Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

192 lines
4.6 KiB

10 years ago
10 years ago
  1. <?php
  2. require_once('include/attach.php');
  3. require_once('include/datetime.php');
  4. function wall_attach_post(&$a) {
  5. $r_json = (x($_GET,'response') && $_GET['response']=='json');
  6. if($a->argc > 1) {
  7. $nick = $a->argv[1];
  8. $r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1",
  9. dbesc($nick)
  10. );
  11. if(! count($r)){
  12. if ($r_json) {
  13. echo json_encode(array('error'=>t('Invalid request.')));
  14. killme();
  15. }
  16. return;
  17. }
  18. } else {
  19. if ($r_json) {
  20. echo json_encode(array('error'=>t('Invalid request.')));
  21. killme();
  22. }
  23. return;
  24. }
  25. $can_post = false;
  26. $visitor = 0;
  27. $page_owner_uid = $r[0]['uid'];
  28. $page_owner_cid = $r[0]['id'];
  29. $page_owner_nick = $r[0]['nickname'];
  30. $community_page = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
  31. if((local_user()) && (local_user() == $page_owner_uid))
  32. $can_post = true;
  33. else {
  34. if($community_page && remote_user()) {
  35. $cid = 0;
  36. if(is_array($_SESSION['remote'])) {
  37. foreach($_SESSION['remote'] as $v) {
  38. if($v['uid'] == $page_owner_uid) {
  39. $cid = $v['cid'];
  40. break;
  41. }
  42. }
  43. }
  44. if($cid) {
  45. $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
  46. intval($cid),
  47. intval($page_owner_uid)
  48. );
  49. if(count($r)) {
  50. $can_post = true;
  51. $visitor = $cid;
  52. }
  53. }
  54. }
  55. }
  56. if(! $can_post) {
  57. if ($r_json) {
  58. echo json_encode(array('error'=>t('Permission denied.')));
  59. killme();
  60. }
  61. notice( t('Permission denied.') . EOL );
  62. killme();
  63. }
  64. if(! x($_FILES,'userfile')) {
  65. if ($r_json) {
  66. echo json_encode(array('error'=>t('Invalid request.')));
  67. }
  68. killme();
  69. }
  70. $src = $_FILES['userfile']['tmp_name'];
  71. $filename = basename($_FILES['userfile']['name']);
  72. $filesize = intval($_FILES['userfile']['size']);
  73. $maxfilesize = get_config('system','maxfilesize');
  74. /* Found html code written in text field of form,
  75. * when trying to upload a file with filesize
  76. * greater than upload_max_filesize. Cause is unknown.
  77. * Then Filesize gets <= 0.
  78. */
  79. if($filesize <=0) {
  80. $msg = t('Sorry, maybe your upload is bigger than the PHP configuration allows') . EOL .(t('Or - did you try to upload an empty file?'));
  81. if ($r_json) {
  82. echo json_encode(array('error'=>$msg));
  83. } else {
  84. notice( $msg. EOL );
  85. }
  86. @unlink($src);
  87. killme();
  88. }
  89. if(($maxfilesize) && ($filesize > $maxfilesize)) {
  90. $msg = sprintf(t('File exceeds size limit of %s'), formatBytes($maxfilesize));
  91. if ($r_json) {
  92. echo json_encode(array('error'=>$msg));
  93. } else {
  94. echo $msg. EOL ;
  95. }
  96. @unlink($src);
  97. killme();
  98. }
  99. $r = q("select sum(octet_length(data)) as total from attach where uid = %d ",
  100. intval($page_owner_uid)
  101. );
  102. $limit = service_class_fetch($page_owner_uid,'attach_upload_limit');
  103. if(($limit !== false) && (($r[0]['total'] + strlen($imagedata)) > $limit)) {
  104. $msg = upgrade_message(true);
  105. if ($r_json) {
  106. echo json_encode(array('error'=>$msg));
  107. } else {
  108. echo $msg. EOL ;
  109. }
  110. @unlink($src);
  111. killme();
  112. }
  113. $filedata = @file_get_contents($src);
  114. $mimetype = z_mime_content_type($filename);
  115. $hash = get_guid(64);
  116. $created = datetime_convert();
  117. $r = q("INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
  118. VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
  119. intval($page_owner_uid),
  120. dbesc($hash),
  121. dbesc($filename),
  122. dbesc($mimetype),
  123. intval($filesize),
  124. dbesc($filedata),
  125. dbesc($created),
  126. dbesc($created),
  127. dbesc('<' . $page_owner_cid . '>'),
  128. dbesc(''),
  129. dbesc(''),
  130. dbesc('')
  131. );
  132. @unlink($src);
  133. if(! $r) {
  134. $msg = t('File upload failed.');
  135. if ($r_json) {
  136. echo json_encode(array('error'=>$msg));
  137. } else {
  138. echo $msg. EOL ;
  139. }
  140. killme();
  141. }
  142. $r = q("SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1",
  143. intval($page_owner_uid),
  144. dbesc($created),
  145. dbesc($hash)
  146. );
  147. if(! count($r)) {
  148. $msg = t('File upload failed.');
  149. if ($r_json) {
  150. echo json_encode(array('error'=>$msg));
  151. } else {
  152. echo $msg. EOL ;
  153. }
  154. killme();
  155. }
  156. if ($r_json) {
  157. echo json_encode(array('ok'=>true));
  158. killme();
  159. }
  160. $lf = "\n";
  161. echo $lf . $lf . '[attachment]' . $r[0]['id'] . '[/attachment]' . $lf;
  162. killme();
  163. // NOTREACHED
  164. }