Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1854 lines
56 KiB

<?php
/**
* @file mod/photos.php
*/
use Friendica\App;
use Friendica\Content\Feature;
use Friendica\Core\System;
use Friendica\Core\Config;
use Friendica\Core\Worker;
use Friendica\Database\DBM;
use Friendica\Model\Photo;
use Friendica\Network\Probe;
use Friendica\Object\Contact;
use Friendica\Object\Image;
require_once 'include/photos.php';
require_once 'include/items.php';
require_once 'include/acl_selectors.php';
require_once 'include/bbcode.php';
require_once 'include/security.php';
require_once 'include/redir.php';
require_once 'include/tags.php';
require_once 'include/threads.php';
function photos_init(App $a) {
if ($a->argc > 1) {
auto_redir($a, $a->argv[1]);
}
if ((Config::get('system', 'block_public')) && (! local_user()) && (! remote_user())) {
return;
}
nav_set_selected('home');
if ($a->argc > 1) {
$nick = $a->argv[1];
$user = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
dbesc($nick)
);
if (! DBM::is_result($user)) {
return;
}
$a->data['user'] = $user[0];
$a->profile_uid = $user[0]['uid'];
$is_owner = (local_user() && (local_user() == $a->profile_uid));
$profile = get_profiledata_by_nick($nick, $a->profile_uid);
$account_type = Contact::getAccountType($profile);
$tpl = get_markup_template("vcard-widget.tpl");
7 years ago
$vcard_widget .= replace_macros($tpl, array(
'$name' => $profile['name'],
'$photo' => $profile['photo'],
'$addr' => (($profile['addr'] != "") ? $profile['addr'] : ""),
'$account_type' => $account_type,
'$pdesc' => (($profile['pdesc'] != "") ? $profile['pdesc'] : ""),
));
$albums = photo_albums($a->data['user']['uid']);
$albums_visible = ((intval($a->data['user']['hidewall']) && (! local_user()) && (! remote_user())) ? false : true);
// add various encodings to the array so we can just loop through and pick them out in a template
$ret = array('success' => false);
if ($albums) {
$a->data['albums'] = $albums;
if ($albums_visible) {
$ret['success'] = true;
}
$ret['albums'] = array();
foreach ($albums as $k => $album) {
//hide profile photos to others
if ((! $is_owner) && (! remote_user()) && ($album['album'] == t('Profile Photos')))
continue;
$entry = array(
'text' => $album['album'],
'total' => $album['total'],
'url' => 'photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album['album']),
'urlencode' => urlencode($album['album']),
'bin2hex' => bin2hex($album['album'])
);
$ret['albums'][] = $entry;
}
}
$albums = $ret;
if (local_user() && $a->data['user']['uid'] == local_user()) {
$can_post = true;
}
if ($albums['success']) {
$photo_albums_widget = replace_macros(get_markup_template('photo_albums.tpl'), array(
'$nick' => $a->data['user']['nickname'],
'$title' => t('Photo Albums'),
'$recent' => t('Recent Photos'),
'$albums' => $albums['albums'],
'$baseurl' => System::baseUrl(),
'$upload' => array(t('Upload New Photos'), 'photos/' . $a->data['user']['nickname'] . '/upload'),
'$can_post' => $can_post
));
}
if (! x($a->page, 'aside')) {
$a->page['aside'] = '';
}
$a->page['aside'] .= $vcard_widget;
$a->page['aside'] .= $photo_albums_widget;
$tpl = get_markup_template("photos_head.tpl");
$a->page['htmlhead'] .= replace_macros($tpl,array(
'$ispublic' => t('everybody')
));
}
return;
}
function photos_post(App $a) {
logger('mod-photos: photos_post: begin' , LOGGER_DEBUG);
logger('mod_photos: REQUEST ' . print_r($_REQUEST,true), LOGGER_DATA);
logger('mod_photos: FILES ' . print_r($_FILES,true), LOGGER_DATA);
$phototypes = Image::supportedTypes();
$can_post = false;
$visitor = 0;
$page_owner_uid = $a->data['user']['uid'];
$community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false);
if ((local_user()) && (local_user() == $page_owner_uid)) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
$contact_id = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $page_owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($page_owner_uid)
);
if (DBM::is_result($r)) {
$can_post = true;
$visitor = $contact_id;
}
}
}
}
if (! $can_post) {
notice( t('Permission denied.') . EOL );
killme();
}
$r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
WHERE `user`.`uid` = %d AND `self` = 1 LIMIT 1",
intval($page_owner_uid)
);
if (! DBM::is_result($r)) {
notice( t('Contact information unavailable') . EOL);
logger('photos_post: unable to locate contact record for page owner. uid=' . $page_owner_uid);
killme();
}
$owner_record = $r[0];
if (($a->argc > 3) && ($a->argv[2] === 'album')) {
$album = hex2bin($a->argv[3]);
if ($album === t('Profile Photos') || $album === 'Contact Photos' || $album === t('Contact Photos')) {
goaway($_SESSION['photo_return']);
return; // NOTREACHED
}
$r = q("SELECT `album` FROM `photo` WHERE `album` = '%s' AND `uid` = %d",
dbesc($album),
intval($page_owner_uid)
);
if (!DBM::is_result($r)) {
notice( t('Album not found.') . EOL);
goaway($_SESSION['photo_return']);
return; // NOTREACHED
}
// Check if the user has responded to a delete confirmation query
if ($_REQUEST['canceled']) {
goaway($_SESSION['photo_return']);
}
/*
* RENAME photo album
*/
$newalbum = notags(trim($_POST['albumname']));
if ($newalbum != $album) {
q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d",
dbesc($newalbum),
dbesc($album),
intval($page_owner_uid)
);
// Update the photo albums cache
photo_albums($page_owner_uid, true);
$newurl = str_replace(bin2hex($album),bin2hex($newalbum),$_SESSION['photo_return']);
goaway($newurl);
return; // NOTREACHED
}
/*
* DELETE photo album and all its photos
*/
if ($_POST['dropalbum'] == t('Delete Album')) {
// Check if we should do HTML-based delete confirmation
if ($_REQUEST['confirm']) {
$drop_url = $a->query_string;
$extra_inputs = array(
array('name' => 'albumname', 'value' => $_POST['albumname']),
);
$a->page['content'] = replace_macros(get_markup_template('confirm.tpl'), array(
'$method' => 'post',
'$message' => t('Do you really want to delete this photo album and all its photos?'),
'$extra_inputs' => $extra_inputs,
'$confirm' => t('Delete Album'),
'$confirm_url' => $drop_url,
'$confirm_name' => 'dropalbum', // Needed so that confirmation will bring us back into this if statement
'$cancel' => t('Cancel'),
));
$a->error = 1; // Set $a->error so the other module functions don't execute
return;
}
$res = array();
// get the list of photos we are about to delete
if ($visitor) {
$r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `album` = '%s'",
intval($visitor),
intval($page_owner_uid),
dbesc($album)
);
} else {
$r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `uid` = %d AND `album` = '%s'",
intval(local_user()),
dbesc($album)
);
}
if (DBM::is_result($r)) {
foreach ($r as $rr) {
$res[] = "'" . dbesc($rr['rid']) . "'" ;
}
} else {
goaway($_SESSION['photo_return']);
return; // NOTREACHED
}
$str_res = implode(',', $res);
// remove the associated photos
q("DELETE FROM `photo` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d",
intval($page_owner_uid)
);
// find and delete the corresponding item with all the comments and likes/dislikes
$r = q("SELECT `parent-uri` FROM `item` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d",
intval($page_owner_uid)
);
if (DBM::is_result($r)) {
foreach ($r as $rr) {
q("UPDATE `item` SET `deleted` = 1, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d",
dbesc(datetime_convert()),
dbesc($rr['parent-uri']),
intval($page_owner_uid)
);
create_tags_from_itemuri($rr['parent-uri'], $page_owner_uid);
delete_thread_uri($rr['parent-uri'], $page_owner_uid);
$drop_id = intval($rr['id']);
// send the notification upstream/downstream as the case may be
if ($rr['visible']) {
Worker::add(PRIORITY_HIGH, "Notifier", "drop", $drop_id);
}
}
}
// Update the photo albums cache
photo_albums($page_owner_uid, true);
}
goaway('photos/' . $a->data['user']['nickname']);
return; // NOTREACHED
}
// Check if the user has responded to a delete confirmation query for a single photo
if (($a->argc > 2) && $_REQUEST['canceled']) {
goaway($_SESSION['photo_return']);
}
if (($a->argc > 2) && (x($_POST,'delete')) && ($_POST['delete'] == t('Delete Photo'))) {
// same as above but remove single photo
// Check if we should do HTML-based delete confirmation
if ($_REQUEST['confirm']) {
$drop_url = $a->query_string;
$a->page['content'] = replace_macros(get_markup_template('confirm.tpl'), array(
'$method' => 'post',
'$message' => t('Do you really want to delete this photo?'),
'$extra_inputs' => array(),
'$confirm' => t('Delete Photo'),
'$confirm_url' => $drop_url,
'$confirm_name' => 'delete', // Needed so that confirmation will bring us back into this if statement
'$cancel' => t('Cancel'),
));
$a->error = 1; // Set $a->error so the other module functions don't execute
return;
}
if ($visitor) {
$r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `resource-id` = '%s' LIMIT 1",
intval($visitor),
intval($page_owner_uid),
dbesc($a->argv[2])
);
} else {
$r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' LIMIT 1",
intval(local_user()),
dbesc($a->argv[2])
);
}
if (DBM::is_result($r)) {
q("DELETE FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'",
intval($page_owner_uid),
dbesc($r[0]['resource-id'])
);
$i = q("SELECT * FROM `item` WHERE `resource-id` = '%s' AND `uid` = %d LIMIT 1",
dbesc($r[0]['resource-id']),
intval($page_owner_uid)
);
if (DBM::is_result($i)) {
q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d",
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc($i[0]['uri']),
intval($page_owner_uid)
);
create_tags_from_itemuri($i[0]['uri'], $page_owner_uid);
delete_thread_uri($i[0]['uri'], $page_owner_uid);
$url = System::baseUrl();
$drop_id = intval($i[0]['id']);
// Update the photo albums cache
photo_albums($page_owner_uid, true);
if ($i[0]['visible']) {
Worker::add(PRIORITY_HIGH, "Notifier", "drop", $drop_id);
}
}
}
goaway('photos/' . $a->data['user']['nickname']);
return; // NOTREACHED
}
if (($a->argc > 2) && ((x($_POST,'desc') !== false) || (x($_POST,'newtag') !== false)) || (x($_POST,'albname') !== false)) {
$desc = ((x($_POST,'desc')) ? notags(trim($_POST['desc'])) : '');
$rawtags = ((x($_POST,'newtag')) ? notags(trim($_POST['newtag'])) : '');
$item_id = ((x($_POST,'item_id')) ? intval($_POST['item_id']) : 0);
$albname = ((x($_POST,'albname')) ? notags(trim($_POST['albname'])) : '');
$origaname = ((x($_POST,'origaname')) ? notags(trim($_POST['origaname'])) : '');
$str_group_allow = perms2str($_POST['group_allow']);
$str_contact_allow = perms2str($_POST['contact_allow']);
$str_group_deny = perms2str($_POST['group_deny']);
$str_contact_deny = perms2str($_POST['contact_deny']);
$resource_id = $a->argv[2];
11 years ago
if (! strlen($albname)) {
$albname = datetime_convert('UTC',date_default_timezone_get(),'now', 'Y');
}
10 years ago
if ((x($_POST,'rotate') !== false) &&
( (intval($_POST['rotate']) == 1) || (intval($_POST['rotate']) == 2) )) {
10 years ago
logger('rotate');
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 0 LIMIT 1",
10 years ago
dbesc($resource_id),
intval($page_owner_uid)
);
if (DBM::is_result($r)) {
$Image = new Image($r[0]['data'], $r[0]['type']);
if ($Image->isValid()) {
$rotate_deg = ( (intval($_POST['rotate']) == 1) ? 270 : 90 );
$Image->rotate($rotate_deg);
10 years ago
$width = $Image->getWidth();
$height = $Image->getHeight();
10 years ago
$x = q("UPDATE `photo` SET `data` = '%s', `height` = %d, `width` = %d WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 0",
dbesc($Image->asString()),
10 years ago
intval($height),
intval($width),
dbesc($resource_id),
intval($page_owner_uid)
10 years ago
);
if ($width > 640 || $height > 640) {
$Image->scaleDown(640);
$width = $Image->getWidth();
$height = $Image->getHeight();
$x = q("UPDATE `photo` SET `data` = '%s', `height` = %d, `width` = %d WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 1",
dbesc($Image->asString()),
10 years ago
intval($height),
intval($width),
dbesc($resource_id),
intval($page_owner_uid)
10 years ago
);
}
if ($width > 320 || $height > 320) {
$Image->scaleDown(320);
$width = $Image->getWidth();
$height = $Image->getHeight();
10 years ago
$x = q("UPDATE `photo` SET `data` = '%s', `height` = %d, `width` = %d WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 2",
dbesc($Image->asString()),
10 years ago
intval($height),
intval($width),
dbesc($resource_id),
intval($page_owner_uid)
10 years ago
);
}
10 years ago
}
}
}
$p = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ORDER BY `scale` DESC",
dbesc($resource_id),
intval($page_owner_uid)
11 years ago
);
if (DBM::is_result($p)) {
$ext = $phototypes[$p[0]['type']];
$r = q("UPDATE `photo` SET `desc` = '%s', `album` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource-id` = '%s' AND `uid` = %d",
dbesc($desc),
dbesc($albname),
dbesc($str_contact_allow),
dbesc($str_group_allow),
dbesc($str_contact_deny),
dbesc($str_group_deny),
dbesc($resource_id),
intval($page_owner_uid)
);
// Update the photo albums cache if album name was changed
if ($albname !== $origaname) {
photo_albums($page_owner_uid, true);
}
}
/* Don't make the item visible if the only change was the album name */
$visibility = 0;
if ($p[0]['desc'] !== $desc || strlen($rawtags)) {
$visibility = 1;
}
if (! $item_id) {
// Create item container
$title = '';
$uri = item_new_uri($a->get_hostname(),$page_owner_uid);
$arr = array();
$arr['guid'] = get_guid(32);
$arr['uid'] = $page_owner_uid;
$arr['uri'] = $uri;
$arr['parent-uri'] = $uri;
$arr['type'] = 'photo';
$arr['wall'] = 1;
$arr['resource-id'] = $p[0]['resource-id'];
$arr['contact-id'] = $owner_record['id'];
$arr['owner-name'] = $owner_record['name'];
$arr['owner-link'] = $owner_record['url'];
$arr['owner-avatar'] = $owner_record['thumb'];
$arr['author-name'] = $owner_record['name'];
$arr['author-link'] = $owner_record['url'];
$arr['author-avatar'] = $owner_record['thumb'];
$arr['title'] = $title;
$arr['allow_cid'] = $p[0]['allow_cid'];
$arr['allow_gid'] = $p[0]['allow_gid'];
$arr['deny_cid'] = $p[0]['deny_cid'];
$arr['deny_gid'] = $p[0]['deny_gid'];
$arr['last-child'] = 1;
$arr['visible'] = $visibility;
$arr['origin'] = 1;
$arr['body'] = '[url=' . System::baseUrl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $p[0]['resource-id'] . ']'
. '[img]' . System::baseUrl() . '/photo/' . $p[0]['resource-id'] . '-' . $p[0]['scale'] . '.'. $ext . '[/img]'
. '[/url]';
$item_id = item_store($arr);
}
if ($item_id) {
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($item_id),
intval($page_owner_uid)
);
}
if (DBM::is_result($r)) {
$old_tag = $r[0]['tag'];
$old_inform = $r[0]['inform'];
}
11 years ago
if (strlen($rawtags)) {
$str_tags = '';
$inform = '';
// if the new tag doesn't have a namespace specifier (@foo or #foo) give it a hashtag
$x = substr($rawtags,0,1);
if ($x !== '@' && $x !== '#') {
$rawtags = '#' . $rawtags;
}
$taginfo = array();
$tags = get_tags($rawtags);
if (count($tags)) {
foreach ($tags as $tag) {
if (isset($profile)) {
unset($profile);
}
if (strpos($tag, '@') === 0) {
$name = substr($tag,1);
if ((strpos($name, '@')) || (strpos($name, 'http://'))) {
$newname = $name;
$links = @Probe::lrdd($name);
if (count($links)) {
foreach ($links as $link) {
if ($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page') {
$profile = $link['@attributes']['href'];
}
if ($link['@attributes']['rel'] === 'salmon') {
$salmon = '$url:' . str_replace(',', '%sc', $link['@attributes']['href']);
if (strlen($inform)) {
$inform .= ',';
}
$inform .= $salmon;
}
}
}
$taginfo[] = array($newname, $profile, $salmon);
} else {
$newname = $name;
$alias = '';
$tagcid = 0;
if (strrpos($newname, '+')) {
$tagcid = intval(substr($newname, strrpos($newname, '+') + 1));
}
if ($tagcid) {
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($tagcid),
intval($profile_uid)
);
} else {
$newname = str_replace('_',' ',$name);
//select someone from this user's contacts by name
$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
dbesc($newname),
intval($page_owner_uid)
);
if (! DBM::is_result($r)) {
//select someone by attag or nick and the name passed in
$r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
dbesc($name),
dbesc($name),
intval($page_owner_uid)
);
}
}
if (DBM::is_result($r)) {
$newname = $r[0]['name'];
$profile = $r[0]['url'];
$notify = 'cid:' . $r[0]['id'];
if (strlen($inform)) {
$inform .= ',';
}
$inform .= $notify;