friendica/mod/photos.php

<?php
require_once('include/Photo.php');
require_once('include/photos.php');
require_once('include/items.php');
require_once('include/acl_selectors.php');
require_once('include/bbcode.php');
require_once('include/security.php');
require_once('include/redir.php');
require_once('include/tags.php');
require_once('include/threads.php');
require_once('include/Probe.php');

function photos_init(&$a) {

	if ($a->argc > 1)
		auto_redir($a, $a->argv[1]);

	if ((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
		return;
	}

	nav_set_selected('home');

	if ($a->argc > 1) {
		$nick = $a->argv[1];
		$user = qu("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
			dbesc($nick)
		);

		if (! count($user))
			return;

		$a->data['user'] = $user[0];
		$a->profile_uid = $user[0]['uid'];
		$is_owner = (local_user() && (local_user() == $a->profile_uid));

		$profile = get_profiledata_by_nick($nick, $a->profile_uid);

		$account_type = account_type($profile);

		$tpl = get_markup_template("vcard-widget.tpl");

		$vcard_widget .= replace_macros($tpl, array(
			'$name' => $profile['name'],
			'$photo' => $profile['photo'],
			'$addr' => (($profile['addr'] != "") ? $profile['addr'] : ""),
			'$account_type' => $account_type,
			'$pdesc' => (($profile['pdesc'] != "") ? $profile['pdesc'] : ""),
		));

		$albums = photo_albums($a->data['user']['uid']);

		$albums_visible = ((intval($a->data['user']['hidewall']) && (! local_user()) && (! remote_user())) ? false : true);

		// add various encodings to the array so we can just loop through and pick them out in a template
		$ret = array('success' => false);

		if ($albums) {
			$a->data['albums'] = $albums;
			if ($albums_visible)
				$ret['success'] = true;

			$ret['albums'] = array();
			foreach ($albums as $k => $album) {
				//hide profile photos to others
				if ((! $is_owner) && (! remote_user()) && ($album['album'] == t('Profile Photos')))
					continue;
				$entry = array(
					'text'      => $album['album'],
					'total'     => $album['total'],
					'url'       => 'photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album['album']),
					'urlencode' => urlencode($album['album']),
					'bin2hex'   => bin2hex($album['album'])
				);
				$ret['albums'][] = $entry;
			}
		}

		$albums = $ret;

		if (local_user() && $a->data['user']['uid'] == local_user())
			$can_post = true;

		if ($albums['success']) {
			$photo_albums_widget = replace_macros(get_markup_template('photo_albums.tpl'),array(
				'$nick'     => $a->data['user']['nickname'],
				'$title'    => t('Photo Albums'),
				'$recent'    => t('Recent Photos'),
				'$albums'   => $albums['albums'],
				'$baseurl'  => z_root(),
				'$upload'   => array( t('Upload New Photos'), 'photos/' . $a->data['user']['nickname'] . '/upload'),
				'$can_post' => $can_post
			));
		}


		if (! x($a->page,'aside'))
			$a->page['aside'] = '';
		$a->page['aside'] .= $vcard_widget;
		$a->page['aside'] .= $photo_albums_widget;


		$tpl = get_markup_template("photos_head.tpl");
		$a->page['htmlhead'] .= replace_macros($tpl,array(
			'$ispublic' => t('everybody')
		));

	}

	return;
}



function photos_post(&$a) {

	logger('mod-photos: photos_post: begin' , LOGGER_DEBUG);


	logger('mod_photos: REQUEST ' . print_r($_REQUEST,true), LOGGER_DATA);
	logger('mod_photos: FILES '   . print_r($_FILES,true), LOGGER_DATA);

	$phototypes = Photo::supportedTypes();

	$can_post  = false;
	$visitor   = 0;

	$page_owner_uid = $a->data['user']['uid'];
	$community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false);

	if ((local_user()) && (local_user() == $page_owner_uid))
		$can_post = true;
	else {
		if ($community_page && remote_user()) {
			$contact_id = 0;
			if (is_array($_SESSION['remote'])) {
				foreach ($_SESSION['remote'] as $v) {
					if ($v['uid'] == $page_owner_uid) {
						$contact_id = $v['cid'];
						break;
					}
				}
			}
			if ($contact_id) {

				$r = qu("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
					intval($contact_id),
					intval($page_owner_uid)
				);
				if (dbm::is_result($r)) {
					$can_post = true;
					$visitor = $contact_id;
				}
			}
		}
	}

	if (! $can_post) {
		notice( t('Permission denied.') . EOL );
		killme();
	}

	$r = qu("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
		WHERE `user`.`uid` = %d AND `self` = 1 LIMIT 1",
		intval($page_owner_uid)
	);

	if (! dbm::is_result($r)) {
		notice( t('Contact information unavailable') . EOL);
		logger('photos_post: unable to locate contact record for page owner. uid=' . $page_owner_uid);
		killme();
	}

	$owner_record = $r[0];


	if (($a->argc > 3) && ($a->argv[2] === 'album')) {
		$album = hex2bin($a->argv[3]);

		if ($album === t('Profile Photos') || $album === 'Contact Photos' || $album === t('Contact Photos')) {
			goaway($_SESSION['photo_return']);
			return; // NOTREACHED
		}

		$r = qu("SELECT count(*) FROM `photo` WHERE `album` = '%s' AND `uid` = %d",
			dbesc($album),
			intval($page_owner_uid)
		);
		if (! dbm::is_result($r)) {
			notice( t('Album not found.') . EOL);
			goaway($_SESSION['photo_return']);
			return; // NOTREACHED
		}

		// Check if the user has responded to a delete confirmation query
		if ($_REQUEST['canceled']) {
			goaway($_SESSION['photo_return']);
		}

		/*
		 * RENAME photo album
		 */

		$newalbum = notags(trim($_POST['albumname']));
		if ($newalbum != $album) {
			q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d",
				dbesc($newalbum),
				dbesc($album),
				intval($page_owner_uid)
			);
			$newurl = str_replace(bin2hex($album),bin2hex($newalbum),$_SESSION['photo_return']);
			goaway($newurl);
			return; // NOTREACHED
		}

		/*
		 * DELETE photo album and all its photos
		 */

		if ($_POST['dropalbum'] == t('Delete Album')) {

			// Check if we should do HTML-based delete confirmation
			if ($_REQUEST['confirm']) {
				$drop_url = $a->query_string;
				$extra_inputs = array(
					array('name' => 'albumname', 'value' => $_POST['albumname']),
				);
				$a->page['content'] = replace_macros(get_markup_template('confirm.tpl'), array(
					'$method' => 'post',
					'$message' => t('Do you really want to delete this photo album and all its photos?'),
					'$extra_inputs' => $extra_inputs,
					'$confirm' => t('Delete Album'),
					'$confirm_url' => $drop_url,
					'$confirm_name' => 'dropalbum', // Needed so that confirmation will bring us back into this if statement
					'$cancel' => t('Cancel'),
				));
				$a->error = 1; // Set $a->error so the other module functions don't execute
				return;
			}

			$res = array();

			// get the list of photos we are about to delete

			if ($visitor) {
				$r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `album` = '%s'",
					intval($visitor),
					intval($page_owner_uid),
					dbesc($album)
				);
			} else {
				$r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `uid` = %d AND `album` = '%s'",
					intval(local_user()),
					dbesc($album)
				);
			}
			if (dbm::is_result($r)) {
				foreach($r as $rr) {
					$res[] = "'" . dbesc($rr['rid']) . "'" ;
				}
			} else {
				goaway($_SESSION['photo_return']);
				return; // NOTREACHED
			}

			$str_res = implode(',', $res);

			// remove the associated photos

			q("DELETE FROM `photo` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d",
				intval($page_owner_uid)
			);

			// find and delete the corresponding item with all the comments and likes/dislikes

			$r = q("SELECT `parent-uri` FROM `item` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d",
				intval($page_owner_uid)
			);
			if (dbm::is_result($r)) {
				foreach($r as $rr) {
					q("UPDATE `item` SET `deleted` = 1, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d",
						dbesc(datetime_convert()),
						dbesc($rr['parent-uri']),
						intval($page_owner_uid)
					);
					create_tags_from_itemuri($rr['parent-uri'], $page_owner_uid);
					delete_thread_uri($rr['parent-uri'], $page_owner_uid);

					$drop_id = intval($rr['id']);

					// send the notification upstream/downstream as the case may be

					if ($rr['visible'])
						proc_run(PRIORITY_HIGH, "include/notifier.php", "drop", $drop_id);
				}
			}
		}
		goaway('photos/' . $a->data['user']['nickname']);
		return; // NOTREACHED
	}


	// Check if the user has responded to a delete confirmation query for a single photo
	if (($a->argc > 2) && $_REQUEST['canceled']) {
		goaway($_SESSION['photo_return']);
	}

	if (($a->argc > 2) && (x($_POST,'delete')) && ($_POST['delete'] == t('Delete Photo'))) {

		// same as above but remove single photo

		// Check if we should do HTML-based delete confirmation
		if ($_REQUEST['confirm']) {
			$drop_url = $a->query_string;
			$a->page['content'] = replace_macros(get_markup_template('confirm.tpl'), array(
				'$method' => 'post',
				'$message' => t('Do you really want to delete this photo?'),
				'$extra_inputs' => array(),
				'$confirm' => t('Delete Photo'),
				'$confirm_url' => $drop_url,
				'$confirm_name' => 'delete', // Needed so that confirmation will bring us back into this if statement
				'$cancel' => t('Cancel'),
			));
			$a->error = 1; // Set $a->error so the other module functions don't execute
			return;
		}

		if ($visitor) {
			$r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `resource-id` = '%s' LIMIT 1",
				intval($visitor),
				intval($page_owner_uid),
				dbesc($a->argv[2])
			);
		} else {
			$r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' LIMIT 1",
				intval(local_user()),
				dbesc($a->argv[2])
			);
		}
		if (dbm::is_result($r)) {
			q("DELETE FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'",
				intval($page_owner_uid),
				dbesc($r[0]['resource-id'])
			);
			$i = q("SELECT * FROM `item` WHERE `resource-id` = '%s' AND `uid` = %d LIMIT 1",
				dbesc($r[0]['resource-id']),
				intval($page_owner_uid)
			);
			if (count($i)) {
				q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d",
					dbesc(datetime_convert()),
					dbesc(datetime_convert()),
					dbesc($i[0]['uri']),
					intval($page_owner_uid)
				);
				create_tags_from_itemuri($i[0]['uri'], $page_owner_uid);
				delete_thread_uri($i[0]['uri'], $page_owner_uid);

				$url = App::get_baseurl();
				$drop_id = intval($i[0]['id']);

				if ($i[0]['visible'])
					proc_run(PRIORITY_HIGH, "include/notifier.php", "drop", $drop_id);
			}
		}

		goaway('photos/' . $a->data['user']['nickname']);
		return; // NOTREACHED
	}

	if (($a->argc > 2) && ((x($_POST,'desc') !== false) || (x($_POST,'newtag') !== false)) || (x($_POST,'albname') !== false)) {

		$desc        = ((x($_POST,'desc'))    ? notags(trim($_POST['desc']))    : '');
		$rawtags     = ((x($_POST,'newtag'))  ? notags(trim($_POST['newtag']))  : '');
		$item_id     = ((x($_POST,'item_id')) ? intval($_POST['item_id'])       : 0);
		$albname     = ((x($_POST,'albname')) ? notags(trim($_POST['albname'])) : '');
		$str_group_allow   = perms2str($_POST['group_allow']);
		$str_contact_allow = perms2str($_POST['contact_allow']);
		$str_group_deny    = perms2str($_POST['group_deny']);
		$str_contact_deny  = perms2str($_POST['contact_deny']);

		$resource_id = $a->argv[2];

		if (! strlen($albname))
			$albname = datetime_convert('UTC',date_default_timezone_get(),'now', 'Y');


		if ((x($_POST,'rotate') !== false) &&
		   ( (intval($_POST['rotate']) == 1) || (intval($_POST['rotate']) == 2) )) {
			logger('rotate');

			$r = q("select * from photo where `resource-id` = '%s' and uid = %d and scale = 0 limit 1",
				dbesc($resource_id),
				intval($page_owner_uid)
			);
			if (dbm::is_result($r)) {
				$ph = new Photo($r[0]['data'], $r[0]['type']);
				if ($ph->is_valid()) {
					$rotate_deg = ( (intval($_POST['rotate']) == 1) ? 270 : 90 );
					$ph->rotate($rotate_deg);

					$width  = $ph->getWidth();
					$height = $ph->getHeight();

					$x = q("update photo set data = '%s', height = %d, width = %d where `resource-id` = '%s' and uid = %d and scale = 0",
						dbesc($ph->imageString()),
						intval($height),
						intval($width),
						dbesc($resource_id),
						intval($page_owner_uid)
					);

					if ($width > 640 || $height > 640) {
						$ph->scaleImage(640);
						$width  = $ph->getWidth();
						$height = $ph->getHeight();

						$x = q("update photo set data = '%s', height = %d, width = %d where `resource-id` = '%s' and uid = %d and scale = 1",
							dbesc($ph->imageString()),
							intval($height),
							intval($width),
							dbesc($resource_id),
							intval($page_owner_uid)
						);
					}

					if ($width > 320 || $height > 320) {
						$ph->scaleImage(320);
						$width  = $ph->getWidth();
						$height = $ph->getHeight();

						$x = q("update photo set data = '%s', height = %d, width = %d where `resource-id` = '%s' and uid = %d and scale = 2",
							dbesc($ph->imageString()),
							intval($height),
							intval($width),
							dbesc($resource_id),
							intval($page_owner_uid)
						);
					}
				}
			}
		}

		$p = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ORDER BY `scale` DESC",
			dbesc($resource_id),
			intval($page_owner_uid)
		);
		if (count($p)) {
			$ext = $phototypes[$p[0]['type']];
			$r = q("UPDATE `photo` SET `desc` = '%s', `album` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource-id` = '%s' AND `uid` = %d",
				dbesc($desc),
				dbesc($albname),
				dbesc($str_contact_allow),
				dbesc($str_group_allow),
				dbesc($str_contact_deny),
				dbesc($str_group_deny),
				dbesc($resource_id),
				intval($page_owner_uid)
			);
		}

		/* Don't make the item visible if the only change was the album name */

		$visibility = 0;
		if ($p[0]['desc'] !== $desc || strlen($rawtags))
			$visibility = 1;

		if (! $item_id) {

			// Create item container

			$title = '';
			$uri = item_new_uri($a->get_hostname(),$page_owner_uid);

			$arr = array();
			$arr['guid']          = get_guid(32);
			$arr['uid']           = $page_owner_uid;
			$arr['uri']           = $uri;
			$arr['parent-uri']    = $uri;
			$arr['type']          = 'photo';
			$arr['wall']          = 1;
			$arr['resource-id']   = $p[0]['resource-id'];
			$arr['contact-id']    = $owner_record['id'];
			$arr['owner-name']    = $owner_record['name'];
			$arr['owner-link']    = $owner_record['url'];
			$arr['owner-avatar']  = $owner_record['thumb'];
			$arr['author-name']   = $owner_record['name'];
			$arr['author-link']   = $owner_record['url'];
			$arr['author-avatar'] = $owner_record['thumb'];
			$arr['title']         = $title;
			$arr['allow_cid']     = $p[0]['allow_cid'];
			$arr['allow_gid']     = $p[0]['allow_gid'];
			$arr['deny_cid']      = $p[0]['deny_cid'];
			$arr['deny_gid']      = $p[0]['deny_gid'];
			$arr['last-child']    = 1;
			$arr['visible']       = $visibility;
			$arr['origin']        = 1;

			$arr['body']          = '[url=' . App::get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $p[0]['resource-id'] . ']'
						. '[img]' . App::get_baseurl() . '/photo/' . $p[0]['resource-id'] . '-' . $p[0]['scale'] . '.'. $ext . '[/img]'
						. '[/url]';

			$item_id = item_store($arr);

		}

		if ($item_id) {
			$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1",
				intval($item_id),
				intval($page_owner_uid)
			);
		}
		if (dbm::is_result($r)) {
			$old_tag    = $r[0]['tag'];
			$old_inform = $r[0]['inform'];
		}

		if (strlen($rawtags)) {

			$str_tags = '';
			$inform   = '';

			// if the new tag doesn't have a namespace specifier (@foo or #foo) give it a hashtag

			$x = substr($rawtags,0,1);
			if ($x !== '@' && $x !== '#')
				$rawtags = '#' . $rawtags;

			$taginfo = array();
			$tags = get_tags($rawtags);

			if (count($tags)) {
				foreach ($tags as $tag) {
					if (isset($profile))
						unset($profile);
					if (strpos($tag,'@') === 0) {
						$name = substr($tag,1);
						if ((strpos($name,'@')) || (strpos($name,'http://'))) {
							$newname = $name;
							$links = @Probe::lrdd($name);
							if (count($links)) {
								foreach ($links as $link) {
									if ($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page')
										$profile = $link['@attributes']['href'];
									if ($link['@attributes']['rel'] === 'salmon') {
										$salmon = '$url:' . str_replace(',','%sc',$link['@attributes']['href']);
										if (strlen($inform))
											$inform .= ',';
							$inform .= $salmon;
									}
								}
							}
							$taginfo[] = array($newname,$profile,$salmon);
						} else {
							$newname = $name;
							$alias = '';
							$tagcid = 0;
							if (strrpos($newname,'+'))
								$tagcid = intval(substr($newname,strrpos($newname,'+') + 1));

							if ($tagcid) {
								$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
									intval($tagcid),
									intval($profile_uid)
								);
							} else {
								$newname = str_replace('_',' ',$name);

								//select someone from this user's contacts by name
								$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
										dbesc($newname),
										intval($page_owner_uid)
								);

								if (! $r) {
									//select someone by attag or nick and the name passed in
									$r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
											dbesc($name),
											dbesc($name),
											intval($page_owner_uid)
									);
								}
							}
/*							elseif (strstr($name,'_') || strstr($name,' ')) {
								$newname = str_replace('_',' ',$name);
								$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
									dbesc($newname),
									intval($page_owner_uid)
								);
							} else {
								$r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
									dbesc($name),
									dbesc($name),
									intval($page_owner_uid)
								);
							}*/
							if (dbm::is_result($r)) {
								$newname = $r[0]['name'];
								$profile = $r[0]['url'];
								$notify = 'cid:' . $r[0]['id'];
								if (strlen($inform))
									$inform .= ',';
								$inform .= $notify;
							}
						}
						if ($profile) {
							if (substr($notify,0,4) === 'cid:')
								$taginfo[] = array($newname,$profile,$notify,$r[0],'@[url=' . str_replace(',','%2c',$profile) . ']' . $newname	. '[/url]');
							else
								$taginfo[] = array($newname,$profile,$notify,null,$str_tags .= '@[url=' . $profile . ']' . $newname	. '[/url]');
							if (strlen($str_tags))
								$str_tags .= ',';
							$profile = str_replace(',','%2c',$profile);
							$str_tags .= '@[url='.$profile.']'.$newname.'[/url]';
						}
					} elseif (strpos($tag,'#') === 0) {
						$tagname = substr($tag, 1);
						$str_tags .= '#[url='.App::get_baseurl()."/search?tag=".$tagname.']'.$tagname.'[/url]';
					}
				}
			}

			$newtag = $old_tag;
			if (strlen($newtag) && strlen($str_tags))
				$newtag .= ',';
			$newtag .= $str_tags;

			$newinform = $old_inform;
			if (strlen($newinform) && strlen($inform))
				$newinform .= ',';
			$newinform .= $inform;

			$r = q("UPDATE `item` SET `tag` = '%s', `inform` = '%s', `edited` = '%s', `changed` = '%s' WHERE `id` = %d AND `uid` = %d",
				dbesc($newtag),
				dbesc($newinform),
				dbesc(datetime_convert()),
				dbesc(datetime_convert()),
				intval($item_id),
				intval($page_owner_uid)
			);
			create_tags_from_item($item_id);
			update_thread($item_id);