Exemplo n.º 1
0
function atoken_xchan($atoken)
{
    $c = channelx_by_n($atoken['atoken_uid']);
    if ($c) {
        return ['atoken_id' => $atoken['atoken_id'], 'xchan_hash' => substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_name'], 'xchan_name' => $atoken['atoken_name'], 'xchan_addr' => t('guest:') . $atoken['atoken_name'] . '@' . \App::get_hostname(), 'xchan_network' => 'unknown', 'xchan_url' => z_root(), 'xchan_hidden' => 1, 'xchan_photo_mimetype' => 'image/jpeg', 'xchan_photo_l' => get_default_profile_photo(300), 'xchan_photo_m' => get_default_profile_photo(80), 'xchan_photo_s' => get_default_profile_photo(48)];
    }
    return null;
}
Exemplo n.º 2
0
function import_xchan_photo($photo, $xchan, $thing = false)
{
    $flags = $thing ? PHOTO_THING : PHOTO_XCHAN;
    $album = $thing ? 'Things' : 'Contact Photos';
    logger('import_xchan_photo: updating channel photo from ' . $photo . ' for ' . $xchan, LOGGER_DEBUG);
    if ($thing) {
        $hash = photo_new_resource();
    } else {
        $r = q("select resource_id from photo where xchan = '%s' and photo_usage = %d and imgscale = 4 limit 1", dbesc($xchan), intval(PHOTO_XCHAN));
        if ($r) {
            $hash = $r[0]['resource_id'];
        } else {
            $hash = photo_new_resource();
        }
    }
    $photo_failure = false;
    $img_str = '';
    if ($photo) {
        $filename = basename($photo);
        $result = z_fetch_url($photo, true);
        if ($result['success']) {
            $img_str = $result['body'];
            $type = guess_image_type($photo, $result['header']);
            $h = explode("\n", $result['header']);
            if ($h) {
                foreach ($h as $hl) {
                    if (stristr($hl, 'content-type:')) {
                        if (!stristr($hl, 'image/')) {
                            $photo_failure = true;
                        }
                    }
                }
            }
        }
    } else {
        $photo_failure = true;
    }
    if (!$photo_failure) {
        $img = photo_factory($img_str, $type);
        if ($img->is_valid()) {
            $width = $img->getWidth();
            $height = $img->getHeight();
            if ($width && $height) {
                if ($width / $height > 1.2) {
                    // crop out the sides
                    $margin = $width - $height;
                    $img->cropImage(300, $margin / 2, 0, $height, $height);
                } elseif ($height / $width > 1.2) {
                    // crop out the bottom
                    $margin = $height - $width;
                    $img->cropImage(300, 0, 0, $width, $width);
                } else {
                    $img->scaleImageSquare(300);
                }
            } else {
                $photo_failure = true;
            }
            $p = array('xchan' => $xchan, 'resource_id' => $hash, 'filename' => basename($photo), 'album' => $album, 'photo_usage' => $flags, 'imgscale' => 4);
            $r = $img->save($p);
            if ($r === false) {
                $photo_failure = true;
            }
            $img->scaleImage(80);
            $p['imgscale'] = 5;
            $r = $img->save($p);
            if ($r === false) {
                $photo_failure = true;
            }
            $img->scaleImage(48);
            $p['imgscale'] = 6;
            $r = $img->save($p);
            if ($r === false) {
                $photo_failure = true;
            }
            $photo = z_root() . '/photo/' . $hash . '-4';
            $thumb = z_root() . '/photo/' . $hash . '-5';
            $micro = z_root() . '/photo/' . $hash . '-6';
        } else {
            logger('import_xchan_photo: invalid image from ' . $photo);
            $photo_failure = true;
        }
    }
    if ($photo_failure) {
        $photo = z_root() . '/' . get_default_profile_photo();
        $thumb = z_root() . '/' . get_default_profile_photo(80);
        $micro = z_root() . '/' . get_default_profile_photo(48);
        $type = 'image/png';
    }
    return array($photo, $thumb, $micro, $type, $photo_failure);
}
Exemplo n.º 3
0
 function get()
 {
     $noid = get_config('system', 'disable_openid');
     if ($noid) {
         goaway(z_root());
     }
     logger('mod_openid ' . print_r($_REQUEST, true), LOGGER_DATA);
     if (x($_REQUEST, 'openid_mode')) {
         $openid = new LightOpenID(z_root());
         if ($openid->validate()) {
             logger('openid: validate');
             $authid = normalise_openid($_REQUEST['openid_identity']);
             if (!strlen($authid)) {
                 logger(t('OpenID protocol error. No ID returned.') . EOL);
                 goaway(z_root());
             }
             $x = match_openid($authid);
             if ($x) {
                 $r = q("select * from channel where channel_id = %d limit 1", intval($x));
                 if ($r) {
                     $y = q("select * from account where account_id = %d limit 1", intval($r[0]['channel_account_id']));
                     if ($y) {
                         foreach ($y as $record) {
                             if ($record['account_flags'] == ACCOUNT_OK || $record['account_flags'] == ACCOUNT_UNVERIFIED) {
                                 logger('mod_openid: openid success for ' . $x[0]['channel_name']);
                                 $_SESSION['uid'] = $r[0]['channel_id'];
                                 $_SESSION['account_id'] = $r[0]['channel_account_id'];
                                 $_SESSION['authenticated'] = true;
                                 authenticate_success($record, $r[0], true, true, true, true);
                                 goaway(z_root());
                             }
                         }
                     }
                 }
             }
             // Successful OpenID login - but we can't match it to an existing account.
             // See if they've got an xchan
             $r = q("select * from xconfig left join xchan on xchan_hash = xconfig.xchan where cat = 'system' and k = 'openid' and v = '%s' limit 1", dbesc($authid));
             if ($r) {
                 $_SESSION['authenticated'] = 1;
                 $_SESSION['visitor_id'] = $r[0]['xchan_hash'];
                 $_SESSION['my_url'] = $r[0]['xchan_url'];
                 $_SESSION['my_address'] = $r[0]['xchan_addr'];
                 $arr = array('xchan' => $r[0], 'session' => $_SESSION);
                 call_hooks('magic_auth_openid_success', $arr);
                 \App::set_observer($r[0]);
                 require_once 'include/security.php';
                 \App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
                 info(sprintf(t('Welcome %s. Remote authentication successful.'), $r[0]['xchan_name']));
                 logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']);
                 if ($_SESSION['return_url']) {
                     goaway($_SESSION['return_url']);
                 }
                 goaway(z_root());
             }
             // no xchan...
             // create one.
             // We should probably probe the openid url and figure out if they have any kind of
             // social presence we might be able to scrape some identifying info from.
             $name = $authid;
             $url = trim($_REQUEST['openid_identity'], '/');
             if (strpos($url, 'http') === false) {
                 $url = 'https://' . $url;
             }
             $pphoto = z_root() . '/' . get_default_profile_photo();
             $parsed = @parse_url($url);
             if ($parsed) {
                 $host = $parsed['host'];
             }
             $attr = $openid->getAttributes();
             if (is_array($attr) && count($attr)) {
                 foreach ($attr as $k => $v) {
                     if ($k === 'namePerson/friendly') {
                         $nick = notags(trim($v));
                     }
                     if ($k === 'namePerson/first') {
                         $first = notags(trim($v));
                     }
                     if ($k === 'namePerson') {
                         $name = notags(trim($v));
                     }
                     if ($k === 'contact/email') {
                         $addr = notags(trim($v));
                     }
                     if ($k === 'media/image/aspect11') {
                         $photosq = trim($v);
                     }
                     if ($k === 'media/image/default') {
                         $photo_other = trim($v);
                     }
                 }
             }
             if (!$nick) {
                 if ($first) {
                     $nick = $first;
                 } else {
                     $nick = $name;
                 }
             }
             require_once 'library/urlify/URLify.php';
             $x = strtolower(\URLify::transliterate($nick));
             if ($nick & $host) {
                 $addr = $nick . '@' . $host;
             }
             $network = 'unknown';
             if ($photosq) {
                 $pphoto = $photosq;
             } elseif ($photo_other) {
                 $pphoto = $photo_other;
             }
             $mimetype = guess_image_type($pphoto);
             $x = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_mimetype,\n\t                xchan_photo_l, xchan_addr, xchan_url, xchan_connurl, xchan_follow, xchan_connpage, xchan_name, xchan_network, xchan_photo_date, \n\t\t\t\t\txchan_name_date, xchan_hidden)\n\t                values ( '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 1) ", dbesc($url), dbesc(''), dbesc(''), dbesc(''), dbesc($mimetype), dbesc($pphoto), dbesc($addr), dbesc($url), dbesc(''), dbesc(''), dbesc(''), dbesc($name), dbesc($network), dbesc(datetime_convert()), dbesc(datetime_convert()));
             if ($x) {
                 $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($url));
                 if ($r) {
                     $photos = import_xchan_photo($pphoto, $url);
                     if ($photos) {
                         $z = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', \n\t\t\t\t\t\t\t\txchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", dbesc(datetime_convert()), dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), dbesc($photos[3]), dbesc($url));
                     }
                     set_xconfig($url, 'system', 'openid', $authid);
                     $_SESSION['authenticated'] = 1;
                     $_SESSION['visitor_id'] = $r[0]['xchan_hash'];
                     $_SESSION['my_url'] = $r[0]['xchan_url'];
                     $_SESSION['my_address'] = $r[0]['xchan_addr'];
                     $arr = array('xchan' => $r[0], 'session' => $_SESSION);
                     call_hooks('magic_auth_openid_success', $arr);
                     \App::set_observer($r[0]);
                     info(sprintf(t('Welcome %s. Remote authentication successful.'), $r[0]['xchan_name']));
                     logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']);
                     if ($_SESSION['return_url']) {
                         goaway($_SESSION['return_url']);
                     }
                     goaway(z_root());
                 }
             }
         }
     }
     notice(t('Login failed.') . EOL);
     goaway(z_root());
     // NOTREACHED
 }
Exemplo n.º 4
0
Arquivo: apps.php Projeto: Mauru/red
function app_update($arr)
{
    $darray = array();
    $ret = array('success' => false);
    $darray['app_url'] = x($arr, 'url') ? $arr['url'] : '';
    $darray['app_channel'] = x($arr, 'uid') ? $arr['uid'] : 0;
    $darray['app_id'] = x($arr, 'guid') ? $arr['guid'] : 0;
    if (!$darray['app_url'] || !$darray['app_channel'] || !$darray['app_id']) {
        return $ret;
    }
    if ($arr['photo'] && !strstr($arr['photo'], z_root())) {
        $x = import_profile_photo($arr['photo'], get_observer_hash(), true);
        $arr['photo'] = $x[1];
    }
    $darray['app_sig'] = x($arr, 'sig') ? $arr['sig'] : '';
    $darray['app_author'] = x($arr, 'author') ? $arr['author'] : get_observer_hash();
    $darray['app_name'] = x($arr, 'name') ? escape_tags($arr['name']) : t('Unknown');
    $darray['app_desc'] = x($arr, 'desc') ? escape_tags($arr['desc']) : '';
    $darray['app_photo'] = x($arr, 'photo') ? $arr['photo'] : z_root() . '/' . get_default_profile_photo(80);
    $darray['app_version'] = x($arr, 'version') ? escape_tags($arr['version']) : '';
    $darray['app_addr'] = x($arr, 'addr') ? escape_tags($arr['addr']) : '';
    $darray['app_price'] = x($arr, 'price') ? escape_tags($arr['price']) : '';
    $darray['app_page'] = x($arr, 'page') ? escape_tags($arr['page']) : '';
    $darray['app_requires'] = x($arr, 'requires') ? escape_tags($arr['requires']) : '';
    $r = q("update app set app_sig = '%s', app_author = '%s', app_name = '%s', app_desc = '%s', app_url = '%s', app_photo = '%s', app_version = '%s', app_addr = '%s', app_price = '%s', app_page = '%s', app_requires = '%s' where app_id = '%s' and app_channel = %d limit 1", dbesc($darray['app_sig']), dbesc($darray['app_author']), dbesc($darray['app_name']), dbesc($darray['app_desc']), dbesc($darray['app_url']), dbesc($darray['app_photo']), dbesc($darray['app_version']), dbesc($darray['app_addr']), dbesc($darray['app_price']), dbesc($darray['app_page']), dbesc($darray['app_requires']), dbesc($darray['app_id']), intval($darray['app_channel']));
    if ($r) {
        $ret['success'] = true;
        $ret['app_id'] = $darray['app_id'];
    }
    return $ret;
}
Exemplo n.º 5
0
function avatar_img($email)
{
    $avatar = array();
    $a = get_app();
    $avatar['size'] = 175;
    $avatar['email'] = $email;
    $avatar['url'] = '';
    $avatar['success'] = false;
    call_hooks('avatar_lookup', $avatar);
    if (!$avatar['success']) {
        $avatar['url'] = $a->get_baseurl() . '/' . get_default_profile_photo();
    }
    logger('Avatar: ' . $avatar['email'] . ' ' . $avatar['url'], LOGGER_DEBUG);
    return $avatar['url'];
}
Exemplo n.º 6
0
 function init()
 {
     $prvcachecontrol = false;
     $streaming = null;
     $channel = null;
     switch (argc()) {
         case 4:
             $person = argv(3);
             $res = argv(2);
             $type = argv(1);
             break;
         case 2:
             $photo = argv(1);
             break;
         case 1:
         default:
             killme();
             // NOTREACHED
     }
     $observer_xchan = get_observer_hash();
     $default = get_default_profile_photo();
     if (isset($type)) {
         /**
          * Profile photos - Access controls on default profile photos are not honoured since they need to be exchanged with remote sites.
          * 
          */
         if ($type === 'profile') {
             switch ($res) {
                 case 'm':
                     $resolution = 5;
                     $default = get_default_profile_photo(80);
                     break;
                 case 's':
                     $resolution = 6;
                     $default = get_default_profile_photo(48);
                     break;
                 case 'l':
                 default:
                     $resolution = 4;
                     break;
             }
         }
         $uid = $person;
         $d = ['imgscale' => $resolution, 'channel_id' => $uid, 'default' => $default, 'data' => '', 'mimetype' => ''];
         call_hooks('get_profile_photo', $d);
         $resolution = $d['imgscale'];
         $uid = $d['channel_id'];
         $default = $d['default'];
         $data = $d['data'];
         $mimetype = $d['mimetype'];
         if (!$data) {
             $r = q("SELECT * FROM photo WHERE imgscale = %d AND uid = %d AND photo_usage = %d LIMIT 1", intval($resolution), intval($uid), intval(PHOTO_PROFILE));
             if ($r) {
                 $data = dbunescbin($r[0]['content']);
                 $mimetype = $r[0]['mimetype'];
             }
             if (intval($r[0]['os_storage'])) {
                 $data = file_get_contents($data);
             }
         }
         if (!$data) {
             $data = file_get_contents($default);
         }
         if (!$mimetype) {
             $mimetype = 'image/png';
         }
     } else {
         /**
          * Other photos
          */
         /* Check for a cookie to indicate display pixel density, in order to detect high-resolution
         			   displays. This procedure was derived from the "Retina Images" by Jeremey Worboys,
         			   used in accordance with the Creative Commons Attribution 3.0 Unported License.
         			   Project link: https://github.com/Retina-Images/Retina-Images
         			   License link: http://creativecommons.org/licenses/by/3.0/
         			*/
         $cookie_value = false;
         if (isset($_COOKIE['devicePixelRatio'])) {
             $cookie_value = intval($_COOKIE['devicePixelRatio']);
         } else {
             // Force revalidation of cache on next request
             $cache_directive = 'no-cache';
             $status = 'no cookie';
         }
         $resolution = 0;
         if (strpos($photo, '.') !== false) {
             $photo = substr($photo, 0, strpos($photo, '.'));
         }
         if (substr($photo, -2, 1) == '-') {
             $resolution = intval(substr($photo, -1, 1));
             $photo = substr($photo, 0, -2);
             // If viewing on a high-res screen, attempt to serve a higher resolution image:
             if ($resolution == 2 && $cookie_value > 1) {
                 $resolution = 1;
             }
         }
         // If using resolution 1, make sure it exists before proceeding:
         if ($resolution == 1) {
             $r = q("SELECT uid FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", dbesc($photo), intval($resolution));
             if (!$r) {
                 $resolution = 2;
             }
         }
         $r = q("SELECT uid FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", dbesc($photo), intval($resolution));
         if ($r) {
             $allowed = $r[0]['uid'] ? perm_is_allowed($r[0]['uid'], $observer_xchan, 'view_storage') : true;
             $sql_extra = permissions_sql($r[0]['uid']);
             if (!$sql_extra) {
                 $sql_extra = ' and true ';
             }
             // Only check permissions on normal photos. Those photos we don't check includes
             // profile photos, xchan photos (which are also profile photos), 'thing' photos,
             // and cover photos
             $sql_extra = " and (( photo_usage = 0 {$sql_extra} ) or photo_usage != 0 )";
             $channel = channelx_by_n($r[0]['uid']);
             // Now we'll see if we can access the photo
             $r = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d {$sql_extra} LIMIT 1", dbesc($photo), intval($resolution));
             if ($r && $allowed) {
                 $data = dbunescbin($r[0]['content']);
                 $mimetype = $r[0]['mimetype'];
                 if (intval($r[0]['os_storage'])) {
                     $streaming = $data;
                 }
             } else {
                 // Does the picture exist? It may be a remote person with no credentials,
                 // but who should otherwise be able to view it. Show a default image to let
                 // them know permissions was denied. It may be possible to view the image
                 // through an authenticated profile visit.
                 // There won't be many completely unauthorised people seeing this because
                 // they won't have the photo link, so there's a reasonable chance that the person
                 // might be able to obtain permission to view it.
                 $r = q("SELECT * FROM `photo` WHERE `resource_id` = '%s' AND `imgscale` = %d LIMIT 1", dbesc($photo), intval($resolution));
                 if ($r) {
                     logger('mod_photo: forbidden. ' . \App::$query_string);
                     $observer = \App::get_observer();
                     logger('mod_photo: observer = ' . ($observer ? $observer['xchan_addr'] : '(not authenticated)'));
                     $data = file_get_contents('images/nosign.png');
                     $mimetype = 'image/png';
                     $prvcachecontrol = true;
                 }
             }
         }
     }
     if (!isset($data)) {
         if (isset($resolution)) {
             switch ($resolution) {
                 case 4:
                     $data = file_get_contents(get_default_profile_photo());
                     $mimetype = 'image/png';
                     break;
                 case 5:
                     $data = file_get_contents(get_default_profile_photo(80));
                     $mimetype = 'image/png';
                     break;
                 case 6:
                     $data = file_get_contents(get_default_profile_photo(48));
                     $mimetype = 'image/png';
                     break;
                 default:
                     killme();
                     // NOTREACHED
                     break;
             }
         }
     }
     if (isset($res) && intval($res) && $res < 500) {
         $ph = photo_factory($data, $mimetype);
         if ($ph->is_valid()) {
             $ph->scaleImageSquare($res);
             $data = $ph->imageString();
             $mimetype = $ph->getType();
         }
     }
     // Writing in cachefile
     if (isset($cachefile) && $cachefile != '') {
         file_put_contents($cachefile, $data);
     }
     if (function_exists('header_remove')) {
         header_remove('Pragma');
         header_remove('pragma');
     }
     header("Content-type: " . $mimetype);
     if ($prvcachecontrol) {
         // it is a private photo that they have no permission to view.
         // tell the browser not to cache it, in case they authenticate
         // and subsequently have permission to see it
         header("Cache-Control: no-store, no-cache, must-revalidate");
     } else {
         // The photo cache default is 1 day to provide a privacy trade-off,
         // as somebody reducing photo permissions on a photo that is already
         // "in the wild" won't be able to stop the photo from being viewed
         // for this amount amount of time once it is in the browser cache.
         // The privacy expectations of your site members and their perception
         // of privacy where it affects the entire project may be affected.
         // This has performance considerations but we highly recommend you
         // leave it alone.
         $cache = get_config('system', 'photo_cache_time');
         if (!$cache) {
             $cache = 3600 * 24;
         }
         // 1 day
         header("Expires: " . gmdate("D, d M Y H:i:s", time() + $cache) . " GMT");
         header("Cache-Control: max-age=" . $cache);
     }
     // If it's a file resource, stream it.
     if ($streaming && $channel) {
         if (strpos($streaming, 'store') !== false) {
             $istream = fopen($streaming, 'rb');
         } else {
             $istream = fopen('store/' . $channel['channel_address'] . '/' . $streaming, 'rb');
         }
         $ostream = fopen('php://output', 'wb');
         if ($istream && $ostream) {
             pipe_streams($istream, $ostream);
             fclose($istream);
             fclose($ostream);
         }
     } else {
         echo $data;
     }
     killme();
     // NOTREACHED
 }
Exemplo n.º 7
0
function reflect_comment_store($channel, $post, $comment, $user)
{
    // if the commenter was the channel owner, use their hubzilla xchan
    if ($comment['author'] === REFLECT_EXPORTUSERNAME && $comment['registered']) {
        $hash = $channel['xchan_hash'];
    } else {
        // we need a unique hash for the commenter. We don't know how many may have supplied
        // http://yahoo.com as their URL, so we'll use their avatar guid if they have one.
        // anonymous folks may get more than one xchan_hash if they commented more than once.
        $hash = $comment['registered'] && $user ? $user['avatar'] : '';
        if (!$hash) {
            $hash = random_string() . '.unknown';
        }
        // create an xchan for them which will also import their profile photo
        // they will have a network type 'unknown'.
        $x = array('hash' => $hash, 'guid' => $hash, 'url' => $comment['url'] ? $comment['url'] : z_root(), 'photo' => $user ? REFLECT_BASEURL . $user['avatar'] : z_root() . '/' . get_default_profile_photo(), 'name' => $comment['author']);
        xchan_store($x);
    }
    $arr = array();
    $r = q("select * from item where mid = '%s' and uid = %d limit 1", dbesc($comment['guid']), intval($channel['channel_id']));
    if ($r) {
        if (REFLECT_OVERWRITE) {
            $arr['id'] = $r[0]['id'];
        } else {
            return;
        }
    }
    // this is a lot like storing the post except for subtle differences, like parent_mid, flags, author_xchan,
    // and we don't have a comment edited field so use creation date
    $arr['uid'] = $channel['channel_account_id'];
    $arr['aid'] = $channel['channel_id'];
    $arr['mid'] = $comment['guid'];
    $arr['parent_mid'] = $post['mid'];
    $arr['created'] = $comment['created'];
    $arr['edited'] = $comment['created'];
    $arr['author_xchan'] = $hash;
    $arr['owner_xchan'] = $channel['channel_hash'];
    $arr['item_origin'] = 1;
    $arr['item_wall'] = 1;
    $arr['verb'] = ACTIVITY_POST;
    $arr['comment_policy'] = 'contacts';
    $arr['title'] = html2bbcode($comment['title']);
    $arr['title'] = htmlspecialchars($arr['title'], ENT_COMPAT, 'UTF-8', false);
    $arr['body'] = html2bbcode($comment['body']);
    $arr['body'] = htmlspecialchars($arr['body'], ENT_COMPAT, 'UTF-8', false);
    $arr['body'] = preg_replace_callback("/\\[url\\=\\/+article\\/(.*?)\\](.*?)\\[url\\]/", 'reflect_article_callback', $arr['body']);
    $arr['body'] = preg_replace_callback("/\\[img(.*?)\\](.*?)\\[\\/img\\]/", 'reflect_photo_callback', $arr['body']);
    // logger('comment: ' . print_r($arr,true));
    if ($arr['id']) {
        item_store_update($arr);
    } else {
        item_store($arr);
    }
}
Exemplo n.º 8
0
 public static function app_update($arr)
 {
     $darray = array();
     $ret = array('success' => false);
     $darray['app_url'] = x($arr, 'url') ? $arr['url'] : '';
     $darray['app_channel'] = x($arr, 'uid') ? $arr['uid'] : 0;
     $darray['app_id'] = x($arr, 'guid') ? $arr['guid'] : 0;
     if (!$darray['app_url'] || !$darray['app_channel'] || !$darray['app_id']) {
         return $ret;
     }
     if ($arr['photo'] && !strstr($arr['photo'], z_root())) {
         $x = import_xchan_photo($arr['photo'], get_observer_hash(), true);
         $arr['photo'] = $x[1];
     }
     $darray['app_sig'] = x($arr, 'sig') ? $arr['sig'] : '';
     $darray['app_author'] = x($arr, 'author') ? $arr['author'] : get_observer_hash();
     $darray['app_name'] = x($arr, 'name') ? escape_tags($arr['name']) : t('Unknown');
     $darray['app_desc'] = x($arr, 'desc') ? escape_tags($arr['desc']) : '';
     $darray['app_photo'] = x($arr, 'photo') ? $arr['photo'] : z_root() . '/' . get_default_profile_photo(80);
     $darray['app_version'] = x($arr, 'version') ? escape_tags($arr['version']) : '';
     $darray['app_addr'] = x($arr, 'addr') ? escape_tags($arr['addr']) : '';
     $darray['app_price'] = x($arr, 'price') ? escape_tags($arr['price']) : '';
     $darray['app_page'] = x($arr, 'page') ? escape_tags($arr['page']) : '';
     $darray['app_requires'] = x($arr, 'requires') ? escape_tags($arr['requires']) : '';
     $darray['app_system'] = x($arr, 'system') ? intval($arr['system']) : 0;
     $darray['app_deleted'] = x($arr, 'deleted') ? intval($arr['deleted']) : 0;
     $edited = datetime_convert();
     $r = q("update app set app_sig = '%s', app_author = '%s', app_name = '%s', app_desc = '%s', app_url = '%s', app_photo = '%s', app_version = '%s', app_addr = '%s', app_price = '%s', app_page = '%s', app_requires = '%s', app_edited = '%s', app_system = %d, app_deleted = %d where app_id = '%s' and app_channel = %d", dbesc($darray['app_sig']), dbesc($darray['app_author']), dbesc($darray['app_name']), dbesc($darray['app_desc']), dbesc($darray['app_url']), dbesc($darray['app_photo']), dbesc($darray['app_version']), dbesc($darray['app_addr']), dbesc($darray['app_price']), dbesc($darray['app_page']), dbesc($darray['app_requires']), dbesc($edited), intval($darray['app_system']), intval($darray['app_deleted']), dbesc($darray['app_id']), intval($darray['app_channel']));
     if ($r) {
         $ret['success'] = true;
         $ret['app_id'] = $darray['app_id'];
     }
     $x = q("select id from app where app_id = '%s' and app_channel = %d limit 1", dbesc($darray['app_id']), intval($darray['app_channel']));
     if ($x) {
         q("delete from term where otype = %d and oid = %d", intval(TERM_OBJ_APP), intval($x[0]['id']));
         if ($arr['categories']) {
             $y = explode(',', $arr['categories']);
             if ($y) {
                 foreach ($y as $t) {
                     $t = trim($t);
                     if ($t) {
                         store_item_tag($darray['app_channel'], $x[0]['id'], TERM_OBJ_APP, TERM_CATEGORY, escape_tags($t), escape_tags(z_root() . '/apps/?f=&cat=' . escape_tags($t)));
                     }
                 }
             }
         }
     }
     return $ret;
 }
Exemplo n.º 9
0
function xchan_store($arr)
{
    logger('xchan_store: ' . print_r($arr, true));
    if (!$arr['hash']) {
        $arr['hash'] = $arr['guid'];
    }
    if (!$arr['hash']) {
        return false;
    }
    $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($arr['hash']));
    if ($r) {
        return true;
    }
    if (!$arr['network']) {
        $arr['network'] = 'unknown';
    }
    if (!$arr['name']) {
        $arr['name'] = 'unknown';
    }
    if (!$arr['url']) {
        $arr['url'] = z_root();
    }
    if (!$arr['photo']) {
        $arr['photo'] = z_root() . '/' . get_default_profile_photo();
    }
    $r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_addr, xchan_url, xchan_connurl, xchan_follow, xchan_connpage, xchan_name, xchan_network, xchan_instance_url, xchan_hidden, xchan_orphan, xchan_censored, xchan_selfcensored, xchan_system, xchan_pubforum, xchan_deleted, xchan_name_date ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s','%s','%s','%s',%d, %d, %d, %d, %d, %d, %d, '%s') ", dbesc($arr['hash']), dbesc($arr['guid']), dbesc($arr['guid_sig']), dbesc($arr['pubkey']), dbesc($arr['address']), dbesc($arr['url']), dbesc($arr['connurl']), dbesc($arr['follow']), dbesc($arr['connpage']), dbesc($arr['name']), dbesc($arr['network']), dbesc($arr['instance_url']), intval($arr['hidden']), intval($arr['orphan']), intval($arr['censored']), intval($arr['selfcensored']), intval($arr['system']), intval($arr['pubforum']), intval($arr['deleted']), dbesc(datetime_convert()));
    if (!$r) {
        return $r;
    }
    $photos = import_xchan_photo($arr['photo'], $arr['hash']);
    $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", dbesc(datetime_convert()), dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), dbesc($photos[3]), dbesc($arr['hash']));
    return $r;
}
Exemplo n.º 10
0
Arquivo: photo.php Projeto: Mauru/red
function photo_init(&$a)
{
    $prvcachecontrol = false;
    switch (argc()) {
        case 4:
            $person = argv(3);
            $res = argv(2);
            $type = argv(1);
            break;
        case 2:
            $photo = argv(1);
            break;
        case 1:
        default:
            killme();
            // NOTREACHED
    }
    if ($photo === 'qr') {
        $t = $_GET['qr'];
        require_once 'library/phpqrcode/phpqrcode.php';
        header("Content-type: image/png");
        QRcode::png($t ? $t : '.');
        killme();
    }
    $observer_xchan = get_observer_hash();
    $default = get_default_profile_photo();
    if (isset($type)) {
        /**
         * Profile photos - Access controls on default profile photos are not honoured since they need to be exchanged with remote sites.
         * 
         */
        if ($type === 'profile') {
            switch ($res) {
                case 'm':
                    $resolution = 5;
                    $default = get_default_profile_photo(80);
                    break;
                case 's':
                    $resolution = 6;
                    $default = get_default_profile_photo(48);
                    break;
                case 'l':
                default:
                    $resolution = 4;
                    break;
            }
        }
        $uid = $person;
        $r = q("SELECT * FROM photo WHERE scale = %d AND uid = %d AND profile = 1 LIMIT 1", intval($resolution), intval($uid));
        if (count($r)) {
            $data = $r[0]['data'];
            $mimetype = $r[0]['type'];
        }
        if (!isset($data)) {
            $data = file_get_contents($default);
            $mimetype = 'image/jpeg';
        }
    } else {
        /**
         * Other photos
         */
        /* Check for a cookie to indicate display pixel density, in order to detect high-resolution
        		   displays. This procedure was derived from the "Retina Images" by Jeremey Worboys,
        		   used in accordance with the Creative Commons Attribution 3.0 Unported License.
        		   Project link: https://github.com/Retina-Images/Retina-Images
        		   License link: http://creativecommons.org/licenses/by/3.0/
        		*/
        $cookie_value = false;
        if (isset($_COOKIE['devicePixelRatio'])) {
            $cookie_value = intval($_COOKIE['devicePixelRatio']);
        } else {
            // Force revalidation of cache on next request
            $cache_directive = 'no-cache';
            $status = 'no cookie';
        }
        $resolution = 0;
        if (strpos($photo, '.') !== false) {
            $photo = substr($photo, 0, strpos($photo, '.'));
        }
        if (substr($photo, -2, 1) == '-') {
            $resolution = intval(substr($photo, -1, 1));
            $photo = substr($photo, 0, -2);
            // If viewing on a high-res screen, attempt to serve a higher resolution image:
            if ($resolution == 2 && $cookie_value > 1) {
                $resolution = 1;
            }
        }
        // If using resolution 1, make sure it exists before proceeding:
        if ($resolution == 1) {
            $r = q("SELECT uid FROM photo WHERE resource_id = '%s' AND scale = %d LIMIT 1", dbesc($photo), intval($resolution));
            if (!$r) {
                $resolution = 2;
            }
        }
        $r = q("SELECT uid FROM photo WHERE resource_id = '%s' AND scale = %d LIMIT 1", dbesc($photo), intval($resolution));
        if ($r) {
            $allowed = $r[0]['uid'] ? perm_is_allowed($r[0]['uid'], $observer_xchan, 'view_photos') : true;
            $sql_extra = permissions_sql($r[0]['uid']);
            // Now we'll see if we can access the photo
            $r = q("SELECT * FROM photo WHERE resource_id = '%s' AND scale = %d {$sql_extra} LIMIT 1", dbesc($photo), intval($resolution));
            if ($r && $allowed) {
                $data = $r[0]['data'];
                $mimetype = $r[0]['type'];
            } else {
                // Does the picture exist? It may be a remote person with no credentials,
                // but who should otherwise be able to view it. Show a default image to let
                // them know permissions was denied. It may be possible to view the image
                // through an authenticated profile visit.
                // There won't be many completely unauthorised people seeing this because
                // they won't have the photo link, so there's a reasonable chance that the person
                // might be able to obtain permission to view it.
                $r = q("SELECT * FROM `photo` WHERE `resource_id` = '%s' AND `scale` = %d LIMIT 1", dbesc($photo), intval($resolution));
                if ($r) {
                    logger('mod_photo: forbidden. ' . $a->query_string);
                    $observer = $a->get_observer();
                    logger('mod_photo: observer = ' . ($observer ? $observer['xchan_addr'] : '(not authenticated)'));
                    $data = file_get_contents('images/nosign.png');
                    $mimetype = 'image/png';
                    $prvcachecontrol = true;
                }
            }
        }
    }
    if (!isset($data)) {
        if (isset($resolution)) {
            switch ($resolution) {
                case 4:
                    $data = file_get_contents(get_default_profile_photo());
                    $mimetype = 'image/jpeg';
                    break;
                case 5:
                    $data = file_get_contents(get_default_profile_photo(80));
                    $mimetype = 'image/jpeg';
                    break;
                case 6:
                    $data = file_get_contents(get_default_profile_photo(48));
                    $mimetype = 'image/jpeg';
                    break;
                default:
                    killme();
                    // NOTREACHED
                    break;
            }
        }
    }
    if (isset($res) && intval($res) && $res < 500) {
        $ph = photo_factory($data, $mimetype);
        if ($ph->is_valid()) {
            $ph->scaleImageSquare($res);
            $data = $ph->imageString();
            $mimetype = $ph->getType();
        }
    }
    // Writing in cachefile
    if (isset($cachefile) && $cachefile != '') {
        file_put_contents($cachefile, $data);
    }
    if (function_exists('header_remove')) {
        header_remove('Pragma');
        header_remove('pragma');
    }
    header("Content-type: " . $mimetype);
    if ($prvcachecontrol) {
        // it is a private photo that they have no permission to view.
        // tell the browser not to cache it, in case they authenticate
        // and subsequently have permission to see it
        header("Cache-Control: no-store, no-cache, must-revalidate");
    } else {
        header("Expires: " . gmdate("D, d M Y H:i:s", time() + 3600 * 24) . " GMT");
        header("Cache-Control: max-age=" . 3600 * 24);
    }
    echo $data;
    killme();
    // NOTREACHED
}