function render_partial(&$request, $template)
{
trigger_before('render_partial', $this, $this);
// content_for_layout() passes the $request->action as $template
$ext = $this->pick_template_extension($request, $template);
$view = $request->get_template_path($ext, $template);
if ($template == 'get') {
$template = 'index';
}
if (file_exists($view)) {
$action = "_" . $template;
} else {
$action = $template;
}
global $db;
if (file_exists($view) && function_exists($action)) {
trigger_before($request->action, $request, $db);
$result = $action(array_merge($this->named_vars, $db->get_resource()));
trigger_after($request->action, $request, $db);
if (is_array($result)) {
extract($result);
}
if (!$this->header_sent) {
$content_type = 'Content-Type: ' . $this->pick_content_type($ext);
if ($this->pick_content_charset($ext)) {
$content_type .= '; charset=' . $this->pick_content_charset($ext);
}
header($content_type);
$this->header_sent = true;
}
include $view;
} else {
// no template, check for blobcall
if (in_array(type_of($ext), mime_types()) && !$this->header_sent) {
$model =& $db->get_table($request->resource);
if (isset($model->blob)) {
$template = $model->blob;
}
trigger_before($request->action, $request, $db);
$Member = $this->collection->MoveFirst();
render_blob($Member->{$template}, $ext);
} else {
if (strpos($request->uri, 'robots') === false || strpos($request->uri, 'crawl') === false) {
admin_alert($request->uri . " {$view} {$action} " . $_SERVER[REMOTE_HOST]);
}
}
}
}
function handle_posted_file($filename = "", $att, $profile)
{
global $db, $request, $response;
$response->set_var('profile', $profile);
load_apps();
if (isset($_FILES['media']['tmp_name'])) {
$table = 'uploads';
} else {
$table = 'posts';
}
$modelvar = classify($table);
$_FILES = array(strtolower($modelvar) => array('name' => array('attachment' => $filename), 'tmp_name' => array('attachment' => $att)));
$Post =& $db->model('Post');
$Upload =& $db->model('Upload');
$field = 'attachment';
$request->set_param('resource', $table);
$request->set_param(array(strtolower(classify($table)), $field), $att);
trigger_before('insert_from_post', ${$modelvar}, $request);
$content_type = 'text/html';
$rec = ${$modelvar}->base();
$content_type = type_of($filename);
$rec->set_value('profile_id', get_profile_id());
$rec->set_value('parent_id', 0);
if (isset($request->params['message'])) {
$rec->set_value('title', $request->params['message']);
} else {
$rec->set_value('title', '');
}
if ($table == 'uploads') {
$rec->set_value('tmp_name', 'new');
}
$upload_types = environment('upload_types');
if (!$upload_types) {
$upload_types = array('jpg', 'jpeg', 'png', 'gif');
}
$ext = extension_for(type_of($filename));
if (!in_array($ext, $upload_types)) {
trigger_error('Sorry, this site only allows the following file types: ' . implode(',', $upload_types), E_USER_ERROR);
}
$rec->set_value($field, $att);
$rec->save_changes();
$tmp = $att;
if (is_jpg($tmp)) {
$thumbsize = environment('max_pixels');
$Thumbnail =& $db->model('Thumbnail');
$t = $Thumbnail->base();
$newthumb = tempnam("/tmp", "new" . $rec->id . ".jpg");
resize_jpeg($tmp, $newthumb, $thumbsize);
$t->set_value('target_id', $atomentry->id);
$t->save_changes();
update_uploadsfile('thumbnails', $t->id, $newthumb);
$t->set_etag();
}
$atomentry = ${$modelvar}->set_metadata($rec, $content_type, $table, 'id');
${$modelvar}->set_categories($rec, $request, $atomentry);
$url = $request->url_for(array('resource' => $table, 'id' => $rec->id));
// $title = substr($rec->title,0,140);
// $over = ((strlen($title) + strlen($url) + 1) - 140);
// if ($over > 0)
// $rec->set_value('title',substr($title,0,-$over)." ".$url);
// else
// $rec->set_value('title',$title." ".$url);
// $rec->save_changes();
trigger_after('insert_from_post', ${$modelvar}, $rec);
return true;
}
function put(&$vars)
{
extract($vars);
// save a revision
$rec = $collection->MoveFirst();
$Revision =& $db->model('Revision');
$r = $Revision->base();
$r->set_value('data', serialize($rec));
$r->set_value('profile_id', get_profile_id());
$r->set_value('target_id', $rec->entry_id);
$r->save();
if (isset($request->params['identity']['nickname'])) {
$nick = strtolower($request->params['identity']['nickname']);
$request->set_param(array('identity', 'nickname'), $nick);
if ($profile->nickname == $nick) {
// nickname did not change
} else {
global $prefix;
// if post_notice is set it's a remote user and can share a nickname with a local user
$sql = "SELECT nickname FROM " . $prefix . "identities WHERE nickname LIKE '" . $db->escape_string($nick) . "' AND (post_notice = '' OR post_notice IS NULL)";
$result = $db->get_result($sql);
if ($db->num_rows($result) > 0) {
trigger_error('Sorry, that nickname is already being used.', E_USER_ERROR);
}
}
} else {
}
if (isset($request->params['identity']['url'])) {
if (strpos($request->params['identity']['url'], 'http') === false) {
$request->params['identity']['url'] = 'http://' . $request->params['identity']['url'];
}
}
if (isset($request->params['identity']['password'])) {
$request->params['identity']['password'] = md5($request->params['identity']['password']);
}
$resource->update_from_post($request);
$rec = $Identity->find($request->id);
if (is_upload('identities', 'photo')) {
$sql = "SELECT photo FROM " . $prefix . "identities WHERE id = " . $db->escape_string($request->id);
$result = $db->get_result($sql);
$upl = $_FILES['identity']['tmp_name']['photo'];
$ext = '.' . type_of_image($upl);
if (!$ext) {
trigger_error("Sorry for the trouble, but your photo must be a JPG, PNG or GIF file.", E_USER_ERROR);
}
$content_type = type_of($ext);
if ($blobval = $db->result_value($result, 0, "photo")) {
$rec->set_value('avatar', $request->url_for(array('resource' => "_" . $rec->id)) . $ext);
} elseif (exists_uploads_blob('identities', $rec->id)) {
$rec->set_value('avatar', $request->url_for(array('resource' => "_" . $rec->id)) . $ext);
} else {
$rec->set_value('avatar', '');
}
if (empty($rec->profile)) {
$rec->set_value('profile', $request->url_for(array('resource' => "_" . $rec->id)));
}
if (empty($rec->profile_url)) {
$rec->set_value('profile_url', $request->url_for(array('resource' => "" . $rec->nickname)));
}
$rec->save_changes();
$atomentry = $Identity->set_metadata($rec, $content_type, $rec->table, 'id');
}
broadcast_omb_profile_update();
header_status('200 OK');
redirect_to(base_url(true));
}
function update_from_post(&$req)
{
trigger_before('update_from_post', $this, $req);
global $db;
$fields = $this->fields_from_request($req);
if (isset($fields[$req->resource])) {
$fieldsarr = $fields[$req->resource];
}
if (!isset($fieldsarr)) {
trigger_error("The fields were not found in the request." . print_r($fields), E_USER_ERROR);
}
if ($this->has_metadata) {
$Person =& $db->model('Person');
$Group =& $db->model('Group');
if (!isset($req->params['entry']['etag'])) {
trigger_error("Sorry, the etag was not submitted with the database entry", E_USER_ERROR);
}
$atomentry = $db->models['entries']->find_by('etag', $req->params['entry']['etag']);
if (!$atomentry->exists) {
$atomentry = $db->models['entries']->base();
$atomentry->set_value('etag', getEtag(srand(date("s"))));
$atomentry->set_value('resource', $req->resource);
$atomentry->set_value('record_id', $rec->{$pkfield});
$atomentry->set_value('content_type', $content_type);
$atomentry->set_value('last_modified', timestamp());
$atomentry->set_value('person_id', get_person_id());
$aresult = $atomentry->save_changes();
}
$p = $Person->find(get_person_id());
if (!($p->id == $atomentry->attributes['person_id']) && !$this->can_superuser($req->resource)) {
trigger_error("Sorry, your id does not match the owner of the database entry", E_USER_ERROR);
}
$recid = $atomentry->attributes['record_id'];
if (empty($recid)) {
trigger_error('The input form eTag did not match a record_id in entries.', E_USER_ERROR);
}
} else {
$recid = $req->id;
if (empty($recid)) {
trigger_error('The record id was not found in the "id" form field.', E_USER_ERROR);
}
}
$rec = $this->find($recid);
foreach ($fieldsarr as $field => $type) {
if ($this->has_metadata && is_blob($rec->table . '.' . $field)) {
if (isset($_FILES[strtolower(classify($rec->table))]['name'][$field])) {
if ($this->has_metadata) {
$content_type = type_of($_FILES[strtolower(classify($rec->table))]['name'][$field]);
$atomentry->set_value('content_type', $content_type);
}
}
}
$rec->set_value($field, $req->params[strtolower(classify($rec->table))][$field]);
}
$result = $rec->save_changes();
foreach ($fields as $table => $fieldlist) {
// for each table in the submission do
$mdl =& $db->get_table($table);
if (!$mdl->can_write_fields($fieldlist)) {
trigger_error("Sorry, you do not have permission to " . $req->action . " " . $table, E_USER_ERROR);
}
if (!in_array($table, array('entries', $rec->table), true)) {
$rel = $rec->FirstChild($table);
foreach ($fieldlist as $field => $type) {
$rel->set_value($field, $req->params[strtolower(classify($table))][$field]);
}
$rel->save_changes();
}
}
if ($result) {
$req->set_param('id', $rec->id);
if ($this->has_metadata) {
$atomentry->set_value('last_modified', timestamp());
$atomentry->save_changes();
}
} else {
trigger_error("The record could not be updated in the database.", E_USER_ERROR);
}
trigger_after('update_from_post', $this, $rec);
}
function post(&$vars)
{
extract($vars);
global $request;
$modelvar = classify($request->resource);
trigger_before('insert_from_post', ${$modelvar}, $request);
$table = $request->resource;
$content_type = 'text/html';
$rec = ${$modelvar}->base();
if (!${$modelvar}->can_create($table)) {
trigger_error("Sorry, you do not have permission to " . $request->action . " " . $table, E_USER_ERROR);
}
$fields = ${$modelvar}->fields_from_request($request);
$fieldlist = $fields[$table];
foreach ($fieldlist as $field => $type) {
if (${$modelvar}->has_metadata && is_blob($table . '.' . $field)) {
if (isset($_FILES[strtolower(classify($table))]['name'][$field])) {
$content_type = type_of($_FILES[strtolower(classify($table))]['name'][$field]);
}
}
$rec->set_value($field, $request->params[strtolower(classify($table))][$field]);
}
$rec->set_value('profile_id', get_profile_id());
$result = $rec->save_changes();
if (!$result) {
trigger_error("The record could not be saved into the database.", E_USER_ERROR);
}
$atomentry = ${$modelvar}->set_metadata($rec, $content_type, $table, 'id');
${$modelvar}->set_categories($rec, $request, $atomentry);
if (is_upload($table, 'attachment')) {
$upload_types = environment('upload_types');
if (!$upload_types) {
$upload_types = array('jpg', 'jpeg', 'png', 'gif');
}
$ext = extension_for(type_of($_FILES[strtolower(classify($table))]['name']['attachment']));
if (!in_array($ext, $upload_types)) {
trigger_error('Sorry, this site only allows the following file types: ' . implode(',', $upload_types), E_USER_ERROR);
}
$url = $request->url_for(array('resource' => $table, 'id' => $rec->id));
$title = substr($rec->title, 0, 140);
$over = strlen($title) + strlen($url) + 1 - 140;
if ($over > 0) {
$rec->set_value('title', substr($title, 0, -$over) . " " . $url);
} else {
$rec->set_value('title', $title . " " . $url);
}
$rec->save_changes();
$tmp = $_FILES[strtolower(classify($table))]['tmp_name']['attachment'];
if (is_jpg($tmp)) {
$thumbsize = environment('max_pixels');
$Thumbnail =& $db->model('Thumbnail');
$t = $Thumbnail->base();
$newthumb = tempnam("/tmp", "new" . $rec->id . ".jpg");
resize_jpeg($tmp, $newthumb, $thumbsize);
$t->set_value('target_id', $atomentry->id);
$t->save_changes();
update_uploadsfile('thumbnails', $t->id, $newthumb);
$t->set_etag();
}
}
trigger_after('insert_from_post', ${$modelvar}, $rec);
header_status('201 Created');
redirect_to($request->base);
}
function render_blob($value, $ext)
{
global $request;
$req =& $request;
global $db;
$coll = environment('collection_cache');
read_aws_blob($req, $value, $coll, $ext);
header('Content-Type: ' . type_of($ext));
header("Content-Disposition: inline");
read_uploads_blob($req, $value, $coll, $ext);
read_cache_blob($req, $value, $coll);
fetch_blob($value, false);
}
function do_ajaxy_fileupload(&$request, &$route)
{
global $db;
if (!isset($_FILES['Filedata']['name'])) {
return;
}
if (!is_writable('cache')) {
exit;
}
$result = $db->get_result("DELETE FROM " . $db->prefix . "uploads WHERE name = '" . $db->escape_string(urldecode($_FILES['Filedata']['name'])) . "'");
$tmp = 'cache' . DIRECTORY_SEPARATOR . make_token();
$tmp .= "." . extension_for(type_of($_FILES['Filedata']['name']));
$Upload =& $db->model('Upload');
$u = $Upload->base();
$u->set_value('name', urldecode($_FILES['Filedata']['name']));
$u->set_value('tmp_name', $tmp);
$u->save_changes();
move_uploaded_file($_FILES['Filedata']['tmp_name'], $tmp);
echo "200 OK";
exit;
}
function aws_putfile(&$rec, $pkvalue)
{
global $request, $prefix;
$file = $prefix . $rec->table . $pkvalue . "." . extension_for(type_of($_FILES[strtolower(classify($rec->table))]['name'][$this->file_upload[0]]));
lib_include('S3');
$s3 = new S3(environment('awsAccessKey'), environment('awsSecretKey'));
if (!$s3) {
trigger_error('Sorry, there was a problem connecting to Amazon Web Services', E_USER_ERROR);
}
if (!$s3->getBucket(environment('awsBucket'))) {
$result = $s3->putBucket(environment('awsBucket'), 'public-read');
if (!$result) {
trigger_error('Sorry, there was a problem creating the bucket ' . environment('awsBucket') . ' at Amazon Web Services', E_USER_ERROR);
}
}
if (file_exists($this->file_upload[1])) {
if (!$s3->putObjectFile($this->file_upload[1], environment('awsBucket'), $file, 'public-read')) {
trigger_error('Sorry, there was a problem uploading the file to Amazon Web Services', E_USER_ERROR);
}
unlink($this->file_upload[1]);
}
$this->file_upload = false;
}
