file/attachment storage api with revision control - needs a bit more testing but the framework is in place

3 files changed, 31 insertions, 167 deletions

diff --git a/mod/attach.php b/mod/attach.php
index f300ec6fb..b94c02c19 100644
--- a/mod/attach.php
+++ b/mod/attach.php
@@ -1,42 +1,25 @@
 <?php
 
 require_once('include/security.php');
+require_once('include/attach.php');
 
 function attach_init(&$a) {
 
-	if(argc() != 2) {
+	if(argc() < 2) {
 		notice( t('Item not available.') . EOL);
 		return;
 	}
 
-	$hash = argv(1);
+	$r = attach_by_hash(argv(1),((argc() > 2) ? intval(argv(2)) : 0));
 
-	// Check for existence, which will also provide us the owner uid
-
-	$r = q("SELECT * FROM `attach` WHERE `hash` = '%s' LIMIT 1",
-		dbesc($hash)
-	);
-	if(! count($r)) {
-		notice( t('Item was not found.'). EOL);
-		return;
-	}
-
-	$sql_extra = permissions_sql($r[0]['uid']);
-
-	// Now we'll see if we can access the attachment
-
-	$r = q("SELECT * FROM `attach` WHERE hash = '%s' $sql_extra LIMIT 1",
-		dbesc($hash)
-	);
-
-	if(! count($r)) {
-		notice( t('Permission denied.') . EOL);
+	if(! $r['success']) {
+		notice( $r['message'] . EOL);
 		return;
 	}
 
-	header('Content-type: ' . $r[0]['filetype']);
-	header('Content-disposition: attachment; filename=' . $r[0]['filename']);
-	echo $r[0]['data'];
+	header('Content-type: ' . $r['data']['filetype']);
+	header('Content-disposition: attachment; filename=' . $r['data']['filename']);
+	echo $r['data']['data'];
 	killme();
-	// NOTREACHED
+
 }
\ No newline at end of file
diff --git a/mod/item.php b/mod/item.php
index 48715a0f4..dba325e19 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -377,7 +377,7 @@ function item_post(&$a) {
 		fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],$body,
 		$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny);
 
-		fix_attached_file_permissions($profile_uid,$owner_xchan['xchan_hash'],$body,
+		fix_attached_file_permissions($channel,$observer['xchan_hash'],$body,
 		$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny);
 
 	}
@@ -471,14 +471,13 @@ function item_post(&$a) {
 
 	if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) {
 		foreach($match[2] as $mtch) {
-			$r = q("SELECT `hash`,`filename`,`filesize`,`filetype` FROM `attach` WHERE `uid` = %d AND `hash` = '%s' LIMIT 1",
-				intval($profile_uid),
-				dbesc($mtch)
-			);
-			if(count($r)) {
+			$hash = substr($mtch,0,strpos($mtch,','));
+			$rev = intval(substr($mtch,strpos($mtch,',')));
+			$r = attach_by_hash_nodata($hash,$rev);
+			if($r['success']) {
 				if(strlen($attachments))
 					$attachments .= ',';
-				$attachments .= '[attach]href="' . $a->get_baseurl() . '/attach/' . $r[0]['hash'] . '" length="' . $r[0]['filesize'] . '" type="' . $r[0]['filetype'] . '" title="' . (($r[0]['filename']) ? $r[0]['filename'] : '') . '"[/attach]'; 
+				$attachments .= '[attach]href="' . $a->get_baseurl() . '/attach/' . $r['data']['hash'] . '" length="' . $r['data']['filesize'] . '" type="' . $r['data']['filetype'] . '" title="' . $r['data']['filename'] . '"[/attach]'; 
 			}
 			$body = str_replace($match[1],'',$body);
 		}
@@ -1008,7 +1007,7 @@ function fix_attached_photo_permissions($uid,$xchan_hash,$body,
 }
 
 
-function fix_attached_file_permissions($uid,$xchan_hash,$body,
+function fix_attached_file_permissions($channel,$observer_hash,$body,
 		$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny) {
 
 	$match = false;
@@ -1017,24 +1016,16 @@ function fix_attached_file_permissions($uid,$xchan_hash,$body,
 		$attaches = $match[1];
 		if($attaches) {
 			foreach($attaches as $attach) {
-				$r = q("select * from attach where uid = %d and hash = '%s' 
-					and allow_cid = '%s' and allow_gid = '' and deny_cid = '' and deny_gid = '' limit 1",
-					intval($uid),
-					dbesc($attach),
-					dbesc('<' . $xchan_hash . '>')
-				);				
-				if($r) {
-					$r = q("UPDATE attach 
-						SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s'
-						WHERE uid = %d AND hash = '%s' LIMIT 1",
-						dbesc($str_contact_allow),
-						dbesc($str_group_allow),
-						dbesc($str_contact_deny),
-						dbesc($str_group_deny),
-						intval($uid),
-						dbesc($attach)
-					);
-				}
+				$hash = substr($attach,0,strpos($attach,','));
+				$rev = intval(substr($attach,strpos($attach,',')));
+				attach_store($channel,$observer_hash,$options = 'update', array(
+					'hash'      => $hash,
+					'revision'  => $rev,
+					'allow_cid' => $str_contact_allow,
+					'allow_gid'  => $str_group_allow,
+					'deny_cid'  => $str_contact_deny,
+					'deny_gid'  => $str_group_deny
+				));
 			}
 		}
 	}
diff --git a/mod/wall_attach.php b/mod/wall_attach.php
index 305931bbb..5797531e8 100644
--- a/mod/wall_attach.php
+++ b/mod/wall_attach.php
@@ -5,7 +5,6 @@ require_once('include/datetime.php');
 
 function wall_attach_post(&$a) {
 
-
 	// Figure out who owns the page and if they allow attachments
 
 	if(argc() > 1) {
@@ -21,122 +20,13 @@ function wall_attach_post(&$a) {
 	else
 		killme();
 
-	
-	$can_post  = false;
-
-	
-	$visitor   = 0;
-
-	$page_owner_uid   = $channel['channel_id'];
-
-	if(! perm_is_allowed($page_owner_uid,get_observer_hash(),'write_storage')) {
-		notice( t('Permission denied.') . EOL);
-		killme();
-	}
-
-	if(! x($_FILES,'userfile'))
-		killme();
-
-	$src      = $_FILES['userfile']['tmp_name'];
-	$filename = basename($_FILES['userfile']['name']);
-	$filesize = intval($_FILES['userfile']['size']);
-
-
-	$replace = ((x($_REQUEST,'replace')) ? intval($_REQUEST['replace']) : 0);
-	$existing_size = 0;
-
-	if($replace) {
-		$x = q("select id, filesize, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and uid = %d limit 1",	
-			intval($replace),
-			intval($page_owner_uid)
-		);
-		if(! $x) {
-			notice('Cannot locate file to replace');
-			killme();
-		}
-		$existing_size = intval($x[0]['filesize']);
-
-	}
-	
-
-
-	$maxfilesize = get_config('system','maxfilesize');
-
-	if(($maxfilesize) && ($filesize > $maxfilesize)) {
-		notice( sprintf(t('File exceeds size limit of %d'), $maxfilesize) . EOL);
-		@unlink($src);
+	$r = attach_store($channel,get_observer_hash());
+	if(! $r['success']) {
+		notice( $r['message'] . EOL);
 		killme();
 	}
 
-	$limit = service_class_fetch($page_owner_uid,'attach_upload_limit');
-	if($limit !== false) {
-		$r = q("select sum(filesize) as total from attach where uid = %d ",
-			intval($page_owner_uid)
-		);
-		if(($r) &&  (($r[0]['total'] + $filesize) > ($limit - $existing_size))) {
-			echo upgrade_message(true) . EOL ;
-			@unlink($src);
-			killme();
-		}
-	}
-
-// TODO turn this into a general file upload api where permissions can be set on demand and move it out of the front end controller. 
-// We're making several assumptions that we are uploading into a post, which defaults to owner privacy until the post is completed 
-// and permissions are updated to match the post. 
-
-	$filedata = @file_get_contents($src);
-	$mimetype = z_mime_content_type($filename);
-	$hash = random_string();
-	$created = datetime_convert();
-	if($replace) {
-		$r = q("update attach set filename = '%s', filetype = '%s', filesize = %d, data = '%s', edited = '%s' where id = %d limit 1",
-			dbesc($filename),
-			dbesc($mimetype),
-			intval($filesize),
-			dbesc($filedata),
-			dbesc($created),
-			intval($replace)
-		);
-	}
-	else {
-		$r = q("INSERT INTO `attach` ( `aid`, `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
-			VALUES ( %d, %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
-			intval($channel['channel_account_id']),
-			intval($page_owner_uid),
-			dbesc($hash),
-			dbesc($filename),
-			dbesc($mimetype),
-			intval($filesize),
-			dbesc($filedata),
-			dbesc($created),
-			dbesc($created),
-			dbesc('<' . $channel['channel_hash'] . '>'),
-			dbesc(''),
-			dbesc(''),
-			dbesc('')
-		);
-	}		
-
-	@unlink($src);
-
-	if(! $r) {
-		echo ( t('File upload failed.') . EOL);
-		killme();
-	}
-
-	$r = q("SELECT `hash` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1",
-		intval($page_owner_uid),
-		dbesc($created),
-		dbesc($hash)
-	);
-
-	if(! $r) {
-		echo ( t('File upload failed.') . EOL);
-		killme();
-	}
-
-	echo  "\n\n" . '[attachment]' . $r[0]['hash'] . '[/attachment]' . "\n";
-	
+	echo  "\n\n" . '[attachment]' . $r['data']['hash'] . ',' . $r['data']['revision'] . '[/attachment]' . "\n";
 	killme();
-	// NOTREACHED
+
 }