Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

333 line
8.1 KiB

  1. <?php
  2. /**
  3. * @file mod/wall_upload.php
  4. * @brief Module for uploading a picture to the profile wall
  5. *
  6. * By default the picture will be stored in the photo album with the name Wall Photos.
  7. * You can specify a different album by adding an optional query string "album="
  8. * to the url
  9. */
  10. use Friendica\Core\Config;
  11. require_once 'include/Photo.php';
  12. function wall_upload_post(App $a, $desktopmode = true) {
  13. logger("wall upload: starting new upload", LOGGER_DEBUG);
  14. $r_json = (x($_GET, 'response') && $_GET['response'] == 'json');
  15. $album = (x($_GET, 'album') ? notags(trim($_GET['album'])) : '');
  16. if ($a->argc > 1) {
  17. if (! x($_FILES, 'media')) {
  18. $nick = $a->argv[1];
  19. $r = q("SELECT `user`.*, `contact`.`id` FROM `user`
  20. INNER JOIN `contact` on `user`.`uid` = `contact`.`uid`
  21. WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0
  22. AND `contact`.`self` = 1 LIMIT 1",
  23. dbesc($nick)
  24. );
  25. if (! dbm::is_result($r)) {
  26. if ($r_json) {
  27. echo json_encode(array('error'=>t('Invalid request.')));
  28. killme();
  29. }
  30. return;
  31. }
  32. } else {
  33. $user_info = api_get_user($a);
  34. $r = q("SELECT `user`.*, `contact`.`id` FROM `user`
  35. INNER JOIN `contact` on `user`.`uid` = `contact`.`uid`
  36. WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0
  37. AND `contact`.`self` = 1 LIMIT 1",
  38. dbesc($user_info['screen_name'])
  39. );
  40. }
  41. } else {
  42. if ($r_json) {
  43. echo json_encode(array('error'=>t('Invalid request.')));
  44. killme();
  45. }
  46. return;
  47. }
  48. /*
  49. * Setup permissions structures
  50. */
  51. $can_post = false;
  52. $visitor = 0;
  53. $page_owner_uid = $r[0]['uid'];
  54. $default_cid = $r[0]['id'];
  55. $page_owner_nick = $r[0]['nickname'];
  56. $community_page = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
  57. if ((local_user()) && (local_user() == $page_owner_uid)) {
  58. $can_post = true;
  59. } else {
  60. if ($community_page && remote_user()) {
  61. $contact_id = 0;
  62. if (is_array($_SESSION['remote'])) {
  63. foreach ($_SESSION['remote'] as $v) {
  64. if ($v['uid'] == $page_owner_uid) {
  65. $contact_id = $v['cid'];
  66. break;
  67. }
  68. }
  69. }
  70. if ($contact_id) {
  71. $r = q("SELECT `uid` FROM `contact`
  72. WHERE `blocked` = 0 AND `pending` = 0
  73. AND `id` = %d AND `uid` = %d LIMIT 1",
  74. intval($contact_id),
  75. intval($page_owner_uid)
  76. );
  77. if (dbm::is_result($r)) {
  78. $can_post = true;
  79. $visitor = $contact_id;
  80. }
  81. }
  82. }
  83. }
  84. if (! $can_post) {
  85. if ($r_json) {
  86. echo json_encode(array('error'=>t('Permission denied.')));
  87. killme();
  88. }
  89. notice(t('Permission denied.') . EOL);
  90. killme();
  91. }
  92. if (! x($_FILES, 'userfile') && ! x($_FILES, 'media')) {
  93. if ($r_json) {
  94. echo json_encode(array('error'=>t('Invalid request.')));
  95. }
  96. killme();
  97. }
  98. $src = "";
  99. if (x($_FILES, 'userfile')) {
  100. $src = $_FILES['userfile']['tmp_name'];
  101. $filename = basename($_FILES['userfile']['name']);
  102. $filesize = intval($_FILES['userfile']['size']);
  103. $filetype = $_FILES['userfile']['type'];
  104. } elseif (x($_FILES, 'media')) {
  105. if (is_array($_FILES['media']['tmp_name'])) {
  106. $src = $_FILES['media']['tmp_name'][0];
  107. } else {
  108. $src = $_FILES['media']['tmp_name'];
  109. }
  110. if (is_array($_FILES['media']['name'])) {
  111. $filename = basename($_FILES['media']['name'][0]);
  112. } else {
  113. $filename = basename($_FILES['media']['name']);
  114. }
  115. if (is_array($_FILES['media']['size'])) {
  116. $filesize = intval($_FILES['media']['size'][0]);
  117. } else {
  118. $filesize = intval($_FILES['media']['size']);
  119. }
  120. if (is_array($_FILES['media']['type'])) {
  121. $filetype = $_FILES['media']['type'][0];
  122. } else {
  123. $filetype = $_FILES['media']['type'];
  124. }
  125. }
  126. if ($src=="") {
  127. if ($r_json) {
  128. echo json_encode(array('error'=>t('Invalid request.')));
  129. killme();
  130. }
  131. notice(t('Invalid request.').EOL);
  132. killme();
  133. }
  134. // This is a special treatment for picture upload from Twidere
  135. if (($filename == "octet-stream") && ($filetype != "")) {
  136. $filename = $filetype;
  137. $filetype = "";
  138. }
  139. if ($filetype=="") {
  140. $filetype=guess_image_type($filename);
  141. }
  142. // If there is a temp name, then do a manual check
  143. // This is more reliable than the provided value
  144. $imagedata = getimagesize($src);
  145. if ($imagedata) {
  146. $filetype = $imagedata['mime'];
  147. }
  148. logger("File upload src: " . $src . " - filename: " . $filename .
  149. " - size: " . $filesize . " - type: " . $filetype, LOGGER_DEBUG);
  150. $maximagesize = Config::get('system', 'maximagesize');
  151. if (($maximagesize) && ($filesize > $maximagesize)) {
  152. $msg = sprintf(t('Image exceeds size limit of %s'), formatBytes($maximagesize));
  153. if ($r_json) {
  154. echo json_encode(array('error'=>$msg));
  155. } else {
  156. echo $msg. EOL;
  157. }
  158. @unlink($src);
  159. killme();
  160. }
  161. $limit = service_class_fetch($page_owner_uid, 'photo_upload_limit');
  162. if ($limit) {
  163. $r = q("SELECT SUM(OCTET_LENGTH(`data`)) AS `total` FROM `photo`
  164. WHERE `uid` = %d AND `scale` = 0
  165. AND `album` != 'Contact Photos' ",
  166. intval($page_owner_uid)
  167. );
  168. $size = $r[0]['total'];
  169. if (($size + strlen($imagedata)) > $limit) {
  170. $msg = upgrade_message(true);
  171. if ($r_json) {
  172. echo json_encode(array('error'=>$msg));
  173. } else {
  174. echo $msg. EOL;
  175. }
  176. @unlink($src);
  177. killme();
  178. }
  179. }
  180. $imagedata = @file_get_contents($src);
  181. $ph = new Photo($imagedata, $filetype);
  182. if (! $ph->is_valid()) {
  183. $msg = t('Unable to process image.');
  184. if ($r_json) {
  185. echo json_encode(array('error'=>$msg));
  186. } else {
  187. echo $msg. EOL;
  188. }
  189. @unlink($src);
  190. killme();
  191. }
  192. $ph->orient($src);
  193. @unlink($src);
  194. $max_length = Config::get('system', 'max_image_length');
  195. if (! $max_length) {
  196. $max_length = MAX_IMAGE_LENGTH;
  197. }
  198. if ($max_length > 0) {
  199. $ph->scaleImage($max_length);
  200. logger("File upload: Scaling picture to new size " . $max_length, LOGGER_DEBUG);
  201. }
  202. $width = $ph->getWidth();
  203. $height = $ph->getHeight();
  204. $hash = photo_new_resource();
  205. $smallest = 0;
  206. // If we don't have an album name use the Wall Photos album
  207. if (! strlen($album)) {
  208. $album = t('Wall Photos');
  209. }
  210. $defperm = '<' . $default_cid . '>';
  211. $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, $album, 0, 0, $defperm);
  212. if (! $r) {
  213. $msg = t('Image upload failed.');
  214. if ($r_json) {
  215. echo json_encode(array('error'=>$msg));
  216. } else {
  217. echo $msg. EOL;
  218. }
  219. killme();
  220. }
  221. if ($width > 640 || $height > 640) {
  222. $ph->scaleImage(640);
  223. $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, $album, 1, 0, $defperm);
  224. if ($r) {
  225. $smallest = 1;
  226. }
  227. }
  228. if ($width > 320 || $height > 320) {
  229. $ph->scaleImage(320);
  230. $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, $album, 2, 0, $defperm);
  231. if ($r && ($smallest == 0)) {
  232. $smallest = 2;
  233. }
  234. }
  235. $basename = basename($filename);
  236. if (!$desktopmode) {
  237. $r = q("SELECT `id`, `datasize`, `width`, `height`, `type` FROM `photo`
  238. WHERE `resource-id` = '%s'
  239. ORDER BY `width` DESC LIMIT 1",
  240. $hash
  241. );
  242. if (!$r) {
  243. if ($r_json) {
  244. echo json_encode(array('error'=>''));
  245. killme();
  246. }
  247. return false;
  248. }
  249. $picture = array();
  250. $picture["id"] = $r[0]["id"];
  251. $picture["size"] = $r[0]["datasize"];
  252. $picture["width"] = $r[0]["width"];
  253. $picture["height"] = $r[0]["height"];
  254. $picture["type"] = $r[0]["type"];
  255. $picture["albumpage"] = App::get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash;
  256. $picture["picture"] = App::get_baseurl() . "/photo/{$hash}-0." . $ph->getExt();
  257. $picture["preview"] = App::get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt();
  258. if ($r_json) {
  259. echo json_encode(array('picture'=>$picture));
  260. killme();
  261. }
  262. return $picture;
  263. }
  264. if ($r_json) {
  265. echo json_encode(array('ok'=>true));
  266. killme();
  267. }
  268. /* mod Waitman Gobble NO WARRANTY */
  269. // if we get the signal then return the image url info in BBCODE
  270. if ($_REQUEST['hush']!='yeah') {
  271. echo "\n\n" . '[url=' . App::get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . App::get_baseurl() . "/photo/{$hash}-{$smallest}.".$ph->getExt()."[/img][/url]\n\n";
  272. } else {
  273. $m = '[url='.App::get_baseurl().'/photos/'.$page_owner_nick.'/image/'.$hash.'][img]'.App::get_baseurl()."/photo/{$hash}-{$smallest}.".$ph->getExt()."[/img][/url]";
  274. return($m);
  275. }
  276. /* mod Waitman Gobble NO WARRANTY */
  277. killme();
  278. // NOTREACHED
  279. }