2011-05-25 07:40:52 +02:00
< ? php
2018-01-15 14:32:11 +01:00
/**
* @ file mod / wall_attach . php
*/
2018-01-25 03:08:45 +01:00
2017-04-30 06:07:00 +02:00
use Friendica\App ;
2017-11-07 03:22:52 +01:00
use Friendica\Core\Config ;
2018-01-21 19:33:59 +01:00
use Friendica\Core\L10n ;
2018-07-09 21:38:16 +02:00
use Friendica\Core\System ;
2018-07-20 14:19:26 +02:00
use Friendica\Database\DBA ;
2017-11-08 04:57:46 +01:00
use Friendica\Database\DBM ;
2018-01-27 03:38:34 +01:00
use Friendica\Util\DateTimeFormat ;
2018-01-15 14:32:11 +01:00
use Friendica\Util\Mimetype ;
2017-04-30 06:07:00 +02:00
2017-01-09 13:14:55 +01:00
function wall_attach_post ( App $a ) {
2011-05-25 07:40:52 +02:00
2015-08-24 13:54:41 +02:00
$r_json = ( x ( $_GET , 'response' ) && $_GET [ 'response' ] == 'json' );
2017-03-21 17:02:59 +01:00
if ( $a -> argc > 1 ) {
2011-05-25 07:40:52 +02:00
$nick = $a -> argv [ 1 ];
2012-04-09 01:19:45 +02:00
$r = q ( " SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1 " ,
2011-05-25 07:40:52 +02:00
dbesc ( $nick )
);
2017-11-08 04:57:46 +01:00
if ( ! DBM :: is_result ( $r )) {
2015-11-07 16:24:59 +01:00
if ( $r_json ) {
2018-01-22 15:16:25 +01:00
echo json_encode ([ 'error' => L10n :: t ( 'Invalid request.' )]);
2016-11-14 18:49:51 +01:00
killme ();
}
2011-05-25 07:40:52 +02:00
return ;
2016-11-14 18:49:51 +01:00
}
2011-05-25 07:40:52 +02:00
2015-08-24 13:54:41 +02:00
} else {
2015-11-07 16:24:59 +01:00
if ( $r_json ) {
2018-01-22 15:16:25 +01:00
echo json_encode ([ 'error' => L10n :: t ( 'Invalid request.' )]);
2016-11-14 18:49:51 +01:00
killme ();
}
2011-05-25 07:40:52 +02:00
return ;
2016-11-14 18:49:51 +01:00
}
2011-05-25 07:40:52 +02:00
$can_post = false ;
$visitor = 0 ;
$page_owner_uid = $r [ 0 ][ 'uid' ];
2012-04-09 01:19:45 +02:00
$page_owner_cid = $r [ 0 ][ 'id' ];
2011-05-25 07:40:52 +02:00
$page_owner_nick = $r [ 0 ][ 'nickname' ];
$community_page = (( $r [ 0 ][ 'page-flags' ] == PAGE_COMMUNITY ) ? true : false );
2017-03-21 17:02:59 +01:00
if (( local_user ()) && ( local_user () == $page_owner_uid ))
2011-05-25 07:40:52 +02:00
$can_post = true ;
else {
2017-03-21 17:02:59 +01:00
if ( $community_page && remote_user ()) {
2016-11-14 18:49:51 +01:00
$contact_id = 0 ;
2017-03-21 17:02:59 +01:00
if ( is_array ( $_SESSION [ 'remote' ])) {
foreach ( $_SESSION [ 'remote' ] as $v ) {
if ( $v [ 'uid' ] == $page_owner_uid ) {
2016-11-14 18:49:51 +01:00
$contact_id = $v [ 'cid' ];
2012-09-05 07:50:28 +02:00
break ;
}
}
}
2017-03-21 17:02:59 +01:00
if ( $contact_id ) {
2012-09-05 07:50:28 +02:00
$r = q ( " SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1 " ,
2016-11-14 18:49:51 +01:00
intval ( $contact_id ),
2012-09-05 07:50:28 +02:00
intval ( $page_owner_uid )
);
2017-11-08 04:57:46 +01:00
if ( DBM :: is_result ( $r )) {
2012-09-05 07:50:28 +02:00
$can_post = true ;
2016-11-14 18:49:51 +01:00
$visitor = $contact_id ;
2012-09-05 07:50:28 +02:00
}
2011-05-25 07:40:52 +02:00
}
}
}
2017-03-21 17:02:59 +01:00
if ( ! $can_post ) {
2015-11-07 16:24:59 +01:00
if ( $r_json ) {
2018-01-22 15:16:25 +01:00
echo json_encode ([ 'error' => L10n :: t ( 'Permission denied.' )]);
2016-11-14 18:49:51 +01:00
killme ();
}
2018-01-21 19:33:59 +01:00
notice ( L10n :: t ( 'Permission denied.' ) . EOL );
2011-05-25 07:40:52 +02:00
killme ();
}
2017-03-21 17:02:59 +01:00
if ( ! x ( $_FILES , 'userfile' )) {
2015-11-07 16:24:59 +01:00
if ( $r_json ) {
2018-01-22 15:16:25 +01:00
echo json_encode ([ 'error' => L10n :: t ( 'Invalid request.' )]);
2016-11-14 18:49:51 +01:00
}
2011-05-25 07:40:52 +02:00
killme ();
2015-08-24 13:54:41 +02:00
}
2011-05-25 07:40:52 +02:00
$src = $_FILES [ 'userfile' ][ 'tmp_name' ];
$filename = basename ( $_FILES [ 'userfile' ][ 'name' ]);
$filesize = intval ( $_FILES [ 'userfile' ][ 'size' ]);
2017-11-07 03:22:52 +01:00
$maxfilesize = Config :: get ( 'system' , 'maxfilesize' );
2011-05-25 07:40:52 +02:00
2014-04-23 20:22:53 +02:00
/* Found html code written in text field of form ,
* when trying to upload a file with filesize
* greater than upload_max_filesize . Cause is unknown .
* Then Filesize gets <= 0.
*/
2017-03-21 17:02:59 +01:00
if ( $filesize <= 0 ) {
2018-01-22 15:16:25 +01:00
$msg = L10n :: t ( 'Sorry, maybe your upload is bigger than the PHP configuration allows' ) . EOL . ( L10n :: t ( 'Or - did you try to upload an empty file?' ));
2015-08-24 13:54:41 +02:00
if ( $r_json ) {
2018-01-15 14:05:12 +01:00
echo json_encode ([ 'error' => $msg ]);
2015-08-24 13:54:41 +02:00
} else {
notice ( $msg . EOL );
}
2014-04-23 20:22:53 +02:00
@ unlink ( $src );
killme ();
}
2017-03-21 17:02:59 +01:00
if (( $maxfilesize ) && ( $filesize > $maxfilesize )) {
2018-01-24 03:59:16 +01:00
$msg = L10n :: t ( 'File exceeds size limit of %s' , formatBytes ( $maxfilesize ));
2015-08-24 13:54:41 +02:00
if ( $r_json ) {
2018-01-15 14:05:12 +01:00
echo json_encode ([ 'error' => $msg ]);
2015-08-24 13:54:41 +02:00
} else {
echo $msg . EOL ;
}
2011-05-25 07:40:52 +02:00
@ unlink ( $src );
2015-06-29 02:39:08 +02:00
killme ();
2011-05-25 07:40:52 +02:00
}
$filedata = @ file_get_contents ( $src );
2018-01-15 14:32:11 +01:00
$mimetype = Mimetype :: getContentType ( $filename );
2018-07-09 21:38:16 +02:00
$hash = System :: createGUID ( 64 );
2018-01-27 03:38:34 +01:00
$created = DateTimeFormat :: utcNow ();
2017-09-15 23:17:58 +02:00
2018-01-15 14:05:12 +01:00
$fields = [ 'uid' => $page_owner_uid , 'hash' => $hash , 'filename' => $filename , 'filetype' => $mimetype ,
2017-09-15 23:17:58 +02:00
'filesize' => $filesize , 'data' => $filedata , 'created' => $created , 'edited' => $created ,
2018-01-15 14:05:12 +01:00
'allow_cid' => '<' . $page_owner_cid . '>' , 'allow_gid' => '' , 'deny_cid' => '' , 'deny_gid' => '' ];
2017-09-15 23:17:58 +02:00
2018-07-20 14:19:26 +02:00
$r = DBA :: insert ( 'attach' , $fields );
2011-05-25 07:40:52 +02:00
@ unlink ( $src );
2017-03-21 17:02:59 +01:00
if ( ! $r ) {
2018-01-22 15:16:25 +01:00
$msg = L10n :: t ( 'File upload failed.' );
2015-08-24 13:54:41 +02:00
if ( $r_json ) {
2018-01-15 14:05:12 +01:00
echo json_encode ([ 'error' => $msg ]);
2015-08-24 13:54:41 +02:00
} else {
echo $msg . EOL ;
}
2011-05-25 07:40:52 +02:00
killme ();
}
$r = q ( " SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1 " ,
intval ( $page_owner_uid ),
dbesc ( $created ),
dbesc ( $hash )
);
2017-11-08 04:57:46 +01:00
if ( ! DBM :: is_result ( $r )) {
2018-01-22 15:16:25 +01:00
$msg = L10n :: t ( 'File upload failed.' );
2015-08-24 13:54:41 +02:00
if ( $r_json ) {
2018-01-15 14:05:12 +01:00
echo json_encode ([ 'error' => $msg ]);
2015-08-24 13:54:41 +02:00
} else {
echo $msg . EOL ;
}
2011-05-25 07:40:52 +02:00
killme ();
}
2015-11-07 16:24:59 +01:00
if ( $r_json ) {
2018-01-15 14:05:12 +01:00
echo json_encode ([ 'ok' => true ]);
2016-11-14 18:49:51 +01:00
killme ();
}
2015-08-24 13:54:41 +02:00
2012-12-03 10:05:10 +01:00
$lf = " \n " ;
2012-04-17 15:11:41 +02:00
echo $lf . $lf . '[attachment]' . $r [ 0 ][ 'id' ] . '[/attachment]' . $lf ;
2015-08-24 13:54:41 +02:00
2011-05-25 07:40:52 +02:00
killme ();
// NOTREACHED
}