aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--database.sql4
-rw-r--r--include/Photo.php27
-rw-r--r--mod/dfrn_confirm.php61
-rw-r--r--mod/item.php18
-rw-r--r--mod/photo.php49
-rw-r--r--mod/profile_photo.php63
-rw-r--r--mod/wall_upload.php51
-rw-r--r--view/jot-header.tpl2
8 files changed, 117 insertions, 158 deletions
diff --git a/database.sql b/database.sql
index 6b8b1281b..93d793cd0 100644
--- a/database.sql
+++ b/database.sql
@@ -217,9 +217,9 @@ CREATE TABLE IF NOT EXISTS `photo` (
`data` mediumblob NOT NULL,
`scale` tinyint(3) NOT NULL,
`profile` tinyint(1) NOT NULL DEFAULT '0',
- `allow_uid` mediumtext NOT NULL,
+ `allow_cid` mediumtext NOT NULL,
`allow_gid` mediumtext NOT NULL,
- `deny_uid` mediumtext NOT NULL,
+ `deny_cid` mediumtext NOT NULL,
`deny_gid` mediumtext NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
diff --git a/include/Photo.php b/include/Photo.php
index 95ccccc88..b8557e7ec 100644
--- a/include/Photo.php
+++ b/include/Photo.php
@@ -167,5 +167,32 @@ class Photo {
}
+
+ public function store($uid, $cid, $rid, $filename, $album, $scale, $profile = 0) {
+
+ $r = q("INSERT INTO `photo`
+ ( `uid`, `contact-id`, `resource-id`, `created`, `edited`, `filename`, `album`, `height`, `width`, `data`, `scale`, `profile` )
+ VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d )",
+ intval($uid),
+ intval($cid),
+ dbesc($rid),
+ dbesc(datetime_convert()),
+ dbesc(datetime_convert()),
+ dbesc(basename($filename)),
+ dbesc($album),
+ intval($this->height),
+ intval($this->width),
+ dbesc($this->imageString()),
+ intval($scale),
+ intval($profile)
+ );
+ return $r;
+ }
+
+
+
+
+
}}
+
diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php
index e5a550cd9..263c88f67 100644
--- a/mod/dfrn_confirm.php
+++ b/mod/dfrn_confirm.php
@@ -91,36 +91,14 @@ function dfrn_confirm_post(&$a) {
$hash = hash('md5',uniqid(mt_rand(),true));
- $r = q("INSERT INTO `photo` ( `uid`, `contact-id`, `resource-id`, `created`, `edited`, `filename`, `album`, `height`, `width`, `data`, `scale` )
- VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', 4 )",
- intval($local_uid),
- intval($dfrn_record),
- dbesc($hash),
- datetime_convert(),
- datetime_convert(),
- dbesc(basename($r[0]['photo'])),
- dbesc( t('Contact Photos') ),
- intval($img->getHeight()),
- intval($img->getWidth()),
- dbesc($img->imageString())
- );
+ $r = $img->store($local_uid, $dfrn_record, $hash, $filename, t('Contact Photos') , 4);
+
if($r === false)
$photo_failure = true;
$img->scaleImage(80);
- $r = q("INSERT INTO `photo` ( `uid`, `contact-id`, `resource-id`, `created`, `edited`, `filename`, `album`, `height`, `width`, `data`, `scale` )
- VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', 5 )",
- intval($local_uid),
- intval($dfrn_record),
- dbesc($hash),
- datetime_convert(),
- datetime_convert(),
- dbesc(basename($r[0]['photo'])),
- dbesc( t('Contact Photos')),
- intval($img->getHeight()),
- intval($img->getWidth()),
- dbesc($img->imageString())
- );
+ $r = $img->store($local_uid, $dfrn_record, $hash, $filename, t('Contact Photos') , 5);
+
if($r === false)
$photo_failure = true;
@@ -190,7 +168,7 @@ function dfrn_confirm_post(&$a) {
$uid = $_SESSION['uid'];
if(! $uid) {
- notice(t("Permission denied.") . EOL );
+ notice( t("Permission denied.") . EOL );
return;
}
@@ -319,33 +297,14 @@ function dfrn_confirm_post(&$a) {
$hash = hash('md5',uniqid(mt_rand(),true));
- $r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`, `album`, `height`, `width`, `data`, `scale` )
- VALUES ( %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', 4 )",
- intval($local_uid),
- dbesc($hash),
- datetime_convert(),
- datetime_convert(),
- dbesc(basename($r[0]['photo'])),
- dbesc( t('Contact Photos') ),
- intval($img->getHeight()),
- intval($img->getWidth()),
- dbesc($img->imageString())
- );
+ $r = $img->store($local_uid, $contact_id, $hash, $filename, t('Contact Photos'), 4 );
+
if($r === false)
$photo_failure = true;
$img->scaleImage(80);
- $r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`, `album`, `height`, `width`, `data`, `scale` )
- VALUES ( %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', 5 )",
- intval($local_uid),
- dbesc($hash),
- datetime_convert(),
- datetime_convert(),
- dbesc(basename($r[0]['photo'])),
- dbesc( t('Contact Photos') ),
- intval($img->getHeight()),
- intval($img->getWidth()),
- dbesc($img->imageString())
- );
+
+ $r = $img->store($local_uid, $contact_id, $hash, $filename, t('Contact Photos'), 5 );
+
if($r === false)
$photo_failure = true;
diff --git a/mod/item.php b/mod/item.php
index 49067d940..5f53eccf3 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -23,7 +23,7 @@ function item_post(&$a) {
intval($parent)
);
if(! count($r)) {
- notice("Unable to locate original post." . EOL);
+ notice( t('Unable to locate original post.') . EOL);
goaway($a->get_baseurl() . "/" . $_POST['return'] );
}
$parent_item = $r[0];
@@ -68,7 +68,7 @@ function item_post(&$a) {
$body = escape_tags(trim($_POST['body']));
if(! strlen($body)) {
- notice("Empty post discarded." . EOL );
+ notice( t('Empty post discarded.') . EOL );
goaway($a->get_baseurl() . "/" . $_POST['return'] );
}
@@ -221,6 +221,19 @@ function item_content(&$a) {
intval($item['id'])
);
+ // If item is a link to a photo resource, nuke all the associated photos
+ // (visitors will not have photo resources)
+ // This only applies to photos uploaded from the photos page. Photos inserted into a post do not
+ // generate a resource-id and therefore aren't intimately linked to the item.
+
+ if(strlen($item['resource-id'])) {
+ $q("DELETE FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ",
+ dbesc($item['resource-id']),
+ intval($item['uid'])
+ );
+ // ignore the result
+ }
+
// If it's the parent of a comment thread, kill all the kids
if($item['uri'] == $item['parent-uri']) {
@@ -230,6 +243,7 @@ function item_content(&$a) {
dbesc($item['parent-uri']),
intval($item['uid'])
);
+ // ignore the result
}
$url = $a->get_baseurl();
diff --git a/mod/photo.php b/mod/photo.php
index f922c7ab2..6e4d981d2 100644
--- a/mod/photo.php
+++ b/mod/photo.php
@@ -44,6 +44,7 @@ function photo_init(&$a) {
}
}
else {
+
$resolution = 0;
$photo = str_replace('.jpg','',$photo);
@@ -52,12 +53,56 @@ function photo_init(&$a) {
$photo = substr($photo,0,-2);
}
- $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
+ $r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
dbesc($photo),
intval($resolution)
);
if(count($r)) {
- $data = $r[0]['data'];
+
+ $owner = $r[0]['uid'];
+
+ $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
+
+ if(local_user() && ($owner == $_SESSION['uid'])) {
+
+ // Owner can always see his/her photos
+ $sql_extra = '';
+
+ }
+ elseif(remote_user()) {
+
+ // authenticated visitor - here lie dragons
+
+ $groups = init_groups_visitor($_SESSION['visitor_id']);
+ $gs = '<<>>'; // should be impossible to match
+ if(count($groups)) {
+ foreach($groups as $g)
+ $gs .= '|<' . intval($g) . '>';
+ }
+
+ $sql_extra = sprintf(
+ " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )
+ AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )
+ AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
+ AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ",
+
+ intval($_SESSION['visitor_id']),
+ intval($_SESSION['visitor_id']),
+ dbesc($gs),
+ dbesc($gs)
+ );
+ }
+
+ // Now we'll see if we can access the photo
+
+ $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d $sql_extra LIMIT 1",
+ dbesc($photo),
+ intval($resolution)
+ );
+
+ if(count($r)) {
+ $data = $r[0]['data'];
+ }
}
}
diff --git a/mod/profile_photo.php b/mod/profile_photo.php
index 818cbecb2..151277249 100644
--- a/mod/profile_photo.php
+++ b/mod/profile_photo.php
@@ -42,7 +42,7 @@ function profile_photo_post(&$a) {
$srcY = $_POST['ystart'];
$srcW = $_POST['xfinal'] - $srcX;
$srcH = $_POST['yfinal'] - $srcY;
-
+//dbg(3);
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = %d LIMIT 1",
dbesc($image_id),
dbesc($_SESSION['uid']),
@@ -55,38 +55,14 @@ function profile_photo_post(&$a) {
$im = new Photo($base_image['data']);
$im->cropImage(175,$srcX,$srcY,$srcW,$srcH);
- $ret = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`, `album`,
- `height`, `width`, `data`, `scale`, `profile` )
- VALUES ( %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', 4, 1 )",
- intval($_SESSION['uid']),
- dbesc($base_image['resource-id']),
- datetime_convert(),
- datetime_convert(),
- dbesc($base_image['filename']),
- dbesc( t('Profile Photos') ),
- intval($im->getHeight()),
- intval($im->getWidth()),
- dbesc($im->imageString())
- );
+ $r = $im->store($_SESSION['uid'], 0, $base_image['resource-id'],$base_image['filename'], t('Profile Photos'), 4, 1);
if($r === false)
notice ( t('Image size reduction (175) failed.') . EOL );
$im->scaleImage(80);
- $ret = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`, `album`,
- `height`, `width`, `data`, `scale`, `profile` )
- VALUES ( %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', 5, 1 )",
- intval($_SESSION['uid']),
- dbesc($base_image['resource-id']),
- datetime_convert(),
- datetime_convert(),
- dbesc($base_image['filename']),
- dbesc( t('Profile Photos') ),
- intval($im->getHeight()),
- intval($im->getWidth()),
- dbesc($im->imageString())
- );
+ $r = $im->store($_SESSION['uid'], 0, $base_image['resource-id'],$base_image['filename'], t('Profile Photos'), 5, 1);
if($r === false)
notice( t('Image size reduction (80) failed.') . EOL );
@@ -129,21 +105,11 @@ function profile_photo_post(&$a) {
$hash = hash('md5',uniqid(mt_rand(),true));
- $str_image = $ph->imageString();
+
$smallest = 0;
- $r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`, `album`,
- `height`, `width`, `data`, `scale` )
- VALUES ( %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', 0 )",
- intval($_SESSION['uid']),
- dbesc($hash),
- datetime_convert(),
- datetime_convert(),
- dbesc(basename($filename)),
- dbesc( t('Profile Photos') ),
- intval($height),
- intval($width),
- dbesc($str_image));
+ $r = $ph->store($_SESSION['uid'], 0 , $hash, $filename, t('Profile Photos'), 0 );
+
if($r)
notice( t('Image uploaded successfully.') . EOL );
else
@@ -151,23 +117,8 @@ function profile_photo_post(&$a) {
if($width > 640 || $height > 640) {
$ph->scaleImage(640);
- $str_image = $ph->imageString();
- $width = $ph->getWidth();
- $height = $ph->getHeight();
+ $r = $ph->store($_SESSION['uid'], 0 , $hash, $filename, t('Profile Photos'), 1 );
- $r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`, `album`,
- `height`, `width`, `data`, `scale` )
- VALUES ( %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', 1 )",
- intval($_SESSION['uid']),
- dbesc($hash),
- datetime_convert(),
- datetime_convert(),
- dbesc(basename($filename)),
- dbesc( t('Profile Photos') ),
- intval($ph->getHeight()),
- intval($ph->getWidth()),
- dbesc($ph->imageString())
- );
if($r === false)
notice( t('Image size reduction (640) failed.') . EOL );
else
diff --git a/mod/wall_upload.php b/mod/wall_upload.php
index 34c541677..d05c8cf92 100644
--- a/mod/wall_upload.php
+++ b/mod/wall_upload.php
@@ -5,7 +5,7 @@ require_once('Photo.php');
function wall_upload_post(&$a) {
if(! local_user()) {
- echo ( "Permission denied." . EOL );
+ echo ( t('Permission denied.') . EOL );
killme();
}
@@ -20,7 +20,7 @@ function wall_upload_post(&$a) {
$ph = new Photo($imagedata);
if(! ($image = $ph->getImage())) {
- echo ("Unable to process image." . EOL);
+ echo ( t('Unable to process image.') . EOL);
@unlink($src);
killme();
}
@@ -32,62 +32,25 @@ function wall_upload_post(&$a) {
$hash = hash('md5',uniqid(mt_rand(),true));
- $str_image = $ph->imageString();
$smallest = 0;
- $r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`, `album`,
- `height`, `width`, `data`, `scale` )
- VALUES ( %d, '%s', '%s', '%s', '%s', %d, %d, '%s', 0 )",
- intval($_SESSION['uid']),
- dbesc($hash),
- datetime_convert(),
- datetime_convert(),
- dbesc(basename($filename)),
- dbesc( t('Wall Photos')),
- intval($height),
- intval($width),
- dbesc($str_image));
+ $r = $ph->store($_SESSION['uid'], 0, $hash, $filename, t('Wall Photos'), 0 );
+
if(! $r) {
- echo ("Image upload failed." . EOL);
+ echo ( t('Image upload failed.') . EOL);
killme();
}
if($width > 640 || $height > 640) {
$ph->scaleImage(640);
-
- $r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`, `album`,
- `height`, `width`, `data`, `scale` )
- VALUES ( %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', 1 )",
- intval($_SESSION['uid']),
- dbesc($hash),
- datetime_convert(),
- datetime_convert(),
- dbesc(basename($filename)),
- dbesc( t('Wall Photos') ),
- intval($ph->getHeight()),
- intval($ph->getWidth()),
- dbesc($ph->imageString())
- );
+ $r = $ph->store($_SESSION['uid'], 0, $hash, $filename, t('Wall Photos'), 1 );
if($r)
$smallest = 1;
}
if($width > 320 || $height > 320) {
$ph->scaleImage(320);
-
- $r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`, `album`,
- `height`, `width`, `data`, `scale` )
- VALUES ( %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', 2 )",
- intval($_SESSION['uid']),
- dbesc($hash),
- datetime_convert(),
- datetime_convert(),
- dbesc(basename($filename)),
- dbesc( t('Wall Photos') ),
- intval($ph->getHeight()),
- intval($ph->getWidth()),
- dbesc($ph->imageString())
- );
+ $r = $ph->store($_SESSION['uid'], 0, $hash, $filename, t('Wall Photos'), 2 );
if($r)
$smallest = 2;
}
diff --git a/view/jot-header.tpl b/view/jot-header.tpl
index fc05a40be..6402d5db6 100644
--- a/view/jot-header.tpl
+++ b/view/jot-header.tpl
@@ -31,7 +31,7 @@ tinyMCE.init({
name: 'userfile',
onSubmit: function(file,ext) { $('#profile-rotator').show(); },
onComplete: function(file,response) {
-alert(response); tinyMCE.execCommand('mceInsertRawHTML',false,response);
+ tinyMCE.execCommand('mceInsertRawHTML',false,response);
$('#profile-rotator').hide();
}
}