diff options
-rw-r--r-- | include/photos.php | 46 | ||||
-rw-r--r-- | mod/photos.php | 159 |
2 files changed, 101 insertions, 104 deletions
diff --git a/include/photos.php b/include/photos.php index 6609a6fa8..0d0750c22 100644 --- a/include/photos.php +++ b/include/photos.php @@ -274,4 +274,48 @@ function photos_album_widget($channelx,$observer,$albums = null) { )); } return $o; -}
\ No newline at end of file +} + +function photos_album_exists($channel_id,$album) { + $r = q("SELECT id from photo where album = '%s' and uid = %d limit 1", + dbesc($album), + intval($channel_id) + ); + return (($r) ? true : false); +} + +function photos_album_rename($channel_id,$oldname,$newname) { + return q("UPDATE photo SET album = '%s' WHERE album = '%s' AND uid = %d", + dbesc($newname), + dbesc($oldname), + intval($channel_id) + ); +} + + +function photos_album_get_db_idstr($channel_id,$album,$remote_xchan = '') { + + if($remote_xchan) { + $r = q("SELECT distinct resource_id as from photo where xchan = '%s' and uid = %d and album = '%s' ", + dbesc($remote_xchan), + intval($channel_id), + dbesc($album) + ); + } + else { + $r = q("SELECT distinct resource_id from photo where uid = %d and album = '%s' ", + intval($channel_id), + dbesc($album) + ); + } + if($r) { + $arr = array(); + foreach($r as $rr) { + $arr[] = "'" . dbesc($rr['resource_id']) . "'" ; + } + $str = implode(',',$arr); + return $str; + } + return false; + +} diff --git a/mod/photos.php b/mod/photos.php index 68b1bcb6b..127ea4893 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -14,6 +14,7 @@ function photos_init(&$a) { if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) { return; } + $o = ''; if(argc() > 1) { @@ -32,14 +33,13 @@ function photos_init(&$a) { $a->data['perms'] = get_all_perms($channelx[0]['channel_id'],$observer_xchan); + + $a->set_widget('vcard',vcard_from_xchan($a->data['channel'],$observer)); if($a->data['perms']['view_photos']) { - $a->data['albums'] = photos_albums_list($a->data['channel'],$observer); - $a->set_widget('photo_albums',photos_album_widget($a->data['channel'],$observer,$a->data['albums'])); - } $a->page['htmlhead'] .= "<script> var ispublic = '" . t('everybody') . "';</script>" ; @@ -62,153 +62,106 @@ function photos_post(&$a) { $phototypes = Photo::supportedTypes(); $can_post = false; - $visitor = 0; $page_owner_uid = $a->data['channel']['channel_id']; - $community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false); - if((local_user()) && (local_user() == $page_owner_uid)) + if($a->perms['post_photos']) $can_post = true; - else { - if($community_page && remote_user()) { - $cid = 0; - if(is_array($_SESSION['remote'])) { - foreach($_SESSION['remote'] as $v) { - if($v['uid'] == $page_owner_uid) { - $cid = $v['cid']; - break; - } - } - } - if($cid) { - - $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", - intval($cid), - intval($page_owner_uid) - ); - if(count($r)) { - $can_post = true; - $visitor = $cid; - } - } - } - } if(! $can_post) { notice( t('Permission denied.') . EOL ); - killme(); + if(is_ajax()) + killme(); + return; } - $r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` - WHERE `user`.`uid` = %d AND `self` = 1 LIMIT 1", - intval($page_owner_uid) - ); + $s = abook_self($page_owner_uid); - if(! count($r)) { - notice( t('Contact information unavailable') . EOL); - logger('photos_post: unable to locate contact record for page owner. uid=' . $page_owner_uid); - killme(); + if(! $s) { + notice( t('Page owner information could not be retrieved.') . EOL); + logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid); + if(is_ajax()) + killme(); + return; } - $owner_record = $r[0]; + $owner_record = $s[0]; - if(($a->argc > 3) && ($a->argv[2] === 'album')) { - $album = hex2bin($a->argv[3]); + if((argc() > 3) && (argv(2) === 'album')) { - if($album === t('Profile Photos') || $album === 'Contact Photos' || $album === t('Contact Photos')) { + $album = hex2bin(argv(3)); + + if($album === t('Profile Photos')) { + // not allowed goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); - return; // NOTREACHED } - $r = q("SELECT count(*) FROM `photo` WHERE `album` = '%s' AND `uid` = %d", - dbesc($album), - intval($page_owner_uid) - ); - if(! count($r)) { + if(! photos_album_exists($page_owner_uid,$album)) { notice( t('Album not found.') . EOL); goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); - return; // NOTREACHED } - $newalbum = notags(trim($_POST['albumname'])); + + /* + * RENAME photo album + */ + + $newalbum = notags(trim($_REQUEST['albumname'])); if($newalbum != $album) { - q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d", - dbesc($newalbum), - dbesc($album), - intval($page_owner_uid) - ); - $newurl = str_replace(bin2hex($album),bin2hex($newalbum),$_SESSION['photo_return']); - goaway($a->get_baseurl() . '/' . $newurl); - return; // NOTREACHED + $x = photos_album_rename($page_owner_uid,$album,$newalbum); + if($x) { + $newurl = str_replace(bin2hex($album),bin2hex($newalbum),$_SESSION['photo_return']); + goaway($a->get_baseurl() . '/' . $newurl); + } } + /* + * DELETE photo album and all its photos + */ - if($_POST['dropalbum'] == t('Delete Album')) { + if($_REQUEST['dropalbum'] == t('Delete Album')) { $res = array(); // get the list of photos we are about to delete - if($visitor) { - $r = q("SELECT distinct(`resource_id`) as `rid` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `album` = '%s'", - intval($visitor), - intval($page_owner_uid), - dbesc($album) - ); - } - else { - $r = q("SELECT distinct(`resource_id`) as `rid` FROM `photo` WHERE `uid` = %d AND `album` = '%s'", - intval(local_user()), - dbesc($album) - ); + if(remote_user() && (! local_user())) { + $str = photos_album_get_db_idstr($page_owner_uid,$album,remote_user()); } - if(count($r)) { - foreach($r as $rr) { - $res[] = "'" . dbesc($rr['rid']) . "'" ; - } + elseif(local_user()) { + $str = photos_album_get_db_idstr(local_user(),$album); } else { + $str = null; + } + if(! $str) { goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); - return; // NOTREACHED } - $str_res = implode(',', $res); - - // remove the associated photos - - q("DELETE FROM `photo` WHERE `resource_id` IN ( $str_res ) AND `uid` = %d", + $r = q("select id, item_restrict from item where resource_id in ( $str ) and resource_type = 'photo' and uid = %d", intval($page_owner_uid) ); + if($r) { + foreach($r as $i) { + drop_item($i['id'],false); + if(! $item_restrict) + proc_run('php','include/notifier.php','drop',$i['id']); + } + } - // find and delete the corresponding item with all the comments and likes/dislikes + // remove the associated photos in case they weren't attached to an item - $r = q("SELECT `parent_uri` FROM `item` WHERE `resource_id` IN ( $str_res ) AND `uid` = %d", + q("delete from photo where resource_id in ( $str ) and uid = %d", intval($page_owner_uid) ); - if(count($r)) { - foreach($r as $rr) { - q("UPDATE `item` SET `deleted` = 1, `changed` = '%s' WHERE `parent_uri` = '%s' AND `uid` = %d", - dbesc(datetime_convert()), - dbesc($rr['parent_uri']), - intval($page_owner_uid) - ); - - $drop_id = intval($rr['id']); - - // send the notification upstream/downstream as the case may be - - if($rr['visible']) - proc_run('php',"include/notifier.php","drop","$drop_id"); - } - } } + goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address']); - return; // NOTREACHED } - if(($a->argc > 2) && (x($_POST,'delete')) && ($_POST['delete'] == t('Delete Photo'))) { - + if((argc() > 2) && (x($_REQUEST,'delete')) && ($_REQUEST['delete'] === t('Delete Photo'))) { +// FIXME // same as above but remove single photo if($visitor) { |