists('contact_allow', $args) || array_key_exists('group_deny', $args) || array_key_exists('contact_deny', $args)) { $acl->set_from_array($args); } $ac = $acl->get(); $os_storage = 0; if ($args['os_path'] && $args['getimagesize']) { $imagedata = @file_get_contents($args['os_path']); $filename = $args['filename']; $filesize = strlen($imagedata); // this is going to be deleted if it exists $src = '/tmp/deletemenow'; $type = $args['getimagesize']['mime']; $os_storage = 1; } elseif ($args['data']) { // allow an import from a binary string representing the image. // This bypasses the upload step and max size limit checking $imagedata = $args['data']; $filename = $args['filename']; $filesize = strlen($imagedata); // this is going to be deleted if it exists $src = '/tmp/deletemenow'; $type = $args['type']; } else { $f = array('src' => '', 'filename' => '', 'filesize' => 0, 'type' => ''); // call_hooks('photo_upload_file',$f); if (x($f, 'src') && x($f, 'filesize')) { $src = $f['src']; $filename = $f['filename']; $filesize = $f['filesize']; $type = $f['type']; } else { $src = $_FILES['userfile']['tmp_name']; $filename = basename($_FILES['userfile']['name']); $filesize = intval($_FILES['userfile']['size']); $type = $_FILES['userfile']['type']; } if (!$type) { $type = guess_image_type($filename); } logger('photo_upload: received file: ' . $filename . ' as ' . $src . ' (' . $type . ') ' . $filesize . ' bytes', LOGGER_DEBUG); $maximagesize = get_config('system', 'maximagesize'); if ($maximagesize && $filesize > $maximagesize) { $ret['message'] = sprintf(t('Image exceeds website size limit of %lu bytes'), $maximagesize); @unlink($src); call_hooks('photo_upload_end', $ret); return $ret; } if (!$filesize) { $ret['message'] = t('Image file is empty.'); @unlink($src); call_hooks('photo_post_end', $ret); return $ret; } logger('photo_upload: loading the contents of ' . $src, LOGGER_DEBUG); $imagedata = @file_get_contents($src); } $r = q("select sum(size) as total from photo where aid = %d and scale = 0 ", intval($account_id)); $limit = service_class_fetch($channel_id, 'photo_upload_limit'); if ($r && $limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) { $ret['message'] = upgrade_message(); @unlink($src); call_hooks('photo_post_end', $ret); return $ret; } $ph = photo_factory($imagedata, $type); if (!$ph->is_valid()) { $ret['message'] = t('Unable to process image'); logger('photo_upload: unable to process image'); @unlink($src); call_hooks('photo_upload_end', $ret); return $ret; } $exif = $ph->orient($args['os_path'] ? $args['os_path'] : $src); @unlink($src); $max_length = get_config('system', 'max_image_length'); if (!$max_length) { $max_length = MAX_IMAGE_LENGTH; } if ($max_length > 0) { $ph->scaleImage($max_length); } $width = $ph->getWidth(); $height = $ph->getHeight(); $smallest = 0; $photo_hash = $args['resource_id'] ? $args['resource_id'] : photo_new_resource(); $visitor = ''; if ($channel['channel_hash'] !== $observer['xchan_hash']) { $visitor = $observer['xchan_hash']; } $errors = false; $p = array('aid' => $account_id, 'uid' => $channel_id, 'xchan' => $visitor, 'resource_id' => $photo_hash, 'filename' => $filename, 'album' => $album, 'scale' => 0, 'photo_usage' => PHOTO_NORMAL, 'allow_cid' => $ac['allow_cid'], 'allow_gid' => $ac['allow_gid'], 'deny_cid' => $ac['deny_cid'], 'deny_gid' => $ac['deny_gid'], 'os_storage' => $os_storage, 'os_path' => $args['os_path']); if ($args['created']) { $p['created'] = $args['created']; } if ($args['edited']) { $p['edited'] = $args['edited']; } if ($args['title']) { $p['title'] = $args['title']; } if ($args['description']) { $p['description'] = $args['description']; } $r1 = $ph->save($p); if (!$r1) { $errors = true; } unset($p['os_storage']); unset($p['os_path']); if (($width > 640 || $height > 640) && !$errors) { $ph->scaleImage(640); $p['scale'] = 1; $r2 = $ph->save($p); $smallest = 1; if (!$r2) { $errors = true; } } if (($width > 320 || $height > 320) && !$errors) { $ph->scaleImage(320); $p['scale'] = 2; $r3 = $ph->save($p); $smallest = 2; if (!$r3) { $errors = true; } } if ($errors) { q("delete from photo where resource_id = '%s' and uid = %d", dbesc($photo_hash), intval($channel_id)); $ret['message'] = t('Photo storage failed.'); logger('photo_upload: photo store failed.'); call_hooks('photo_upload_end', $ret); return $ret; } // This will be the width and height of the smallest representation $width_x_height = $ph->getWidth() . 'x' . $ph->getHeight(); // Create item container $item_hidden = $visible ? 0 : 1; $lat = $lon = null; if ($exif && $exif['GPS']) { if (feature_enabled($channel_id, 'photo_location')) { $lat = getGps($exif['GPS']['GPSLatitude'], $exif['GPS']['GPSLatitudeRef']); $lon = getGps($exif['GPS']['GPSLongitude'], $exif['GPS']['GPSLongitudeRef']); } } if ($args['item']) { foreach ($args['item'] as $i) { $item = get_item_elements($i); $force = false; if ($item['mid'] === $item['parent_mid']) { $item['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . $tag . z_root() . "/photo/{$photo_hash}-{$smallest}." . $ph->getExt() . '[/zmg]' . '[/zrl]'; if ($item['author_xchan'] === $channel['channel_hash']) { $item['sig'] = base64url_encode(rsa_sign($item['body'], $channel['channel_prvkey'])); $item['item_verified'] = 1; } else { $item['sig'] = ''; } $force = true; } $r = q("select id, edited from item where mid = '%s' and uid = %d limit 1", dbesc($item['mid']), intval($channel['channel_id'])); if ($r) { if ($item['edited'] > $r[0]['edited'] || $force) { $item['id'] = $r[0]['id']; $item['uid'] = $channel['channel_id']; item_store_update($item); continue; } } else { $item['aid'] = $channel['channel_account_id']; $item['uid'] = $channel['channel_id']; $item_result = item_store($item); } } } else { $title = ''; $mid = item_message_id(); $arr = array(); if ($lat && $lon) { $arr['coord'] = $lat . ' ' . $lon; } $arr['aid'] = $account_id; $arr['uid'] = $channel_id; $arr['mid'] = $mid; $arr['parent_mid'] = $mid; $arr['item_hidden'] = $item_hidden; $arr['resource_type'] = 'photo'; $arr['resource_id'] = $photo_hash; $arr['owner_xchan'] = $channel['channel_hash']; $arr['author_xchan'] = $observer['xchan_hash']; $arr['title'] = $title; $arr['allow_cid'] = $ac['allow_cid']; $arr['allow_gid'] = $ac['allow_gid']; $arr['deny_cid'] = $ac['deny_cid']; $arr['deny_gid'] = $ac['deny_gid']; $arr['verb'] = ACTIVITY_POST; $arr['item_wall'] = 1; $arr['item_origin'] = 1; $arr['item_thread_top'] = 1; $arr['item_private'] = intval($acl->is_private()); $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid']; // We should also put a width_x_height on large photos. Left as an exercise for // devs looking for simple stuff to fix. $larger = feature_enabled($channel['channel_id'], 'large_photos'); if ($larger) { $tag = '[zmg]'; if ($r2) { $smallest = 1; } else { $smallest = 0; } } else { if ($width_x_height) { $tag = '[zmg=' . $width_x_height . ']'; } else { $tag = '[zmg]'; } } $arr['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . $tag . z_root() . "/photo/{$photo_hash}-{$smallest}." . $ph->getExt() . '[/zmg]' . '[/zrl]'; $result = item_store($arr); $item_id = $result['item_id']; if ($visible) { proc_run('php', "include/notifier.php", 'wall-new', $item_id); } } $ret['success'] = true; $ret['item'] = $arr; $ret['body'] = $arr['body']; $ret['resource_id'] = $photo_hash; $ret['photoitem_id'] = $item_id; call_hooks('photo_upload_end', $ret); return $ret; }