2011-05-25 07:40:52 +02:00
< ? php
require_once ( 'include/attach.php' );
require_once ( 'include/datetime.php' );
function wall_attach_post ( & $a ) {
2015-08-24 13:54:41 +02:00
$r_json = ( x ( $_GET , 'response' ) && $_GET [ 'response' ] == 'json' );
2011-05-25 07:40:52 +02:00
if ( $a -> argc > 1 ) {
$nick = $a -> argv [ 1 ];
2012-04-09 01:19:45 +02:00
$r = q ( " SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1 " ,
2011-05-25 07:40:52 +02:00
dbesc ( $nick )
);
2016-12-13 10:44:13 +01:00
if ( ! dbm :: is_result ( $r )){
2015-11-07 16:24:59 +01:00
if ( $r_json ) {
2016-11-14 18:49:51 +01:00
echo json_encode ( array ( 'error' => t ( 'Invalid request.' )));
killme ();
}
2011-05-25 07:40:52 +02:00
return ;
2016-11-14 18:49:51 +01:00
}
2011-05-25 07:40:52 +02:00
2015-08-24 13:54:41 +02:00
} else {
2015-11-07 16:24:59 +01:00
if ( $r_json ) {
2016-11-14 18:49:51 +01:00
echo json_encode ( array ( 'error' => t ( 'Invalid request.' )));
killme ();
}
2011-05-25 07:40:52 +02:00
return ;
2016-11-14 18:49:51 +01:00
}
2011-05-25 07:40:52 +02:00
$can_post = false ;
$visitor = 0 ;
$page_owner_uid = $r [ 0 ][ 'uid' ];
2012-04-09 01:19:45 +02:00
$page_owner_cid = $r [ 0 ][ 'id' ];
2011-05-25 07:40:52 +02:00
$page_owner_nick = $r [ 0 ][ 'nickname' ];
$community_page = (( $r [ 0 ][ 'page-flags' ] == PAGE_COMMUNITY ) ? true : false );
if (( local_user ()) && ( local_user () == $page_owner_uid ))
$can_post = true ;
else {
if ( $community_page && remote_user ()) {
2016-11-14 18:49:51 +01:00
$contact_id = 0 ;
2012-09-05 07:50:28 +02:00
if ( is_array ( $_SESSION [ 'remote' ])) {
foreach ( $_SESSION [ 'remote' ] as $v ) {
if ( $v [ 'uid' ] == $page_owner_uid ) {
2016-11-14 18:49:51 +01:00
$contact_id = $v [ 'cid' ];
2012-09-05 07:50:28 +02:00
break ;
}
}
}
2016-11-14 18:49:51 +01:00
if ( $contact_id ) {
2012-09-05 07:50:28 +02:00
$r = q ( " SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1 " ,
2016-11-14 18:49:51 +01:00
intval ( $contact_id ),
2012-09-05 07:50:28 +02:00
intval ( $page_owner_uid )
);
2016-12-13 10:44:13 +01:00
if ( dbm :: is_result ( $r )) {
2012-09-05 07:50:28 +02:00
$can_post = true ;
2016-11-14 18:49:51 +01:00
$visitor = $contact_id ;
2012-09-05 07:50:28 +02:00
}
2011-05-25 07:40:52 +02:00
}
}
}
if ( ! $can_post ) {
2015-11-07 16:24:59 +01:00
if ( $r_json ) {
2016-11-14 18:49:51 +01:00
echo json_encode ( array ( 'error' => t ( 'Permission denied.' )));
killme ();
}
2011-05-25 07:40:52 +02:00
notice ( t ( 'Permission denied.' ) . EOL );
killme ();
}
2015-08-24 13:54:41 +02:00
if ( ! x ( $_FILES , 'userfile' )) {
2015-11-07 16:24:59 +01:00
if ( $r_json ) {
2016-11-14 18:49:51 +01:00
echo json_encode ( array ( 'error' => t ( 'Invalid request.' )));
}
2011-05-25 07:40:52 +02:00
killme ();
2015-08-24 13:54:41 +02:00
}
2011-05-25 07:40:52 +02:00
$src = $_FILES [ 'userfile' ][ 'tmp_name' ];
$filename = basename ( $_FILES [ 'userfile' ][ 'name' ]);
$filesize = intval ( $_FILES [ 'userfile' ][ 'size' ]);
$maxfilesize = get_config ( 'system' , 'maxfilesize' );
2014-04-23 20:22:53 +02:00
/* Found html code written in text field of form ,
* when trying to upload a file with filesize
* greater than upload_max_filesize . Cause is unknown .
* Then Filesize gets <= 0.
*/
if ( $filesize <= 0 ) {
2015-08-24 13:54:41 +02:00
$msg = t ( 'Sorry, maybe your upload is bigger than the PHP configuration allows' ) . EOL . ( t ( 'Or - did you try to upload an empty file?' ));
if ( $r_json ) {
2015-11-07 16:24:59 +01:00
echo json_encode ( array ( 'error' => $msg ));
2015-08-24 13:54:41 +02:00
} else {
notice ( $msg . EOL );
}
2014-04-23 20:22:53 +02:00
@ unlink ( $src );
killme ();
}
2011-05-25 07:40:52 +02:00
if (( $maxfilesize ) && ( $filesize > $maxfilesize )) {
2015-08-24 13:54:41 +02:00
$msg = sprintf ( t ( 'File exceeds size limit of %s' ), formatBytes ( $maxfilesize ));
if ( $r_json ) {
2015-11-07 16:24:59 +01:00
echo json_encode ( array ( 'error' => $msg ));
2015-08-24 13:54:41 +02:00
} else {
echo $msg . EOL ;
}
2011-05-25 07:40:52 +02:00
@ unlink ( $src );
2015-06-29 02:39:08 +02:00
killme ();
2011-05-25 07:40:52 +02:00
}
2012-06-26 01:03:46 +02:00
$r = q ( " select sum(octet_length(data)) as total from attach where uid = %d " ,
intval ( $page_owner_uid )
);
$limit = service_class_fetch ( $page_owner_uid , 'attach_upload_limit' );
if (( $limit !== false ) && (( $r [ 0 ][ 'total' ] + strlen ( $imagedata )) > $limit )) {
2015-08-24 13:54:41 +02:00
$msg = upgrade_message ( true );
if ( $r_json ) {
2015-11-07 16:24:59 +01:00
echo json_encode ( array ( 'error' => $msg ));
2015-08-24 13:54:41 +02:00
} else {
echo $msg . EOL ;
}
2012-06-26 01:03:46 +02:00
@ unlink ( $src );
killme ();
}
2011-05-25 07:40:52 +02:00
$filedata = @ file_get_contents ( $src );
2011-08-04 04:18:58 +02:00
$mimetype = z_mime_content_type ( $filename );
2015-08-14 07:48:28 +02:00
$hash = get_guid ( 64 );
2011-05-25 07:40:52 +02:00
$created = datetime_convert ();
2011-05-25 11:08:15 +02:00
$r = q ( " INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
VALUES ( % d , '%s' , '%s' , '%s' , % d , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' ) " ,
2011-05-25 07:40:52 +02:00
intval ( $page_owner_uid ),
dbesc ( $hash ),
2011-05-25 11:08:15 +02:00
dbesc ( $filename ),
2011-05-25 07:40:52 +02:00
dbesc ( $mimetype ),
intval ( $filesize ),
dbesc ( $filedata ),
dbesc ( $created ),
dbesc ( $created ),
2012-04-09 01:19:45 +02:00
dbesc ( '<' . $page_owner_cid . '>' ),
2011-05-25 07:40:52 +02:00
dbesc ( '' ),
dbesc ( '' ),
dbesc ( '' )
2015-08-14 07:48:28 +02:00
);
2011-05-25 07:40:52 +02:00
@ unlink ( $src );
if ( ! $r ) {
2015-08-24 13:54:41 +02:00
$msg = t ( 'File upload failed.' );
if ( $r_json ) {
2015-11-07 16:24:59 +01:00
echo json_encode ( array ( 'error' => $msg ));
2015-08-24 13:54:41 +02:00
} else {
echo $msg . EOL ;
}
2011-05-25 07:40:52 +02:00
killme ();
}
$r = q ( " SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1 " ,
intval ( $page_owner_uid ),
dbesc ( $created ),
dbesc ( $hash )
);
2016-12-13 10:44:13 +01:00
if ( ! dbm :: is_result ( $r )) {
2015-08-24 13:54:41 +02:00
$msg = t ( 'File upload failed.' );
if ( $r_json ) {
2015-11-07 16:24:59 +01:00
echo json_encode ( array ( 'error' => $msg ));
2015-08-24 13:54:41 +02:00
} else {
echo $msg . EOL ;
}
2011-05-25 07:40:52 +02:00
killme ();
}
2015-11-07 16:24:59 +01:00
if ( $r_json ) {
2016-11-14 18:49:51 +01:00
echo json_encode ( array ( 'ok' => true ));
killme ();
}
2015-08-24 13:54:41 +02:00
2012-12-03 10:05:10 +01:00
$lf = " \n " ;
2012-04-17 15:11:41 +02:00
echo $lf . $lf . '[attachment]' . $r [ 0 ][ 'id' ] . '[/attachment]' . $lf ;
2015-08-24 13:54:41 +02:00
2011-05-25 07:40:52 +02:00
killme ();
// NOTREACHED
}