Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

852 lines
24 KiB

  1. <?php
  2. require_once('Photo.php');
  3. require_once('view/acl_selectors.php');
  4. function photos_init(&$a) {
  5. if($a->argc > 1) {
  6. $nick = $a->argv[1];
  7. $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1",
  8. dbesc($nick)
  9. );
  10. if(! count($r))
  11. return;
  12. $a->data['user'] = $r[0];
  13. $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d",
  14. intval($a->data['user']['uid'])
  15. );
  16. if(count($albums)) {
  17. $a->data['albums'] = $albums;
  18. $o .= '<h4><a href="' . $a->get_baseurl() . '/profile/' . $a->data['user']['nickname'] . '">' . $a->data['user']['username'] . '</a></h4>';
  19. $o .= '<h4>' . '<a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '">' . t('Photo Albums') . '</a></h4>';
  20. $o .= '<ul>';
  21. foreach($albums as $album) {
  22. if((! strlen($album['album'])) || ($album['album'] == t('Contact Photos')))
  23. continue;
  24. $o .= '<li>' . '<a href="photos/' . $a->argv[1] . '/album/' . bin2hex($album['album']) . '" />' . $album['album'] . '</a></li>';
  25. }
  26. $o .= '</ul>';
  27. }
  28. $a->page['aside'] .= $o;
  29. }
  30. }
  31. function photos_post(&$a) {
  32. if(! local_user()) {
  33. notice( t('Permission denied.') . EOL );
  34. killme();
  35. }
  36. $r = q("SELECT * FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
  37. WHERE `user`.`uid` = %d AND `self` = 1 LIMIT 1",
  38. intval($_SESSION['uid'])
  39. );
  40. $contact_record = $r[0];
  41. if(($a->argc > 2) && ($a->argv[1] == 'album')) {
  42. $album = hex2bin($a->argv[2]);
  43. if($album == t('Profile Photos') || $album == t('Contact Photos')) {
  44. goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
  45. return; // NOTREACHED
  46. }
  47. $r = q("SELECT count(*) FROM `photo` WHERE `album` = '%s' AND `uid` = %d",
  48. dbesc($album),
  49. intval($_SESSION['uid'])
  50. );
  51. if(! count($r)) {
  52. notice( t('Album not found.') . EOL);
  53. goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
  54. return; // NOTREACHED
  55. }
  56. $newalbum = notags(trim($_POST['albumname']));
  57. if($newalbum != $album) {
  58. q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d",
  59. dbesc($newalbum),
  60. dbesc($album),
  61. intval($_SESSION['uid'])
  62. );
  63. $newurl = str_replace(bin2hex($album),bin2hex($newalbum),$_SESSION['photo_return']);
  64. goaway($a->get_baseurl() . '/' . $newurl);
  65. return; // NOTREACHED
  66. }
  67. if($_POST['dropalbum'] == t('Delete Album')) {
  68. $res = array();
  69. $r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `uid` = %d AND `album` = '%s'",
  70. intval($_SESSION['uid']),
  71. dbesc($album)
  72. );
  73. if(count($r)) {
  74. foreach($r as $rr) {
  75. $res[] = "'" . dbesc($rr['rid']) . "'" ;
  76. }
  77. }
  78. else {
  79. goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
  80. return; // NOTREACHED
  81. }
  82. $str_res = implode(',', $res);
  83. q("DELETE FROM `photo` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d",
  84. intval($_SESSION['uid'])
  85. );
  86. $r = q("SELECT `parent-uri` FROM `item` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d",
  87. intval($_SESSION['uid'])
  88. );
  89. if(count($r)) {
  90. foreach($r as $rr) {
  91. q("UPDATE `item` SET `deleted` = 1 WHERE `parent-uri` = '%s' AND `uid` = %d",
  92. dbesc($rr['parent-uri']),
  93. intval($_SESSION['uid'])
  94. );
  95. $drop_id = intval($rr['id']);
  96. $php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php');
  97. // send the notification upstream/downstream as the case may be
  98. if($rr['visible'])
  99. proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"drop\" \"$drop_id\" & ",
  100. array(),$foo));
  101. }
  102. }
  103. }
  104. goaway($a->get_baseurl() . '/photos/' . $a->data['user']['nickname']);
  105. return; // NOTREACHED
  106. }
  107. if(($a->argc > 1) && (x($_POST,'delete')) && ($_POST['delete'] == t('Delete Photo'))) {
  108. $r = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' LIMIT 1",
  109. intval($_SESSION['uid']),
  110. dbesc($a->argv[1])
  111. );
  112. if(count($r)) {
  113. q("DELETE FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'",
  114. intval($_SESSION['uid']),
  115. dbesc($r[0]['resource-id'])
  116. );
  117. $i = q("SELECT * FROM `item` WHERE `resource-id` = '%s' AND `uid` = %d LIMIT 1",
  118. dbesc($r[0]['resource-id']),
  119. intval($_SESSION['uid'])
  120. );
  121. if(count($i)) {
  122. q("UPDATE `item` SET `deleted` = 1 WHERE `parent-uri` = '%s' AND `uid` = %d",
  123. dbesc($i[0]['uri']),
  124. intval($_SESSION['uid'])
  125. );
  126. $url = $a->get_baseurl();
  127. $drop_id = intval($i[0]['id']);
  128. $php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php');
  129. // send the notification upstream/downstream as the case may be
  130. if($i[0]['visible'])
  131. proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"drop\" \"$drop_id\" & ",
  132. array(),$foo));
  133. }
  134. }
  135. goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
  136. return; // NOTREACHED
  137. }
  138. if(($a->argc > 1) && (x($_POST,'desc') !== false)) {
  139. $desc = notags(trim($_POST['desc']));
  140. $tags = notags(trim($_POST['tags']));
  141. $item_id = intval($_POST['item_id']);
  142. $resource_id = $a->argv[1];
  143. $p = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ORDER BY `scale` DESC",
  144. dbesc($resource_id),
  145. intval($_SESSION['uid'])
  146. );
  147. if(count($r)) {
  148. $r = q("UPDATE `photo` SET `desc` = '%s' WHERE `resource-id` = '%s' AND `uid` = %d",
  149. dbesc($desc),
  150. dbesc($resource_id),
  151. intval($_SESSION['uid'])
  152. );
  153. }
  154. if(! $item_id) {
  155. $title = '';
  156. $basename = basename($filename);
  157. // Create item container
  158. $body = '[url=' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $p[0]['resource-id'] . ']'
  159. . '[img]' . $a->get_baseurl() . '/photo/' . $p[0]['resource-id'] . '-' . $p[0]['scale'] . '.jpg' . '[/img]'
  160. . '[/url]';
  161. do {
  162. $dups = false;
  163. $item_hash = random_string();
  164. $uri = "urn:X-dfrn:" . $a->get_hostname() . ':' . $_SESSION['uid'] . ':' . $item_hash;
  165. $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
  166. dbesc($uri));
  167. if(count($r))
  168. $dups = true;
  169. } while($dups == true);
  170. $r = q("INSERT INTO `item` (`uid`, `type`, `resource-id`, `contact-id`,
  171. `owner-name`,`owner-link`,`owner-avatar`, `created`,
  172. `edited`, `uri`, `parent-uri`, `title`, `body`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`)
  173. VALUES( %d, '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )",
  174. intval($_SESSION['uid']),
  175. dbesc('photo'),
  176. dbesc($p[0]['resource-id']),
  177. intval($contact_record['id']),
  178. dbesc($contact_record['name']),
  179. dbesc($contact_record['url']),
  180. dbesc($contact_record['thumb']),
  181. datetime_convert(),
  182. datetime_convert(),
  183. dbesc($uri),
  184. dbesc($uri),
  185. dbesc($title),
  186. dbesc($body),
  187. dbesc($p[0]['allow_cid']),
  188. dbesc($p[0]['allow_gid']),
  189. dbesc($p[0]['deny_cid']),
  190. dbesc($p[0]['deny_gid'])
  191. );
  192. if($r) {
  193. $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
  194. dbesc($uri)
  195. );
  196. if(count($r))
  197. $item_id = $r[0]['id'];
  198. q("UPDATE `item` SET `parent` = %d, `last-child` = 1 WHERE `id` = %d LIMIT 1",
  199. intval($r[0]['id']),
  200. intval($r[0]['id'])
  201. );
  202. }
  203. }
  204. $r = q("UPDATE `item` SET `tag` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
  205. dbesc($tags),
  206. intval($item_id),
  207. intval($_SESSION['uid'])
  208. );
  209. goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
  210. return; // NOTREACHED
  211. }
  212. if(! x($_FILES,'userfile'))
  213. killme();
  214. if($_POST['partitionCount'])
  215. $java_upload = true;
  216. else
  217. $java_upload = false;
  218. $album = notags(trim($_POST['album']));
  219. $newalbum = notags(trim($_POST['newalbum']));
  220. if(! strlen($album)) {
  221. if(strlen($newalbum))
  222. $album = $newalbum;
  223. else
  224. $album = datetime_convert('UTC',date_default_timezone_get(),'now', 'Y');
  225. }
  226. $r = q("SELECT * FROM `photo` WHERE `album` = '%s' AND `uid` = %d",
  227. dbesc($album),
  228. intval($_SESSION['uid'])
  229. );
  230. if((! count($r)) || ($album == t('Profile Photos')))
  231. $visible = 1;
  232. else
  233. $visibile = 0;
  234. $str_group_allow = '';
  235. $group_allow = $_POST['group_allow'];
  236. if(is_array($group_allow)) {
  237. array_walk($group_allow,'sanitise_acl');
  238. $str_group_allow = implode('',$group_allow);
  239. }
  240. $str_contact_allow = '';
  241. $contact_allow = $_POST['contact_allow'];
  242. if(is_array($contact_allow)) {
  243. array_walk($contact_allow,'sanitise_acl');
  244. $str_contact_allow = implode('',$contact_allow);
  245. }
  246. $str_group_deny = '';
  247. $group_deny = $_POST['group_deny'];
  248. if(is_array($group_deny)) {
  249. array_walk($group_deny,'sanitise_acl');
  250. $str_group_deny = implode('',$group_deny);
  251. }
  252. $str_contact_deny = '';
  253. $contact_deny = $_POST['contact_deny'];
  254. if(is_array($contact_deny)) {
  255. array_walk($contact_deny,'sanitise_acl');
  256. $str_contact_deny = implode('',$contact_deny);
  257. }
  258. $src = $_FILES['userfile']['tmp_name'];
  259. $filename = basename($_FILES['userfile']['name']);
  260. $filesize = intval($_FILES['userfile']['size']);
  261. $imagedata = @file_get_contents($src);
  262. $ph = new Photo($imagedata);
  263. if(! ($image = $ph->getImage())) {
  264. notice( t('Unable to process image.') . EOL );
  265. @unlink($src);
  266. killme();
  267. }
  268. @unlink($src);
  269. $width = $ph->getWidth();
  270. $height = $ph->getHeight();
  271. $smallest = 0;
  272. $photo_hash = hash('md5',uniqid(mt_rand(),true));
  273. $r = $ph->store($_SESSION['uid'], 0, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
  274. if(! $r) {
  275. notice( t('Image upload failed.') . EOL );
  276. killme();
  277. }
  278. if($width > 640 || $height > 640) {
  279. $ph->scaleImage(640);
  280. $ph->store($_SESSION['uid'], 0, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
  281. $smallest = 1;
  282. }
  283. if($width > 320 || $height > 320) {
  284. $ph->scaleImage(320);
  285. $ph->store($_SESSION['uid'], 0, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
  286. $smallest = 2;
  287. }
  288. $basename = basename($filename);
  289. // Create item container
  290. $body = '[url=' . $a->get_baseurl() . '/photos/' . $contact_record['nickname'] . '/image/' . $photo_hash . ']'
  291. . '[img]' . $a->get_baseurl() . "/photo/{$photo_hash}-{$smallest}.jpg" . '[/img]'
  292. . '[/url]';
  293. do {
  294. $dups = false;
  295. $item_hash = random_string();
  296. $uri = "urn:X-dfrn:" . $a->get_hostname() . ':' . $_SESSION['uid'] . ':' . $item_hash;
  297. $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
  298. dbesc($uri));
  299. if(count($r))
  300. $dups = true;
  301. } while($dups == true);
  302. $r = q("INSERT INTO `item` (`uid`, `type`, `resource-id`, `contact-id`,`owner-name`,`owner-link`,`owner-avatar`, `created`,
  303. `edited`, `uri`, `parent-uri`, `title`, `body`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `visible`)
  304. VALUES( %d, '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d )",
  305. intval($_SESSION['uid']),
  306. dbesc('photo'),
  307. dbesc($photo_hash),
  308. intval($contact_record['id']),
  309. dbesc($contact_record['name']),
  310. dbesc($contact_record['url']),
  311. dbesc($contact_record['thumb']),
  312. datetime_convert(),
  313. datetime_convert(),
  314. dbesc($uri),
  315. dbesc($uri),
  316. dbesc($title),
  317. dbesc($body),
  318. dbesc($str_contact_allow),
  319. dbesc($str_group_allow),
  320. dbesc($str_contact_deny),
  321. dbesc($str_group_deny),
  322. intval($visible)
  323. );
  324. if($r) {
  325. $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
  326. dbesc($uri)
  327. );
  328. if(count($r))
  329. q("UPDATE `item` SET `parent` = %d, `last-child` = 1 WHERE `id` = %d LIMIT 1",
  330. intval($r[0]['id']),
  331. intval($r[0]['id'])
  332. );
  333. }
  334. if(! $java_upload) {
  335. goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
  336. return; // NOTREACHED
  337. }
  338. killme();
  339. return; // NOTREACHED
  340. }
  341. function photos_content(&$a) {
  342. // URLs:
  343. // photos/name
  344. // photos/name/upload
  345. // photos/name/album/xxxxx
  346. // photos/name/album/xxxxx/edit
  347. // photos/name/image/xxxxx
  348. // photos/name/image/xxxxx/edit
  349. if(! x($a->data,'user')) {
  350. notice( t('No photos selected') . EOL );
  351. return;
  352. }
  353. $_SESSION['photo_return'] = $a->cmd;
  354. //
  355. // Parse arguments
  356. //
  357. if($a->argc > 3) {
  358. $datatype = $a->argv[2];
  359. $datum = $a->argv[3];
  360. }
  361. elseif(($a->argc > 2) && ($a->argv[2] == 'upload'))
  362. $datatype = 'upload';
  363. else
  364. $datatype = 'summary';
  365. if($a->argc > 4)
  366. $cmd = $a->argv[4];
  367. else
  368. $cmd = 'view';
  369. //
  370. // Setup permissions structures
  371. //
  372. $owner_uid = $a->data['user']['uid'];
  373. if(remote_user()) {
  374. $contact_id = $_SESSION['visitor_id'];
  375. $groups = init_groups_visitor($contact_id);
  376. }
  377. // default permissions - anonymous user
  378. $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
  379. // Profile owner - everything is visible
  380. if(local_user() && ($_SESSION['uid'] == $owner_uid)) {
  381. $sql_extra = '';
  382. }
  383. elseif(remote_user()) {
  384. // authenticated visitor - here lie dragons
  385. $gs = '<<>>'; // should be impossible to match
  386. if(count($groups)) {
  387. foreach($groups as $g)
  388. $gs .= '|<' . intval($g) . '>';
  389. }
  390. $sql_extra = sprintf(
  391. " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )
  392. AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )
  393. AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
  394. AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ",
  395. intval($_SESSION['visitor_id']),
  396. intval($_SESSION['visitor_id']),
  397. dbesc($gs),
  398. dbesc($gs)
  399. );
  400. }
  401. //
  402. // dispatch request
  403. //
  404. if($datatype == 'upload') {
  405. if( ! (local_user() && ($_SESSION['uid'] == $a->data['user']['uid']))) {
  406. notice( t('Permission denied.'));
  407. return;
  408. }
  409. $albumselect = '<select id="photos-upload-album-select" name="album" size="4">';
  410. $albumselect .= '<option value="" selected="selected" >&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</option>';
  411. if(count($a->data['albums'])) {
  412. foreach($a->data['albums'] as $album) {
  413. if(($album['album'] == '') || ($album['album'] == t('Contact Photos')))
  414. continue;
  415. $albumselect .= '<option value="' . $album['album'] . '">' . $album['album'] . '</option>';
  416. }
  417. }
  418. $albumselect .= '</select>';
  419. $tpl = file_get_contents('view/photos_upload.tpl');
  420. $o .= replace_macros($tpl,array(
  421. '$pagename' => t('Upload Photos'),
  422. '$sessid' => session_id(),
  423. '$newalbum' => t('New album name: '),
  424. '$existalbumtext' => t('or existing album name: '),
  425. '$filestext' => t('Select files to upload: '),
  426. '$albumselect' => $albumselect,
  427. '$permissions' => t('Permissions'),
  428. '$aclselect' => populate_acl($a->user),
  429. '$archive' => $a->get_baseurl() . '/jumploader_z.jar',
  430. '$nojava' => t('Use the following controls only if the Java uploader (above) fails to launch.'),
  431. '$uploadurl' => $a->get_baseurl() . '/photos',
  432. '$submit' => t('Submit')
  433. ));
  434. return $o;
  435. }
  436. if($datatype == 'album') {
  437. $album = hex2bin($datum);
  438. $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s'
  439. $sql_extra GROUP BY `resource-id`",
  440. intval($a->data['user']['uid']),
  441. dbesc($album)
  442. );
  443. if(count($r))
  444. $a->set_pager_total(count($r));
  445. $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s'
  446. $sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d",
  447. intval($a->data['user']['uid']),
  448. dbesc($album),
  449. intval($a->pager['start']),
  450. intval($a->pager['itemspage'])
  451. );
  452. $o .= '<h3>' . $album . '</h3>';
  453. if($cmd == 'edit') {
  454. if(($album != t('Profile Photos')) && ($album != t('Contact Photos'))) {
  455. if(local_user() && ($_SESSION['uid'] == $a->data['user']['uid'])) {
  456. $edit_tpl = file_get_contents('view/album_edit.tpl');
  457. $o .= replace_macros($edit_tpl,array(
  458. '$nametext' => t('New album name: '),
  459. '$album' => $album,
  460. '$hexalbum' => bin2hex($album),
  461. '$submit' => t('Submit'),
  462. '$dropsubmit' => t('Delete Album')
  463. ));
  464. }
  465. }
  466. }
  467. else {
  468. if(($album != t('Profile Photos')) && ($album != t('Contact Photos'))) {
  469. if(local_user() && ($_SESSION['uid'] == $a->data['user']['uid'])) {
  470. $o .= '<div id="album-edit-link"><a href="'. $a->get_baseurl() . '/photos/'
  471. . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '/edit' . '">'
  472. . t('Edit Album') . '</a></div>';
  473. }
  474. }
  475. }
  476. $tpl = file_get_contents('view/photo_album.tpl');
  477. if(count($r))
  478. foreach($r as $rr) {
  479. $o .= replace_macros($tpl,array(
  480. '$id' => $rr['id'],
  481. '$photolink' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $rr['resource-id'],
  482. '$phototitle' => t('View Photo'),
  483. '$imgsrc' => $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . $rr['scale'] . '.jpg',
  484. '$imgalt' => $rr['filename']
  485. ));
  486. }
  487. $o .= '<div id="photo-album-end"></div>';
  488. return $o;
  489. }
  490. if($datatype == 'image') {
  491. require_once('security.php');
  492. require_once('bbcode.php');
  493. // fetch image, item containing image, then comments
  494. $ph = q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'
  495. $sql_extra ORDER BY `scale` ASC ",
  496. intval($a->data['user']['uid']),
  497. dbesc($datum)
  498. );
  499. if(! count($ph)) {
  500. notice( t('Photo not available') . EOL );
  501. return;
  502. }
  503. if(count($ph) == 1)
  504. $hires = $lores = $ph[0];
  505. if(count($ph) > 1) {
  506. if($ph[1]['scale'] == 2) {
  507. // original is 640 or less, we can display it directly
  508. $hires = $lores = $ph[0];
  509. }
  510. else {
  511. $hires = $ph[0];
  512. $lores = $ph[1];
  513. }
  514. }
  515. $o .= '<h3>' . '<a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($ph[0]['album']) . '">' . $ph[0]['album'] . '</a></h3>';
  516. if(local_user() && ($ph[0]['uid'] == $_SESSION['uid'])) {
  517. $o .= '<div id="photo-edit-link-wrap" ><a id="photo-edit-link" href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $datum . '/edit' . '">' . t('Edit photo') . '</a></div>';
  518. }
  519. $o .= '<a href="' . $a->get_baseurl() . '/photo/'
  520. . $hires['resource-id'] . '-' . $hires['scale'] . '.jpg" title="'
  521. . t('View Full Size') . '" ><img src="' . $a->get_baseurl() . '/photo/'
  522. . $lores['resource-id'] . '-' . $lores['scale'] . '.jpg' . '" /></a>';
  523. // Do we have an item for this photo?
  524. $i1 = q("SELECT * FROM `item` WHERE `resource-id` = '%s' $sql_extra LIMIT 1",
  525. dbesc($datum)
  526. );
  527. if(count($i1)) {
  528. //dbg(2);
  529. $r = q("SELECT COUNT(*) AS `total`
  530. FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
  531. WHERE `parent-uri` = '%s' AND `uri` != '%s' AND `item`.`deleted` = 0
  532. AND NOT `item`.`type` IN ( 'remote', 'net-comment')
  533. AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
  534. $sql_extra ",
  535. dbesc($i1[0]['uri']),
  536. dbesc($i1[0]['uri'])
  537. );
  538. if(count($r))
  539. $a->set_pager_total($r[0]['total']);
  540. $r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
  541. `contact`.`name`, `contact`.`photo`, `contact`.`url`,
  542. `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
  543. `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
  544. FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
  545. WHERE `parent-uri` = '%s' AND `uri` != '%s' AND `item`.`deleted` = 0
  546. AND NOT `item`.`type` IN ( 'remote', 'net-comment')
  547. AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
  548. $sql_extra
  549. ORDER BY `parent` DESC, `id` ASC LIMIT %d ,%d ",
  550. dbesc($i1[0]['uri']),
  551. dbesc($i1[0]['uri']),
  552. intval($a->pager['start']),
  553. intval($a->pager['itemspage'])
  554. );
  555. }
  556. $o .= '<div id="photo-caption" >' . $ph[0]['desc'] . '</div>';
  557. if(count($i1) && strlen($i1[0]['tag'])) {
  558. // parse tags and add links
  559. $o .= '<div id="in-this-photo-text">' . t('In this photo: ') . '</div>';
  560. $o .= '<div id="in-this-photo">' . $i1[0]['tag'] . '</div>';
  561. }
  562. if($cmd == 'edit') {
  563. $edit_tpl = file_get_contents('view/photo_edit.tpl');
  564. $o .= replace_macros($edit_tpl, array(
  565. '$id' => $ph[0]['id'],
  566. '$resource_id' => $ph[0]['resource-id'],
  567. '$capt_label' => t('Caption'),
  568. '$caption' => $ph[0]['desc'],
  569. '$tag_label' => t('Tags'),
  570. '$tags' => $i1[0]['tag'],
  571. '$item_id' => ((count($i1)) ? $i1[0]['id'] : 0),
  572. '$submit' => t('Submit'),
  573. '$delete' => t('Delete Photo')
  574. ));
  575. }
  576. if(count($i1)) {
  577. // pull out how many people like the photo
  578. $cmnt_tpl = file_get_contents('view/comment_item.tpl');
  579. $tpl = file_get_contents('view/photo_item.tpl');
  580. $return_url = $a->cmd;
  581. if(can_write_wall($a,$a->data['user']['uid'])) {
  582. if($i1[0]['last-child']) {
  583. $o .= replace_macros($cmnt_tpl,array(
  584. '$return_path' => $return_url,
  585. '$type' => 'wall-comment',
  586. '$id' => $i1[0]['id'],
  587. '$parent' => $i1[0]['id'],
  588. '$profile_uid' => $a->data['user']['uid'],
  589. '$ww' => ''
  590. ));
  591. }
  592. }
  593. // display comments
  594. if(count($r)) {
  595. foreach($r as $item) {
  596. $comment = '';
  597. $template = $tpl;
  598. $redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'] ;
  599. if(can_write_wall($a,$a->data['user']['uid'])) {
  600. if($item['last-child']) {
  601. $comment = replace_macros($cmnt_tpl,array(
  602. '$return_path' => $return_url,
  603. '$type' => 'wall-comment',
  604. '$id' => $item['item_id'],
  605. '$parent' => $item['parent'],
  606. '$profile_uid' => $a->data['user']['uid'],
  607. '$ww' => ''
  608. ));
  609. }
  610. }
  611. $profile_url = $item['url'];
  612. if(local_user() && ($item['contact-uid'] == $_SESSION['uid']) && (strlen($item['dfrn-id'])) && (! $item['self'] ))
  613. $profile_url = $redirect_url;
  614. $profile_name = ((strlen($item['author-name'])) ? $item['author-name'] : $item['name']);
  615. $profile_avatar = ((strlen($item['author-avatar'])) ? $item['author-avatar'] : $item['thumb']);
  616. $profile_link = $profile_url;
  617. $drop = '';
  618. if(($item['contact-id'] == $_SESSION['visitor_id']) || ($item['uid'] == $_SESSION['uid']))
  619. $drop = replace_macros(file_get_contents('view/wall_item_drop.tpl'), array('$id' => $item['id']));
  620. $o .= replace_macros($template,array(
  621. '$id' => $item['item_id'],
  622. '$profile_url' => $profile_link,
  623. '$name' => $profile_name,
  624. '$thumb' => $profile_avatar,
  625. '$title' => $item['title'],
  626. '$body' => bbcode($item['body']),
  627. '$ago' => relative_date($item['created']),
  628. '$indent' => (($item['parent'] != $item['item_id']) ? ' comment' : ''),
  629. '$drop' => $drop,
  630. '$comment' => $comment
  631. ));
  632. }
  633. }
  634. $o .= paginate($a);
  635. }
  636. return $o;
  637. }
  638. // Default - show recent photos with upload link (if applicable)
  639. $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s'
  640. $sql_extra GROUP BY `resource-id`",
  641. intval($a->data['user']['uid']),
  642. dbesc( t('Contact Photos'))
  643. );
  644. if(count($r))
  645. $a->set_pager_total(count($r));
  646. $r = q("SELECT `resource-id`, `album`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s'
  647. $sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d",
  648. intval($a->data['user']['uid']),
  649. dbesc( t('Contact Photos')),
  650. intval($a->pager['start']),
  651. intval($a->pager['itemspage'])
  652. );
  653. $o .= '<h3>' . t('Recent Photos') . '</h3>';
  654. if( local_user() && ($_SESSION['uid'] == $a->data['user']['uid'])) {
  655. $o .= '<div id="photo-top-links"><a id="photo-top-upload-link" href="'. $a->get_baseurl() . '/photos/'
  656. . $a->data['user']['nickname'] . '/upload' . '">' . t('Upload New Photos') . '</a></div>';
  657. }
  658. $tpl = file_get_contents('view/photo_top.tpl');
  659. if(count($r)) {
  660. foreach($r as $rr) {
  661. $o .= replace_macros($tpl,array(
  662. '$id' => $rr['id'],
  663. '$photolink' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname']
  664. . '/image/' . $rr['resource-id'],
  665. '$phototitle' => t('View Photo'),
  666. '$imgsrc' => $a->get_baseurl() . '/photo/'
  667. . $rr['resource-id'] . '-' . $rr['scale'] . '.jpg',
  668. '$albumlink' => $a->get_baseurl . '/photos/'
  669. . $a->data['user']['nickname'] . '/album/' . bin2hex($rr['album']),
  670. '$albumname' => $rr['album'],
  671. '$albumalt' => t('View Album'),
  672. '$imgalt' => $rr['filename']
  673. ));
  674. }
  675. $o .= '<div id="photo-top-end"></div>';
  676. }
  677. return $o;
  678. }