file attachments

boot.php

@@ -6,7 +6,7 @@ ini_set('pcre.backtrack_limit', 250000);
 
 define ( 'FRIENDIKA_VERSION',      '2.2.990' );
 define ( 'DFRN_PROTOCOL_VERSION',  '2.21'    );
-define ( 'DB_UPDATE_VERSION',      1057      );
+define ( 'DB_UPDATE_VERSION',      1058      );
 
 define ( 'EOL',                    "<br />\r\n"     );
 define ( 'ATOM_TIME',              'Y-m-d\TH:i:s\Z' );
@@ -1983,15 +1983,15 @@ function get_tags($s) {
 	$s = preg_replace('/\[code\](.*?)\[\/code\]/sm','',$s);
 
 	if(preg_match_all('/([@#][^ \x0D\x0A,:?]+)([ \x0D\x0A,:?]|$)/',$s,$match)) {
-		foreach($match[1] as $match) {
-			if(strstr($match,"]")) {
+		foreach($match[1] as $mtch) {
+			if(strstr($mtch,"]")) {
 				// we might be inside a bbcode color tag - leave it alone
 				continue;
 			}
-			if(substr($match,-1,1) === '.')
-				$ret[] = substr($match,0,-1);
+			if(substr($mtch,-1,1) === '.')
+				$ret[] = substr($mtch,0,-1);
 			else
-				$ret[] = $match;
+				$ret[] = $mtch;
 		}
 	}
 

database.sql

@@ -528,6 +528,7 @@ CREATE TABLE IF NOT EXISTS `attach` (
 `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
 `uid` INT NOT NULL ,
 `hash` CHAR(64) NOT NULL,
+`filename` CHAR(255) NOT NULL,
 `filetype` CHAR( 64 ) NOT NULL ,
 `filesize` INT NOT NULL ,
 `data` LONGBLOB NOT NULL ,

include/conversation.php

@@ -730,6 +730,7 @@ function status_editor($a,$x, $notes_cid = 0) {
 			'$action' => 'item',
 			'$share' => (($x['button']) ? $x['button'] : t('Share')),
 			'$upload' => t('Upload photo'),
+			'$attach' => t('Attach file'),
 			'$weblink' => t('Insert web link'),
 			'$youtube' => t('Insert YouTube video'),
 			'$video' => t('Insert Vorbis [.ogg] video'),

mod/attach.php

@@ -0,0 +1,73 @@
+<?php
+
+function attach_init(&$a) {
+
+	if($a->argc != 2) {
+		notice( t('Item not available.') . EOL);
+		return;
+	}
+
+	$item_id = intval($a->argv[1]);
+
+	$r = q("SELECT * FROM `attach` WHERE `id` = %d LIMIT 1",
+		intval($item_id)
+	);
+	if(! count($r)) {
+		notice( t('Item was not found.'). EOL);
+		return;
+	}
+
+	$owner = $r[0]['uid'];
+
+	$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
+
+	if(local_user() && ($owner == $_SESSION['uid'])) {
+
+			// Owner can always see his/her photos
+			$sql_extra = ''; 
+
+	}
+	elseif(remote_user()) {
+
+		// authenticated visitor - here lie dragons
+
+		$groups = init_groups_visitor($_SESSION['visitor_id']);
+		$gs = '<<>>'; // should be impossible to match
+		if(count($groups)) {
+			foreach($groups as $g)
+				$gs .= '|<' . intval($g) . '>';
+		} 
+
+		$sql_extra = sprintf(
+			" AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) 
+			  AND ( `deny_cid`  = '' OR  NOT `deny_cid` REGEXP '<%d>' ) 
+			  AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
+			  AND ( `deny_gid`  = '' OR NOT `deny_gid` REGEXP '%s') ",
+
+			intval($_SESSION['visitor_id']),
+			intval($_SESSION['visitor_id']),
+			dbesc($gs),
+			dbesc($gs)
+		);
+	}
+
+	// Now we'll see if we can access the attachment
+
+	$r = q("SELECT * FROM `attach` WHERE `id` = '%d' $sql_extra LIMIT 1",
+		dbesc($item_id)
+	);
+
+	if(count($r)) {
+		$data = $r[0]['data'];
+	}
+	else {
+		notice( t('Permission denied.') . EOL);
+		return;
+	}
+
+	header('Content-type: ' . $r[0]['filetype']);
+	header('Content-disposition: attachment; filename=' . $r[0]['filename']);
+	echo $data;
+	killme();
+	// NOTREACHED
+}

mod/editpost.php

@@ -87,6 +87,7 @@ function editpost_content(&$a) {
 		'$action' => 'item',
 		'$share' => t('Edit'),
 		'$upload' => t('Upload photo'),
+		'$attach' => t('Attach file'),
 		'$weblink' => t('Insert web link'),
 		'$youtube' => t('Insert YouTube video'),
 		'$video' => t('Insert Vorbis [.ogg] video'),

mod/item.php

@@ -218,6 +218,32 @@ function item_post(&$a) {
 		}
 	}
 
+
+	$match = null;
+
+	if(preg_match_all("/\[attachment\](.+?)\[\/attachment\]/",$body,$match)) {
+		$attaches = $match[1];
+		if(count($attaches)) {
+			foreach($attaches as $attach) {
+				$r = q("SELECT * FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1",
+					intval($profile_uid),
+					intval($attaches)
+				);				
+				if(count($r)) {
+					$r = q("UPDATE `attach` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
+						WHERE `uid` = %d AND `id` = %d LIMIT 1",
+						intval($profile_uid),
+						intval($attaches)
+					);
+				}
+			}
+		}
+	}
+
+
+
+
+
 	/**
 	 * Fold multi-line [code] sequences
 	 */
@@ -322,6 +348,23 @@ function item_post(&$a) {
 		}
 	}
 
+	$attachments = '';
+
+	if(preg_match_all('/(\[attachment\]([0-9]+)\[\/attachment\])/',$body,$match)) {
+		foreach($match[2] as $mtch) {
+			$r = q("SELECT `id`,`filename`,`filesize`,`filetype` FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1",
+				intval($profile_uid),
+				intval($mtch)
+			);
+			if(count($r)) {
+				if(strlen($attachments))
+					$attachments .= ',';
+				$attachments .= '[attach]href="' . $a->get_baseurl() . '/attach/' . $r[0]['id'] . '" size="' . $r[0]['filesize'] . '" type="' . $r[0]['filetype'] . '" title="' . $r[0]['filename'] . '"[/attach]'; 
+			}
+			$body = str_replace($match[1],'',$body);
+		}
+	}
+
 	$wall = 0;
 
 	if($post_type === 'wall' || $post_type === 'wall-comment')
@@ -365,6 +408,7 @@ function item_post(&$a) {
 	$datarray['deny_gid']      = $str_group_deny;
 	$datarray['private']       = $private;
 	$datarray['pubmail']       = $pubmail_enable;
+	$datarray['attach']        = $attachments;
 
 	/**
 	 * These fields are for the convenience of plugins...
@@ -399,11 +443,11 @@ function item_post(&$a) {
 	else
 		$post_id = 0;
 
-
+dbg(1);
 	$r = q("INSERT INTO `item` (`uid`,`type`,`wall`,`gravity`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`, 
 		`author-name`, `author-link`, `author-avatar`, `created`, `edited`, `changed`, `uri`, `title`, `body`, `location`, `coord`, 
-		`tag`, `inform`, `verb`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private`, `pubmail` )
-		VALUES( %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d )",
+		`tag`, `inform`, `verb`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private`, `pubmail`, `attach` )
+		VALUES( %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s' )",
 		intval($datarray['uid']),
 		dbesc($datarray['type']),
 		intval($datarray['wall']),
@@ -431,7 +475,8 @@ function item_post(&$a) {
 		dbesc($datarray['deny_cid']),
 		dbesc($datarray['deny_gid']),
 		intval($datarray['private']),
-		intval($datarray['pubmail'])
+		intval($datarray['pubmail']),
+		dbesc($datarray['attach'])
 	);
 
 	$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",

mod/wall_attach.php

@@ -64,11 +64,12 @@ function wall_attach_post(&$a) {
 	$mimetype = mime_content_type($src);
 	$hash = random_string();
 	$created = datetime_convert();
-dbg(1);
-	$r = q("INSERT INTO `attach` ( `uid`, `hash`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
-		VALUES ( %d, '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
+
+	$r = q("INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
+		VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
 		intval($page_owner_uid),
 		dbesc($hash),
+		dbesc($filename),
 		dbesc($mimetype),
 		intval($filesize),
 		dbesc($filedata),

update.php

@@ -492,3 +492,6 @@ function update_1056() {
 	q("ALTER TABLE `attach` ADD `hash` CHAR( 64 ) NOT NULL AFTER `uid` ");
 }
 
+function update_1057() {
+	q("ALTER TABLE `attach` ADD `filename` CHAR( 255 ) NOT NULL AFTER `hash` ");
+}

view/theme/loozah/style.css

@@ -2440,6 +2440,7 @@ a.mail-list-link {
 .unlock { background-position: -32px -32px;}
 .video { background-position: -48px -32px;}
 .youtube { background-position: -64px -32px;}
+.attach { background-position: -80px -32px; }
 
 .attachtype {
 	display: block; width: 20px; height: 23px;