Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

141 lines
3.2 KiB

  1. <?php
  2. function photo_init(&$a) {
  3. switch($a->argc) {
  4. case 3:
  5. $person = $a->argv[2];
  6. $type = $a->argv[1];
  7. break;
  8. case 2:
  9. $photo = $a->argv[1];
  10. break;
  11. case 1:
  12. default:
  13. killme();
  14. // NOTREACHED
  15. }
  16. $default = 'images/default-profile.jpg';
  17. if(isset($type)) {
  18. switch($type) {
  19. case 'profile':
  20. $resolution = 4;
  21. break;
  22. case 'micro':
  23. $resolution = 6;
  24. $default = 'images/default-profile-mm.jpg';
  25. break;
  26. case 'avatar':
  27. default:
  28. $resolution = 5;
  29. $default = 'images/default-profile-sm.jpg';
  30. break;
  31. }
  32. $uid = str_replace('.jpg', '', $person);
  33. $r = q("SELECT * FROM `photo` WHERE `scale` = %d AND `uid` = %d AND `profile` = 1 LIMIT 1",
  34. intval($resolution),
  35. intval($uid)
  36. );
  37. if(count($r)) {
  38. $data = $r[0]['data'];
  39. }
  40. if(! isset($data)) {
  41. $data = file_get_contents($default);
  42. }
  43. }
  44. else {
  45. $resolution = 0;
  46. $photo = str_replace('.jpg','',$photo);
  47. if(substr($photo,-2,1) == '-') {
  48. $resolution = intval(substr($photo,-1,1));
  49. $photo = substr($photo,0,-2);
  50. }
  51. $r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
  52. dbesc($photo),
  53. intval($resolution)
  54. );
  55. if(count($r)) {
  56. $owner = $r[0]['uid'];
  57. $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
  58. if(local_user() && ($owner == $_SESSION['uid'])) {
  59. // Owner can always see his/her photos
  60. $sql_extra = '';
  61. }
  62. elseif(remote_user()) {
  63. // authenticated visitor - here lie dragons
  64. $groups = init_groups_visitor($_SESSION['visitor_id']);
  65. $gs = '<<>>'; // should be impossible to match
  66. if(count($groups)) {
  67. foreach($groups as $g)
  68. $gs .= '|<' . intval($g) . '>';
  69. }
  70. $sql_extra = sprintf(
  71. " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )
  72. AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )
  73. AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
  74. AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ",
  75. intval($_SESSION['visitor_id']),
  76. intval($_SESSION['visitor_id']),
  77. dbesc($gs),
  78. dbesc($gs)
  79. );
  80. }
  81. // Now we'll see if we can access the photo
  82. $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d $sql_extra LIMIT 1",
  83. dbesc($photo),
  84. intval($resolution)
  85. );
  86. if(count($r)) {
  87. $data = $r[0]['data'];
  88. }
  89. else {
  90. // Does the picture exist? It may be a remote person with no credentials,
  91. // but who should otherwise be able to view it. Show a default image to let
  92. // them know permissions was denied. It may be possible to view the image
  93. // through an authenticated profile visit.
  94. // There won't be many complete unauthorised people seeing this because
  95. // they won't have the photo link, so there's a reasonable chance that the person
  96. // might be able to obtain permission to view it.
  97. $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
  98. dbesc($photo),
  99. intval($resolution)
  100. );
  101. if(count($r)) {
  102. $data = file_get_contents('images/nosign.jpg');
  103. }
  104. }
  105. }
  106. }
  107. if(! isset($data)) {
  108. killme();
  109. // NOTREACHED
  110. }
  111. header("Content-type: image/jpeg");
  112. echo $data;
  113. killme();
  114. // NOTREACHED
  115. }