public function __construct($key = null)
{
parent::__construct($key);
if (empty($key)) {
$this->setNewHash();
$this->timestamp = time();
$this->ttl = self::$ttlTypes[0];
$this->expireAt(time() + static::EXP_DAY);
$this->max_views = 1;
$this->views = 0;
$this->no_download = true;
$this->strip_exif = true;
$this->comment = Zend_Registry::get('config')->image_comment;
$this->sess = Unsee_Session::getCurrent();
$this->watermark_ip = true;
$this->allow_anonymous_images = false;
}
}
/**
* Returns true if current session is allowed to access the image
* @param Unsee_Image $imageDoc
* @return true
*/
public function isAllowed($imageDoc)
{
list($hash) = explode('_', $imageDoc->key);
return isset($this->{$imageDoc->key}) && isset($_COOKIE[md5(Unsee_Session::getCurrent() . $hash)]);
}
/**
* Action that handles image requests
*/
public function imageAction()
{
// We would just print out the image, no need for the renderer
$this->_helper->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender(true);
// Getting request params
$imageId = $this->getParam('id');
$ticket = $this->getParam('ticket');
$time = $this->getParam('time');
// Dropping request if params are not right or the image is too old
if (!$imageId || !$ticket || !$time || $time < time()) {
return $this->noContentAction();
}
list($hashStr, $imgKey) = explode('_', $imageId);
if (!$hashStr) {
return $this->noContentAction();
}
// Fetching the parent hash
$hashDoc = new Unsee_Hash($hashStr);
if (!$hashDoc) {
return $this->noContentAction();
}
// Fetching the image Redis hash
$imgDoc = new Unsee_Image($hashDoc, $imgKey);
if (!$imgDoc) {
return $this->noContentAction();
}
/**
* Restricting image download also means that it has to requested by the page, e.g. no
* direct access. Direct access means no referrer.
*/
if ($hashDoc->no_download && empty($_SERVER['HTTP_REFERER'])) {
return $this->noContentAction();
}
// Fetching ticket list for the hash, it should have a ticket for the requested image
$ticketDoc = new Unsee_Ticket();
// Looks like a gatecrasher, no ticket and image is not allowed to be downloaded directly
if (!$ticketDoc->isAllowed($imgDoc) && $hashDoc->no_download) {
// Delete the ticket
$ticketDoc->invalidate($imgDoc);
return $this->noContentAction();
} else {
// Delete the ticket
$ticketDoc->invalidate($imgDoc);
}
// Watermark viewer's IP if required
if ($hashDoc->watermark_ip && !Unsee_Session::isOwner($hashDoc)) {
$imgDoc->watermark();
}
// Embed comment if required
$hashDoc->comment && $imgDoc->comment($hashDoc->comment);
$this->getResponse()->setHeader('Content-type', $imgDoc->type);
print $imgDoc->getImageContent();
// The hash itself was already outdated for one of the reasons.
if (!$hashDoc->isViewable()) {
// This means the image should not be avaiable, so delete it
$imgDoc->delete();
}
}
/**
* Controller to handle file upload form
* @throws Exception
*/
public function indexAction()
{
$response = new stdClass();
try {
$upload = new Zend_File_Transfer();
} catch (Exception $e) {
$response->error = $e->getMessage();
$this->_helper->json->sendJson($response);
}
$upload->addValidator('Count', false, array('min' => 1, 'max' => 100));
$upload->addValidator('IsImage', false);
$upload->addValidator('Size', false, array('max' => '10MB', 'bytestring' => false));
$translate = Zend_Registry::get('Zend_Translate');
$updating = false;
try {
if (!$upload->receive()) {
throw new Exception($translate->translate('error_uploading'));
} else {
$files = $upload->getFileInfo();
// Updating hash with new images
if (!empty($_POST['hash']) && Unsee_Hash::isValid($_POST['hash'])) {
$hashDoc = new Unsee_Hash($_POST['hash']);
$updating = true;
$response = array();
if (!Unsee_Session::isOwner($hashDoc) && !$hashDoc->allow_anonymous_images) {
die('[]');
}
} else {
// Creating a new hash
$hashDoc = new Unsee_Hash();
$this->setExpiration($hashDoc);
$response->hash = $hashDoc->key;
}
$imageAdded = false;
foreach ($files as $file => $info) {
if ($upload->isUploaded($file)) {
$imgDoc = new Unsee_Image($hashDoc);
$res = $imgDoc->setFile($info['tmp_name']);
$imgDoc->setSecureParams();
//hack to populate correct secureTtd
if ($updating) {
$ticket = new Unsee_Ticket();
$ticket->issue($imgDoc);
$newImg = new stdClass();
$newImg->hashKey = $hashDoc->key;
$newImg->key = $imgDoc->key;
$newImg->src = '/image/' . $imgDoc->key . '/' . $imgDoc->secureMd5 . '/' . $imgDoc->secureTtd . '/';
$newImg->width = $imgDoc->width;
$newImg->ticket = md5(Unsee_Session::getCurrent() . $hashDoc->key);
$response[] = $newImg;
}
if ($res) {
$imageAdded = true;
}
// Remove uploaded file from temporary dir if it wasn't removed
if (file_exists($info['tmp_name'])) {
@unlink($info['tmp_name']);
}
}
}
if (!$imageAdded) {
throw new Exception('No images were added');
}
}
} catch (Exception $e) {
$response->error = $e->getMessage();
}
$this->_helper->json->sendJson($response);
}
