path: root/Zotlabs/Module/Oep.php

<?php
namespace Zotlabs\Module;

require_once('include/security.php');

// oembed provider




class Oep extends \Zotlabs\Web\Controller {

	function init() {
	
		logger('oep: ' . print_r($_REQUEST,true), LOGGER_DEBUG, LOG_INFO);
	
		$html = ((argc() > 1 && argv(1) === 'html') ? true : false);
		if($_REQUEST['url']) {
			$_REQUEST['url'] = strip_zids($_REQUEST['url']);
			$url = $_REQUEST['url'];
		}
	
		if(! $url)
			http_status_exit(404, 'Not found');
	
		$maxwidth  = $_REQUEST['maxwidth'];
		$maxheight = $_REQUEST['maxheight'];
		$format = $_REQUEST['format'];
		if($format && $format !== 'json')
			http_status_exit(501, 'Not implemented');
	
		if(fnmatch('*/photos/*/album/*',$url))
			$arr = $this->oep_album_reply($_REQUEST);
		elseif(fnmatch('*/photos/*/image/*',$url))
			$arr = $this->oep_photo_reply($_REQUEST);
		elseif(fnmatch('*/photos*',$url))
			$arr = $this->oep_phototop_reply($_REQUEST);
		elseif(fnmatch('*/display/*',$url))
			$arr = $this->oep_display_reply($_REQUEST);
		elseif(fnmatch('*/channel/*mid=*',$url))
			$arr = $this->oep_mid_reply($_REQUEST);
		elseif(fnmatch('*/channel*',$url))
			$arr = $this->oep_profile_reply($_REQUEST);
		elseif(fnmatch('*/profile/*',$url))
			$arr = $this->oep_profile_reply($_REQUEST);
		elseif(fnmatch('*/cards/*',$url))
			$arr = $this->oep_cards_reply($_REQUEST);
		elseif(fnmatch('*/articles/*',$url))
			$arr = $this->oep_articles_reply($_REQUEST);
	
		if($arr) {
			if($html) {
				if($arr['type'] === 'rich') {
					header('Content-Type: text/html');
					echo $arr['html'];
				}
			}
			else {
				header('Content-Type: application/json+oembed');
				echo json_encode($arr);
			}
			killme();
		}
	
		http_status_exit(404,'Not found');
	
	}
	
	function oep_display_reply($args) {
	
		$ret = array();
		$url = $args['url'];
		$maxwidth  = intval($args['maxwidth']);
		$maxheight = intval($args['maxheight']);

		if(preg_match('#//(.*?)/display/(.*?)(&|\?|$)#',$url,$matches)) {
			$res = $matches[2];
		}

		if(strpos($res,'b64.') === 0) {
			$res = base64url_decode(substr($res,4));
		}

		$item_normal = item_normal();

		$p = q("select * from item where mid like '%s' limit 1",
	  		dbesc($res . '%')
		);

		if(! $p)
			return;

		$c = channelx_by_n($p[0]['uid']);

	
		if(! ($c && $res))
			return;

		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_stream'))
			return;

		$sql_extra = item_permissions_sql($c['channel_id']);
	
		$p = q("select * from item where mid like '%s' and uid = %d $sql_extra $item_normal limit 1",
			dbesc($res . '%'),
			intval($c['channel_id'])
		);

		if(! $p)
			return;
		
		xchan_query($p,true);
		$p = fetch_post_tags($p,true);

		// This function can get tripped up if the item is already a reshare
		// (the multiple share declarations do not parse cleanly if nested) 
		// So build a template with a known nonsense string as the content, and then
		// replace that known string with the actual rendered content, sending
		// each content layer through bbcode() separately.

		$x = '2eGriplW^*Jmf4';

	        
		$o = "[share author='".urlencode($p[0]['author']['xchan_name']).
            "' profile='".$p[0]['author']['xchan_url'] .
            "' avatar='".$p[0]['author']['xchan_photo_s'].
            "' link='".$p[0]['plink'].
			"' auth='".(($p[0]['author']['network'] === 'zot') ? 'true' : 'false') .
            "' posted='".$p[0]['created'].
            "' message_id='".$p[0]['mid']."']";
	    if($p[0]['title'])
            $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n";

		$o .= $x; 
		$o .= "[/share]";
		$o = bbcode($o);
	
		$o = str_replace($x,bbcode($p[0]['body']),$o);
	
		$ret['type'] = 'rich';
	
		$w = (($maxwidth) ? $maxwidth : 640);
		$h = (($maxheight) ? $maxheight : intval($w * 2 / 3));
	
		$ret['html'] = '<div style="width: ' . $w . '; height: ' . $h . '; font-family: sans-serif,arial,freesans;" >' . $o . '</div>';
		
		$ret['width'] = $w;
		$ret['height'] = $h;
	
		return $ret;
	
	}


	function oep_cards_reply($args) {
	
		$ret = [];
		$url = $args['url'];
		$maxwidth  = intval($args['maxwidth']);
		$maxheight = intval($args['maxheight']);

		if(preg_match('#//(.*?)/cards/(.*?)/(.*?)(&|\?|$)#',$url,$matches)) {
			$nick = $matches[2];
			$res = $matches[3];
		}
		if(! ($nick && $res))
			return $ret; 

		$channel = channelx_by_nick($nick);

		if(! $channel)
			return $ret;


		if(! perm_is_allowed($channel['channel_id'],get_observer_hash(),'view_pages'))
			return $ret;

		$sql_extra = item_permissions_sql($channel['channel_id'],get_observer_hash());

		$r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.v = '%s' limit 1",
			dbesc($res)
		);
		if($r) {
			$sql_extra .= " and item.id = " . intval($r[0]['iid']) . " ";
		}
		else {
			return $ret;
		}

		$r = q("select * from item 
			where item.uid = %d and item_type = %d 
			$sql_extra order by item.created desc",
			intval($channel['channel_id']),
			intval(ITEM_TYPE_CARD)
		);

		if(! $r)
			return;

		$item_normal = " and item.item_hidden = 0 and item.item_type in (0,6) and item.item_deleted = 0
			and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0
			and item.item_blocked = 0 ";

		if($r) {
			xchan_query($r);
			$p = fetch_post_tags($r, true);
		}

		$x = '2eGriplW^*Jmf4';

	        
		$o = "[share author='".urlencode($p[0]['author']['xchan_name']).
            "' profile='".$p[0]['author']['xchan_url'] .
            "' avatar='".$p[0]['author']['xchan_photo_s'].
            "' link='".$p[0]['plink'].
			"' auth='".(($p[0]['author']['network'] === 'zot') ? 'true' : 'false') .
            "' posted='".$p[0]['created'].
            "' message_id='".$p[0]['mid']."']";
	    if($p[0]['title'])
            $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n";

		$o .= $x; 
		$o .= "[/share]";
		$o = bbcode($o);
	
		$o = str_replace($x,bbcode($p[0]['body']),$o);
	
		$ret['type'] = 'rich';
	
		$w = (($maxwidth) ? $maxwidth : 640);
		$h = (($maxheight) ? $maxheight : intval($w * 2 / 3));
	
		$ret['html'] = '<div style="width: ' . $w . '; height: ' . $h . '; font-family: sans-serif,arial,freesans;" >' . $o . '</div>';
		
		$ret['width'] = $w;
		$ret['height'] = $h;
	
		return $ret;
	
	}

	function oep_articles_reply($args) {
	
		$ret = [];
		$url = $args['url'];
		$maxwidth  = intval($args['maxwidth']);
		$maxheight = intval($args['maxheight']);

		if(preg_match('#//(.*?)/articles/(.*?)/(.*?)(&|\?|$)#',$url,$matches)) {
			$nick = $matches[2];
			$res = $matches[3];
		}
		if(! ($nick && $res))
			return $ret; 

		$channel = channelx_by_nick($nick);

		if(! $channel)
			return $ret;

		if(! perm_is_allowed($channel['channel_id'],get_observer_hash(),'view_pages'))
			return $ret;

		$sql_extra = item_permissions_sql($channel['channel_id'],get_observer_hash());

		$r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'ARTICLE' and iconfig.v = '%s' limit 1",
			dbesc($res)
		);
		if($r) {
			$sql_extra .= " and item.id = " . intval($r[0]['iid']) . " ";
		}
		else {
			return $ret;
		}

		$r = q("select * from item 
			where item.uid = %d and item_type = %d 
			$sql_extra order by item.created desc",
			intval($channel['channel_id']),
			intval(ITEM_TYPE_ARTICLE)
		);

		if(! $r)
			return;

		$item_normal = " and item.item_hidden = 0 and item.item_type in (0,7) and item.item_deleted = 0
			and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0
			and item.item_blocked = 0 ";

		if($r) {
			xchan_query($r);
			$p = fetch_post_tags($r, true);
		}

		$x = '2eGriplW^*Jmf4';

	        
		$o = "[share author='".urlencode($p[0]['author']['xchan_name']).
            "' profile='".$p[0]['author']['xchan_url'] .
            "' avatar='".$p[0]['author']['xchan_photo_s'].
            "' link='".$p[0]['plink'].
			"' auth='".(($p[0]['author']['network'] === 'zot') ? 'true' : 'false') .
            "' posted='".$p[0]['created'].
            "' message_id='".$p[0]['mid']."']";
	    if($p[0]['title'])
            $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n";

		$o .= $x; 
		$o .= "[/share]";
		$o = bbcode($o);
	
		$o = str_replace($x,bbcode($p[0]['body']),$o);
	
		$ret['type'] = 'rich';
	
		$w = (($maxwidth) ? $maxwidth : 640);
		$h = (($maxheight) ? $maxheight : intval($w * 2 / 3));
	
		$ret['html'] = '<div style="width: ' . $w . '; height: ' . $h . '; font-family: sans-serif,arial,freesans;" >' . $o . '</div>';
		
		$ret['width'] = $w;
		$ret['height'] = $h;
	
		return $ret;
	
	}

	
	function oep_mid_reply($args) {
	
		$ret = array();
		$url = $args['url'];
		$maxwidth  = intval($args['maxwidth']);
		$maxheight = intval($args['maxheight']);
	
		if(preg_match('#//(.*?)/(.*?)/(.*?)/(.*?)mid\=(.*?)(&|$)#',$url,$matches)) {
			$chn = $matches[3];
			$res = $matches[5];
		}
	
		if(! ($chn && $res))
			return;
		$c = q("select * from channel where channel_address = '%s' limit 1",
			dbesc($chn)
		);
	
		if(! $c)
			return;

		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_stream'))
			return;
	
		$sql_extra = item_permissions_sql($c[0]['channel_id']);
	
		$p = q("select * from item where mid = '%s' and uid = %d $sql_extra limit 1",
	  		dbesc($res),
			intval($c[0]['channel_id'])
		);
		if(! $p)
			return;
		
		xchan_query($p,true);
		$p = fetch_post_tags($p,true);

		// This function can get tripped up if the item is already a reshare
		// (the multiple share declarations do not parse cleanly if nested) 
		// So build a template with a known nonsense string as the content, and then
		// replace that known string with the actual rendered content, sending
		// each content layer through bbcode() separately.

		$x = '2eGriplW^*Jmf4';
			
		$o = "[share author='".urlencode($p[0]['author']['xchan_name']).
			"' profile='".$p[0]['author']['xchan_url'] .
			"' avatar='".$p[0]['author']['xchan_photo_s'].
			"' link='".$p[0]['plink'].
			"' auth='".(($p[0]['author']['network'] === 'zot') ? 'true' : 'false') .
			"' posted='".$p[0]['created'].
			"' message_id='".$p[0]['mid']."']";
		if($p[0]['title'])
			$o .= '[b]'.$p[0]['title'].'[/b]'."\r\n";
		$o .= $x; 
		$o .= "[/share]";
		$o = bbcode($o);
	
		$o = str_replace($x,bbcode($p[0]['body']),$o);

		$ret['type'] = 'rich';
	
		$w = (($maxwidth) ? $maxwidth : 640);
		$h = (($maxheight) ? $maxheight : intval($w * 2 / 3));
	
		$ret['html'] = '<div style="width: ' . $w . '; height: ' . $h . '; font-family: sans-serif,arial,freesans;" >' . $o . '</div>';
		
		$ret['width'] = $w;
		$ret['height'] = $h;
	
		return $ret;
	
	}
	
	function oep_profile_reply($args) {
	
		
		require_once('include/channel.php');

		$url = $args['url'];
	
		if(preg_match('#//(.*?)/(.*?)/(.*?)(/|\?|&|$)#',$url,$matches)) {
			$chn = $matches[3];
		}
	
		if(! $chn)
			return;
	
		$c = channelx_by_nick($chn);
	
		if(! $c)
			return;
	
	
		$maxwidth  = intval($args['maxwidth']);
		$maxheight = intval($args['maxheight']);
	
		$width = 800;
		$height = 375;
	
		if($maxwidth) {
			$width = $maxwidth;
			$height = (375 / 800) * $width;
		}
		if($maxheight) {
			if($maxheight < $height) {
				$width = (800 / 375) * $maxheight;
				$height = $maxheight;
			}
		} 
		$ret = array();
	
		$ret['type'] = 'rich';
		$ret['width'] = intval($width);
		$ret['height'] = intval($height);
	
		$ret['html'] = get_zcard_embed($c,get_observer_hash(),array('width' => $width, 'height' => $height));
	
		return $ret;
	
	}
	
	function oep_album_reply($args) {
	
		$ret = array();
		$url = $args['url'];
		$maxwidth  = intval($args['maxwidth']);
		$maxheight = intval($args['maxheight']);
	
		if(preg_match('|//(.*?)/(.*?)/(.*?)/album/|',$url,$matches)) {
			$chn = $matches[3];
			$res = basename($url);
		}
	
		if(! ($chn && $res))
			return;
		$c = q("select * from channel where channel_address = '%s' limit 1",
			dbesc($chn)
		);
	
		if(! $c)
			return;
	
		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_files'))
			return;

		$sql_extra = permissions_sql($c[0]['channel_id']);
	
		$p = q("select resource_id from photo where album = '%s' and uid = %d and imgscale = 0 $sql_extra order by created desc limit 1",
	  		dbesc($res),
			intval($c[0]['channel_id'])
		);
		if(! $p)
			return;
	
		$res = $p[0]['resource_id'];
	
		$r = q("select height, width, imgscale, resource_id from photo where uid = %d and resource_id = '%s' $sql_extra order by imgscale asc",
			intval($c[0]['channel_id']),
			dbesc($res)
		);
	
		if($r) {
			foreach($r as $rr) {
				$foundres = false;
				if($maxheight && $rr['height'] > $maxheight)
					continue;
				if($maxwidth && $rr['width'] > $maxwidth)
					continue;
				$foundres = true;			
				break;
			}
	
			if($foundres) {
				$ret['type'] = 'link';
				$ret['thumbnail_url'] = z_root() . '/photo/' . '/' . $rr['resource_id'] . '-' . $rr['imgscale'];
				$ret['thumbnail_width'] = $rr['width'];
				$ret['thumbnail_height'] = $rr['height'];
			}
				
	
		}
		return $ret;
	
	}
	
	
	function oep_phototop_reply($args) {
	
		$ret = array();
		$url = $args['url'];
		$maxwidth  = intval($args['maxwidth']);
		$maxheight = intval($args['maxheight']);
	
		if(preg_match('|//(.*?)/(.*?)/(.*?)$|',$url,$matches)) {
			$chn = $matches[3];
		}
	
		if(! $chn)
			return;
		$c = q("select * from channel where channel_address = '%s' limit 1",
			dbesc($chn)
		);
	
		if(! $c)
			return;
	
		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_files'))
			return;

		$sql_extra = permissions_sql($c[0]['channel_id']);
	
		$p = q("select resource_id from photo where uid = %d and imgscale = 0 $sql_extra order by created desc limit 1",
			intval($c[0]['channel_id'])
		);
		if(! $p)
			return;
	
		$res = $p[0]['resource_id'];
	
		$r = q("select height, width, imgscale, resource_id from photo where uid = %d and resource_id = '%s' $sql_extra order by imgscale asc",
			intval($c[0]['channel_id']),
			dbesc($res)
		);
	
		if($r) {
			foreach($r as $rr) {
				$foundres = false;
				if($maxheight && $rr['height'] > $maxheight)
					continue;
				if($maxwidth && $rr['width'] > $maxwidth)
					continue;
				$foundres = true;			
				break;
			}
	
			if($foundres) {
				$ret['type'] = 'link';
				$ret['thumbnail_url'] = z_root() . '/photo/' . '/' . $rr['resource_id'] . '-' . $rr['imgscale'];
				$ret['thumbnail_width'] = $rr['width'];
				$ret['thumbnail_height'] = $rr['height'];
			}
				
	
		}
		return $ret;
	
	}
	
	
	function oep_photo_reply($args) {
	
		$ret = array();
		$url = $args['url'];
		$maxwidth  = intval($args['maxwidth']);
		$maxheight = intval($args['maxheight']);
	
		if(preg_match('|//(.*?)/(.*?)/(.*?)/image/|',$url,$matches)) {
			$chn = $matches[3];
			$res = basename($url);
		}
	
		if(! ($chn && $res))
			return;
		$c = q("select * from channel where channel_address = '%s' limit 1",
			dbesc($chn)
		);
	
		if(! $c)
			return;

		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_files'))
			return;

		$sql_extra = permissions_sql($c[0]['channel_id']);
	
	
		$r = q("select height, width, imgscale, resource_id from photo where uid = %d and resource_id = '%s' $sql_extra order by imgscale asc",
			intval($c[0]['channel_id']),
			dbesc($res)
		);
	
		if($r) {
			foreach($r as $rr) {
				$foundres = false;
				if($maxheight && $rr['height'] > $maxheight)
					continue;
				if($maxwidth && $rr['width'] > $maxwidth)
					continue;
				$foundres = true;			
				break;
			}
	
			if($foundres) {
				$ret['type'] = 'link';
				$ret['thumbnail_url'] = z_root() . '/photo/' . '/' . $rr['resource_id'] . '-' . $rr['imgscale'];
				$ret['thumbnail_width'] = $rr['width'];
				$ret['thumbnail_height'] = $rr['height'];
			}
				
	
		}
		return $ret;
	
	}
}