From 73b4faca5c7af506558eba6b7317d23551f1aefa Mon Sep 17 00:00:00 2001
From: Friendika <info@friendika.com>
Date: Tue, 24 May 2011 22:40:52 -0700
Subject: [PATCH] basic file upload/attach

---
 boot.php                          |   2 +-
 database.sql                      |   1 +
 include/attach.php                |  80 +++++++++++++++++++++++
 mod/wall_attach.php               | 105 ++++++++++++++++++++++++++++++
 mod/wall_upload.php               |   2 +-
 update.php                        |   7 +-
 view/jot-header.tpl               |  12 ++++
 view/jot.tpl                      |   4 ++
 view/theme/duepuntozero/style.css |   7 +-
 9 files changed, 216 insertions(+), 4 deletions(-)
 create mode 100644 include/attach.php
 create mode 100644 mod/wall_attach.php

diff --git a/boot.php b/boot.php
index 03689bde42..491c182fa4 100644
--- a/boot.php
+++ b/boot.php
@@ -6,7 +6,7 @@ ini_set('pcre.backtrack_limit', 250000);
 
 define ( 'FRIENDIKA_VERSION',      '2.2.990' );
 define ( 'DFRN_PROTOCOL_VERSION',  '2.21'    );
-define ( 'DB_UPDATE_VERSION',      1056      );
+define ( 'DB_UPDATE_VERSION',      1057      );
 
 define ( 'EOL',                    "<br />\r\n"     );
 define ( 'ATOM_TIME',              'Y-m-d\TH:i:s\Z' );
diff --git a/database.sql b/database.sql
index d9cd016f07..6f4704a220 100644
--- a/database.sql
+++ b/database.sql
@@ -527,6 +527,7 @@ CREATE TABLE IF NOT EXISTS `mailacct` (
 CREATE TABLE IF NOT EXISTS `attach` (
 `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
 `uid` INT NOT NULL ,
+`hash` CHAR(64) NOT NULL,
 `filetype` CHAR( 64 ) NOT NULL ,
 `filesize` INT NOT NULL ,
 `data` LONGBLOB NOT NULL ,
diff --git a/include/attach.php b/include/attach.php
new file mode 100644
index 0000000000..ca53081d93
--- /dev/null
+++ b/include/attach.php
@@ -0,0 +1,80 @@
+<?php
+
+if(!function_exists('mime_content_type')) {
+function mime_content_type($filename) {
+
+	$mime_types = array(
+
+		'txt' => 'text/plain',
+		'htm' => 'text/html',
+		'html' => 'text/html',
+		'php' => 'text/html',
+		'css' => 'text/css',
+		'js' => 'application/javascript',
+		'json' => 'application/json',
+		'xml' => 'application/xml',
+		'swf' => 'application/x-shockwave-flash',
+		'flv' => 'video/x-flv',
+
+		// images
+		'png' => 'image/png',
+		'jpe' => 'image/jpeg',
+		'jpeg' => 'image/jpeg',
+		'jpg' => 'image/jpeg',
+		'gif' => 'image/gif',
+		'bmp' => 'image/bmp',
+		'ico' => 'image/vnd.microsoft.icon',
+		'tiff' => 'image/tiff',
+		'tif' => 'image/tiff',
+		'svg' => 'image/svg+xml',
+		'svgz' => 'image/svg+xml',
+
+		// archives
+		'zip' => 'application/zip',
+		'rar' => 'application/x-rar-compressed',
+		'exe' => 'application/x-msdownload',
+		'msi' => 'application/x-msdownload',
+		'cab' => 'application/vnd.ms-cab-compressed',
+
+		// audio/video
+		'mp3' => 'audio/mpeg',
+		'qt' => 'video/quicktime',
+		'mov' => 'video/quicktime',
+		'ogg' => 'application/ogg',
+
+		// adobe
+		'pdf' => 'application/pdf',
+		'psd' => 'image/vnd.adobe.photoshop',
+		'ai' => 'application/postscript',
+		'eps' => 'application/postscript',
+		'ps' => 'application/postscript',
+
+		// ms office
+		'doc' => 'application/msword',
+		'rtf' => 'application/rtf',
+		'xls' => 'application/vnd.ms-excel',
+		'ppt' => 'application/vnd.ms-powerpoint',
+
+
+		// open office
+		'odt' => 'application/vnd.oasis.opendocument.text',
+		'ods' => 'application/vnd.oasis.opendocument.spreadsheet',
+	);
+
+	if(strpos($filename,'.') !== false) {
+		$ext = strtolower(array_pop(explode('.',$filename)));
+		if (array_key_exists($ext, $mime_types)) {
+			return $mime_types[$ext];
+		}
+	}
+	elseif (function_exists('finfo_open')) {
+		$finfo = finfo_open(FILEINFO_MIME);
+		$mimetype = finfo_file($finfo, $filename);
+		finfo_close($finfo);
+		return $mimetype;
+	}
+	else {
+		return 'application/octet-stream';
+	}
+}}
+
diff --git a/mod/wall_attach.php b/mod/wall_attach.php
new file mode 100644
index 0000000000..b539171cf9
--- /dev/null
+++ b/mod/wall_attach.php
@@ -0,0 +1,105 @@
+<?php
+
+require_once('include/attach.php');
+require_once('include/datetime.php');
+
+function wall_attach_post(&$a) {
+
+	if($a->argc > 1) {
+		$nick = $a->argv[1];
+		$r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
+			dbesc($nick)
+		);
+		if(! count($r))
+			return;
+
+	}
+	else
+		return;
+
+	$can_post  = false;
+	$visitor   = 0;
+
+	$page_owner_uid   = $r[0]['uid'];
+	$page_owner_nick  = $r[0]['nickname'];
+	$community_page   = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
+
+	if((local_user()) && (local_user() == $page_owner_uid))
+		$can_post = true;
+	else {
+		if($community_page && remote_user()) {
+			$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
+				intval(remote_user()),
+				intval($page_owner_uid)
+			);
+			if(count($r)) {
+				$can_post = true;
+				$visitor = remote_user();
+			}
+		}
+	}
+
+	if(! $can_post) {
+		notice( t('Permission denied.') . EOL );
+		killme();
+	}
+
+	if(! x($_FILES,'userfile'))
+		killme();
+
+	$src      = $_FILES['userfile']['tmp_name'];
+	$filename = basename($_FILES['userfile']['name']);
+	$filesize = intval($_FILES['userfile']['size']);
+
+	$maxfilesize = get_config('system','maxfilesize');
+
+	if(($maxfilesize) && ($filesize > $maxfilesize)) {
+		notice( sprintf(t('File exceeds size limit of %d'), $maxfilesize) . EOL);
+		@unlink($src);
+		return;
+	}
+
+	$filedata = @file_get_contents($src);
+
+	$mimetype = mime_content_type($src);
+	$hash = random_string();
+	$created = datetime_convert();
+dbg(1);
+	$r = q("INSERT INTO `attach` ( `uid`, `hash`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
+		VALUES ( %d, '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
+		intval($page_owner_uid),
+		dbesc($hash),
+		dbesc($mimetype),
+		intval($filesize),
+		dbesc($filedata),
+		dbesc($created),
+		dbesc($created),
+		dbesc('<' . $page_owner_uid . '>'),
+		dbesc(''),
+		dbesc(''),
+		dbesc('')
+	);		
+
+	@unlink($src);
+
+	if(! $r) {
+		echo ( t('File upload failed.') . EOL);
+		killme();
+	}
+
+	$r = q("SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1",
+		intval($page_owner_uid),
+		dbesc($created),
+		dbesc($hash)
+	);
+
+	if(! count($r)) {
+		echo ( t('File upload failed.') . EOL);
+		killme();
+	}
+
+	echo  '<br /><br />[attachment]' . $r[0]['id'] . '[/attachment]' . '<br />';
+
+	killme();
+	// NOTREACHED
+}
diff --git a/mod/wall_upload.php b/mod/wall_upload.php
index f7638b7307..bd6b805622 100644
--- a/mod/wall_upload.php
+++ b/mod/wall_upload.php
@@ -53,7 +53,7 @@ function wall_upload_post(&$a) {
 	$maximagesize = get_config('system','maximagesize');
 
 	if(($maximagesize) && ($filesize > $maximagesize)) {
-		notice( sprintf(t('Image exceeds size limit of %d'), $maximagesize) . EOL);
+		echo  sprintf( t('Image exceeds size limit of %d'), $maximagesize) . EOL;
 		@unlink($src);
 		return;
 	}
diff --git a/update.php b/update.php
index 603b93b631..cf2c763fd8 100644
--- a/update.php
+++ b/update.php
@@ -486,4 +486,9 @@ function update_1054() {
 
 function update_1055() {
 	q("ALTER TABLE `profile` ADD `hidewall` TINYINT( 1 ) NOT NULL DEFAULT '0' AFTER `hide-friends` ");
-}
\ No newline at end of file
+}
+
+function update_1056() {
+	q("ALTER TABLE `attach` ADD `hash` CHAR( 64 ) NOT NULL AFTER `uid` ");
+}
+
diff --git a/view/jot-header.tpl b/view/jot-header.tpl
index 3057618b2f..77e5bc4bcd 100644
--- a/view/jot-header.tpl
+++ b/view/jot-header.tpl
@@ -79,6 +79,18 @@ tinyMCE.init({
 				}				 
 			}
 		);
+		var file_uploader = new window.AjaxUpload(
+			'wall-file-upload',
+			{ action: 'wall_attach/$nickname',
+				name: 'userfile',
+				onSubmit: function(file,ext) { $('#profile-rotator').show(); },
+				onComplete: function(file,response) {
+					tinyMCE.execCommand('mceInsertRawHTML',false,response);
+					$('#profile-rotator').hide();
+				}				 
+			}
+		);
+
 		$('#contact_allow, #contact_deny, #group_allow, #group_deny').change(function() {
 			var selstr;
 			$('#contact_allow option:selected, #contact_deny option:selected, #group_allow option:selected, #group_deny option:selected').each( function() {
diff --git a/view/jot.tpl b/view/jot.tpl
index 0c9883b117..e2dd6d960a 100644
--- a/view/jot.tpl
+++ b/view/jot.tpl
@@ -23,6 +23,10 @@
 	<div id="profile-upload-wrapper" style="display: $visitor;" >
 		<div id="wall-image-upload-div" ><a href="#" onclick="return false;" id="wall-image-upload" class="icon camera" title="$upload"></a></div>
 	</div> 
+	<div id="profile-attach-wrapper" style="display: $visitor;" >
+		<div id="wall-file-upload-div" ><a href="#" onclick="return false;" id="wall-file-upload" class="icon camera" title="$attach"></a></div>
+	</div> 
+
 	<div id="profile-link-wrapper" style="display: $visitor;" ondragenter="linkdropper(event);" ondragover="linkdropper(event);" ondrop="linkdrop(event);" >
 		<a id="profile-link" class="icon link" title="$weblink" ondragenter="return linkdropper(event);" ondragover="return linkdropper(event);" ondrop="linkdrop(event);" onclick="jotGetLink(); return false;"></a>
 	</div> 
diff --git a/view/theme/duepuntozero/style.css b/view/theme/duepuntozero/style.css
index 79a298d433..f202e9ff5c 100644
--- a/view/theme/duepuntozero/style.css
+++ b/view/theme/duepuntozero/style.css
@@ -226,8 +226,10 @@ div.wall-item-content-wrapper.shiny {
 #profile-link,
 #profile-title, 
 #wall-image-upload,
+#wall-file-upload,
 #profile-upload-wrapper,
 #wall-image-upload-div,
+#wall-file-upload-div,
 .hover, .focus {
 	cursor: pointer;
 }
@@ -1136,7 +1138,10 @@ input#dfrn-url {
 	float: left;
 	margin-left: 30px;
 }
-
+#profile-attach-wrapper {
+	float: left;
+	margin-left: 30px;
+}
 #profile-rotator {
 	float: left;
 	margin-left: 30px;