/**
* @route ajax/authors_get_photo
*/
public function getAuthorsPhoto()
{
$auth_bp = $this->blueprint('Author');
$file_bp = $this->blueprint('Files');
if (IDE_HACKS) {
$db = \Airship\get_database();
$auth_bp = new Author($db);
$file_bp = new Files($db);
}
$authorId = (int) ($_POST['author'] ?? 0);
if (!$this->isSuperUser()) {
$authors = $auth_bp->getAuthorIdsForUser($this->getActiveUserId());
if (!\in_array($authorId, $authors)) {
\Airship\json_response(['status' => 'ERROR', 'message' => \__('You do not have permission to access this author\'s posts.')]);
}
}
if (!\Airship\all_keys_exist(['context', 'author'], $_POST)) {
\Airship\json_response(['status' => 'ERROR', 'message' => 'Insufficient parameters']);
}
$file = $auth_bp->getPhotoData($authorId, $_POST['context']);
if (empty($file)) {
// No file selected
\Airship\json_response(['status' => 'OK', 'message' => '', 'photo' => null]);
}
$cabin = $file_bp->getFilesCabin((int) $file['fileid']);
\Airship\json_response(['status' => 'OK', 'message' => '', 'photo' => \Airship\LensFunctions\cabin_url($cabin) . 'files/author/' . $file['slug'] . '/' . $auth_bp->getPhotoDirName() . '/' . $file['filename']]);
}
/**
* @param string $token
* @return string
*/
protected function recoveryMessage(string $token) : string
{
return \__("To recover your account, visit the URL below.") . "\n\n" . \Airship\LensFunctions\cabin_url() . 'forgot-password/' . $token . "\n\n" . \__("This access token will expire in an hour.");
}
/**
* Read a blog post
*
* @param string $year
* @param string $month
* @param string $slug
*
* @route blog/{year}/{month}/{slug}
*/
public function readPost(string $year, string $month, string $slug)
{
$blogPost = $this->blog->getBlogPost($year, $month, $slug);
$post = $this->post(new CommentFilter(), true);
if ($post) {
if ($this->addComment($post, (int) $blogPost['postid'])) {
\Airship\redirect(\Airship\LensFunctions\cabin_url() . 'blog/' . $year . '/' . $month . '/' . $slug . '#comments');
}
}
$mathJAX = \strpos($blogPost['body'], '$$') !== false;
$blogPost['series'] = $this->blog->getPostsSeries((int) $blogPost['postid']);
$args = ['meta' => \json_decode($blogPost['metadata'] ?? '[]', true), 'pageTitle' => $blogPost['title'], 'blogpost' => $blogPost, 'author' => $this->blog->getAuthor($blogPost['author']), 'config' => $this->config(), 'mathjax' => $mathJAX];
if (!empty($blogPost['cache'])) {
$args['cached'] = true;
$this->stasis('blog/read', $args);
} else {
$comments = $this->blog->getCommentTree((int) $blogPost['postid']);
$args['comments'] = $comments;
$this->lens('blog/read', $args);
}
}
/**
* Get an author profile's avatar
*
* @param int $authorId
* @param string $which
* @return string
*/
function get_avatar(int $authorId, string $which) : string
{
static $cache = [];
static $db = null;
if (!$db) {
$db = \Airship\get_database();
}
// If someone comments 100 times, we only want to look up their avatar once.
$key = CryptoUtil::hash(\http_build_query(['author' => $authorId, 'which' => $which]));
if (!isset($cache[$key])) {
$file = $db->row("SELECT\n f.*,\n a.slug\n FROM\n hull_blog_author_photos p\n JOIN\n hull_blog_authors a\n ON p.author = a.authorid\n JOIN\n hull_blog_photo_contexts c\n ON p.context = c.contextid\n JOIN\n airship_files f\n ON p.file = f.fileid\n WHERE\n c.label = ? AND a.authorid = ?\n ", $which, $authorId);
if (empty($file)) {
$cache[$key] = '';
} else {
if (empty($file['directory'])) {
$cabin = $file['cabin'];
} else {
$dirId = $file['directory'];
do {
$dir = $db->row("SELECT parent, cabin FROM airship_dirs WHERE directoryid = ?", $dirId);
$dirId = $dir['parent'];
} while (!empty($dirId));
$cabin = $dir['cabin'];
}
$cache[$key] = \Airship\LensFunctions\cabin_url($cabin) . 'files/author/' . $file['slug'] . '/photos/' . $file['filename'];
}
}
return $cache[$key];
}
/**
* If a redirect exists at this path, serve it.
*
* @param string $uri
* @return bool
*/
public function serveRedirect(string $uri) : bool
{
$lookup = $this->db->row('SELECT * FROM airship_custom_redirect WHERE oldpath = ?', $uri);
if (empty($lookup)) {
return false;
}
if ($lookup['same_cabin']) {
// Internal redirects only. Don't create open redirect vulnerabilities.
\Airship\redirect(\Airship\LensFunctions\cabin_url($lookup['cabin']) . \trim($lookup['newpath'], '/'));
}
// Cross-cabin redirects can point to other domains.
\Airship\redirect(\rtrim($lookup['newpath'], '/'));
return true;
}
