Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

105 lines
2.4 KiB

  1. <?php
  2. require_once('include/attach.php');
  3. require_once('include/datetime.php');
  4. function wall_attach_post(&$a) {
  5. if($a->argc > 1) {
  6. $nick = $a->argv[1];
  7. $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
  8. dbesc($nick)
  9. );
  10. if(! count($r))
  11. return;
  12. }
  13. else
  14. return;
  15. $can_post = false;
  16. $visitor = 0;
  17. $page_owner_uid = $r[0]['uid'];
  18. $page_owner_nick = $r[0]['nickname'];
  19. $community_page = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
  20. if((local_user()) && (local_user() == $page_owner_uid))
  21. $can_post = true;
  22. else {
  23. if($community_page && remote_user()) {
  24. $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
  25. intval(remote_user()),
  26. intval($page_owner_uid)
  27. );
  28. if(count($r)) {
  29. $can_post = true;
  30. $visitor = remote_user();
  31. }
  32. }
  33. }
  34. if(! $can_post) {
  35. notice( t('Permission denied.') . EOL );
  36. killme();
  37. }
  38. if(! x($_FILES,'userfile'))
  39. killme();
  40. $src = $_FILES['userfile']['tmp_name'];
  41. $filename = basename($_FILES['userfile']['name']);
  42. $filesize = intval($_FILES['userfile']['size']);
  43. $maxfilesize = get_config('system','maxfilesize');
  44. if(($maxfilesize) && ($filesize > $maxfilesize)) {
  45. notice( sprintf(t('File exceeds size limit of %d'), $maxfilesize) . EOL);
  46. @unlink($src);
  47. return;
  48. }
  49. $filedata = @file_get_contents($src);
  50. $mimetype = mime_content_type($src);
  51. $hash = random_string();
  52. $created = datetime_convert();
  53. dbg(1);
  54. $r = q("INSERT INTO `attach` ( `uid`, `hash`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
  55. VALUES ( %d, '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
  56. intval($page_owner_uid),
  57. dbesc($hash),
  58. dbesc($mimetype),
  59. intval($filesize),
  60. dbesc($filedata),
  61. dbesc($created),
  62. dbesc($created),
  63. dbesc('<' . $page_owner_uid . '>'),
  64. dbesc(''),
  65. dbesc(''),
  66. dbesc('')
  67. );
  68. @unlink($src);
  69. if(! $r) {
  70. echo ( t('File upload failed.') . EOL);
  71. killme();
  72. }
  73. $r = q("SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1",
  74. intval($page_owner_uid),
  75. dbesc($created),
  76. dbesc($hash)
  77. );
  78. if(! count($r)) {
  79. echo ( t('File upload failed.') . EOL);
  80. killme();
  81. }
  82. echo '<br /><br />[attachment]' . $r[0]['id'] . '[/attachment]' . '<br />';
  83. killme();
  84. // NOTREACHED
  85. }