2011-05-25 07:40:52 +02:00
< ? php
require_once ( 'include/attach.php' );
require_once ( 'include/datetime.php' );
function wall_attach_post ( & $a ) {
if ( $a -> argc > 1 ) {
$nick = $a -> argv [ 1 ];
2012-04-09 01:19:45 +02:00
$r = q ( " SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1 " ,
2011-05-25 07:40:52 +02:00
dbesc ( $nick )
);
if ( ! count ( $r ))
return ;
}
else
return ;
$can_post = false ;
$visitor = 0 ;
$page_owner_uid = $r [ 0 ][ 'uid' ];
2012-04-09 01:19:45 +02:00
$page_owner_cid = $r [ 0 ][ 'id' ];
2011-05-25 07:40:52 +02:00
$page_owner_nick = $r [ 0 ][ 'nickname' ];
$community_page = (( $r [ 0 ][ 'page-flags' ] == PAGE_COMMUNITY ) ? true : false );
if (( local_user ()) && ( local_user () == $page_owner_uid ))
$can_post = true ;
else {
if ( $community_page && remote_user ()) {
2012-09-05 07:50:28 +02:00
$cid = 0 ;
if ( is_array ( $_SESSION [ 'remote' ])) {
foreach ( $_SESSION [ 'remote' ] as $v ) {
if ( $v [ 'uid' ] == $page_owner_uid ) {
$cid = $v [ 'cid' ];
break ;
}
}
}
if ( $cid ) {
$r = q ( " SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1 " ,
intval ( $cid ),
intval ( $page_owner_uid )
);
if ( count ( $r )) {
$can_post = true ;
$visitor = $cid ;
}
2011-05-25 07:40:52 +02:00
}
}
}
if ( ! $can_post ) {
notice ( t ( 'Permission denied.' ) . EOL );
killme ();
}
if ( ! x ( $_FILES , 'userfile' ))
killme ();
$src = $_FILES [ 'userfile' ][ 'tmp_name' ];
$filename = basename ( $_FILES [ 'userfile' ][ 'name' ]);
$filesize = intval ( $_FILES [ 'userfile' ][ 'size' ]);
$maxfilesize = get_config ( 'system' , 'maxfilesize' );
2014-04-23 20:22:53 +02:00
/* Found html code written in text field of form ,
* when trying to upload a file with filesize
* greater than upload_max_filesize . Cause is unknown .
* Then Filesize gets <= 0.
*/
if ( $filesize <= 0 ) {
2014-04-25 06:29:03 +02:00
notice ( t ( 'Sorry, maybe your upload is bigger than the PHP configuration allows' ) . EOL . ( t ( 'Or - did you try to upload an empty file?' )) . EOL );
2014-04-23 20:22:53 +02:00
@ unlink ( $src );
killme ();
}
2011-05-25 07:40:52 +02:00
if (( $maxfilesize ) && ( $filesize > $maxfilesize )) {
notice ( sprintf ( t ( 'File exceeds size limit of %d' ), $maxfilesize ) . EOL );
@ unlink ( $src );
return ;
}
2012-06-26 01:03:46 +02:00
$r = q ( " select sum(octet_length(data)) as total from attach where uid = %d " ,
intval ( $page_owner_uid )
);
$limit = service_class_fetch ( $page_owner_uid , 'attach_upload_limit' );
if (( $limit !== false ) && (( $r [ 0 ][ 'total' ] + strlen ( $imagedata )) > $limit )) {
echo upgrade_message ( true ) . EOL ;
@ unlink ( $src );
killme ();
}
2011-05-25 07:40:52 +02:00
$filedata = @ file_get_contents ( $src );
2011-08-04 04:18:58 +02:00
$mimetype = z_mime_content_type ( $filename );
2011-05-25 07:40:52 +02:00
$hash = random_string ();
$created = datetime_convert ();
2011-05-25 11:08:15 +02:00
$r = q ( " INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
VALUES ( % d , '%s' , '%s' , '%s' , % d , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' ) " ,
2011-05-25 07:40:52 +02:00
intval ( $page_owner_uid ),
dbesc ( $hash ),
2011-05-25 11:08:15 +02:00
dbesc ( $filename ),
2011-05-25 07:40:52 +02:00
dbesc ( $mimetype ),
intval ( $filesize ),
dbesc ( $filedata ),
dbesc ( $created ),
dbesc ( $created ),
2012-04-09 01:19:45 +02:00
dbesc ( '<' . $page_owner_cid . '>' ),
2011-05-25 07:40:52 +02:00
dbesc ( '' ),
dbesc ( '' ),
dbesc ( '' )
);
@ unlink ( $src );
if ( ! $r ) {
echo ( t ( 'File upload failed.' ) . EOL );
killme ();
}
$r = q ( " SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1 " ,
intval ( $page_owner_uid ),
dbesc ( $created ),
dbesc ( $hash )
);
if ( ! count ( $r )) {
echo ( t ( 'File upload failed.' ) . EOL );
killme ();
}
2012-12-03 10:05:10 +01:00
$lf = " \n " ;
2012-04-17 15:11:41 +02:00
echo $lf . $lf . '[attachment]' . $r [ 0 ][ 'id' ] . '[/attachment]' . $lf ;
2011-05-25 07:40:52 +02:00
killme ();
// NOTREACHED
}