diff options
| -rw-r--r-- | database.sql | 4 | ||||
| -rw-r--r-- | include/Photo.php | 27 | ||||
| -rw-r--r-- | mod/dfrn_confirm.php | 61 | ||||
| -rw-r--r-- | mod/item.php | 18 | ||||
| -rw-r--r-- | mod/photo.php | 49 | ||||
| -rw-r--r-- | mod/profile_photo.php | 63 | ||||
| -rw-r--r-- | mod/wall_upload.php | 51 | ||||
| -rw-r--r-- | view/jot-header.tpl | 2 |
8 files changed, 117 insertions, 158 deletions
diff --git a/database.sql b/database.sql index 6b8b1281b..93d793cd0 100644 --- a/database.sql +++ b/database.sql @@ -217,9 +217,9 @@ CREATE TABLE IF NOT EXISTS `photo` ( `data` mediumblob NOT NULL, `scale` tinyint(3) NOT NULL, `profile` tinyint(1) NOT NULL DEFAULT '0', - `allow_uid` mediumtext NOT NULL, + `allow_cid` mediumtext NOT NULL, `allow_gid` mediumtext NOT NULL, - `deny_uid` mediumtext NOT NULL, + `deny_cid` mediumtext NOT NULL, `deny_gid` mediumtext NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; diff --git a/include/Photo.php b/include/Photo.php index 95ccccc88..b8557e7ec 100644 --- a/include/Photo.php +++ b/include/Photo.php @@ -167,5 +167,32 @@ class Photo { } + + public function store($uid, $cid, $rid, $filename, $album, $scale, $profile = 0) { + + $r = q("INSERT INTO `photo` + ( `uid`, `contact-id`, `resource-id`, `created`, `edited`, `filename`, `album`, `height`, `width`, `data`, `scale`, `profile` ) + VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d )", + intval($uid), + intval($cid), + dbesc($rid), + dbesc(datetime_convert()), + dbesc(datetime_convert()), + dbesc(basename($filename)), + dbesc($album), + intval($this->height), + intval($this->width), + dbesc($this->imageString()), + intval($scale), + intval($profile) + ); + return $r; + } + + + + + }} + diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php index e5a550cd9..263c88f67 100644 --- a/mod/dfrn_confirm.php +++ b/mod/dfrn_confirm.php @@ -91,36 +91,14 @@ function dfrn_confirm_post(&$a) { $hash = hash('md5',uniqid(mt_rand(),true)); - $r = q("INSERT INTO `photo` ( `uid`, `contact-id`, `resource-id`, `created`, `edited`, `filename`, `album`, `height`, `width`, `data`, `scale` ) - VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', 4 )", - intval($local_uid), - intval($dfrn_record), - dbesc($hash), - datetime_convert(), - datetime_convert(), - dbesc(basename($r[0]['photo'])), - dbesc( t('Contact Photos') ), - intval($img->getHeight()), - intval($img->getWidth()), - dbesc($img->imageString()) - ); + $r = $img->store($local_uid, $dfrn_record, $hash, $filename, t('Contact Photos') , 4); + if($r === false) $photo_failure = true; $img->scaleImage(80); - $r = q("INSERT INTO `photo` ( `uid`, `contact-id`, `resource-id`, `created`, `edited`, `filename`, `album`, `height`, `width`, `data`, `scale` ) - VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', 5 )", - intval($local_uid), - intval($dfrn_record), - dbesc($hash), - datetime_convert(), - datetime_convert(), - dbesc(basename($r[0]['photo'])), - dbesc( t('Contact Photos')), - intval($img->getHeight()), - intval($img->getWidth()), - dbesc($img->imageString()) - ); + $r = $img->store($local_uid, $dfrn_record, $hash, $filename, t('Contact Photos') , 5); + if($r === false) $photo_failure = true; @@ -190,7 +168,7 @@ function dfrn_confirm_post(&$a) { $uid = $_SESSION['uid']; if(! $uid) { - notice(t("Permission denied.") . EOL ); + notice( t("Permission denied.") . EOL ); return; } @@ -319,33 +297,14 @@ function dfrn_confirm_post(&$a) { $hash = hash('md5',uniqid(mt_rand(),true)); - $r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`, `album`, `height`, `width`, `data`, `scale` ) - VALUES ( %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', 4 )", - intval($local_uid), - dbesc($hash), - datetime_convert(), - datetime_convert(), - dbesc(basename($r[0]['photo'])), - dbesc( t('Contact Photos') ), - intval($img->getHeight()), - intval($img->getWidth()), - dbesc($img->imageString()) - ); + $r = $img->store($local_uid, $contact_id, $hash, $filename, t('Contact Photos'), 4 ); + if($r === false) $photo_failure = true; $img->scaleImage(80); - $r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`, `album`, `height`, `width`, `data`, `scale` ) - VALUES ( %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', 5 )", - intval($local_uid), - dbesc($hash), - datetime_convert(), - datetime_convert(), - dbesc(basename($r[0]['photo'])), - dbesc( t('Contact Photos') ), - intval($img->getHeight()), - intval($img->getWidth()), - dbesc($img->imageString()) - ); + + $r = $img->store($local_uid, $contact_id, $hash, $filename, t('Contact Photos'), 5 ); + if($r === false) $photo_failure = true; diff --git a/mod/item.php b/mod/item.php index 49067d940..5f53eccf3 100644 --- a/mod/item.php +++ b/mod/item.php @@ -23,7 +23,7 @@ function item_post(&$a) { intval($parent) ); if(! count($r)) { - notice("Unable to locate original post." . EOL); + notice( t('Unable to locate original post.') . EOL); goaway($a->get_baseurl() . "/" . $_POST['return'] ); } $parent_item = $r[0]; @@ -68,7 +68,7 @@ function item_post(&$a) { $body = escape_tags(trim($_POST['body'])); if(! strlen($body)) { - notice("Empty post discarded." . EOL ); + notice( t('Empty post discarded.') . EOL ); goaway($a->get_baseurl() . "/" . $_POST['return'] ); } @@ -221,6 +221,19 @@ function item_content(&$a) { intval($item['id']) ); + // If item is a link to a photo resource, nuke all the associated photos + // (visitors will not have photo resources) + // This only applies to photos uploaded from the photos page. Photos inserted into a post do not + // generate a resource-id and therefore aren't intimately linked to the item. + + if(strlen($item['resource-id'])) { + $q("DELETE FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ", + dbesc($item['resource-id']), + intval($item['uid']) + ); + // ignore the result + } + // If it's the parent of a comment thread, kill all the kids if($item['uri'] == $item['parent-uri']) { @@ -230,6 +243,7 @@ function item_content(&$a) { dbesc($item['parent-uri']), intval($item['uid']) ); + // ignore the result } $url = $a->get_baseurl(); diff --git a/mod/photo.php b/mod/photo.php index f922c7ab2..6e4d981d2 100644 --- a/mod/photo.php +++ b/mod/photo.php @@ -44,6 +44,7 @@ function photo_init(&$a) { } } else { + $resolution = 0; $photo = str_replace('.jpg','',$photo); @@ -52,12 +53,56 @@ function photo_init(&$a) { $photo = substr($photo,0,-2); } - $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", + $r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", dbesc($photo), intval($resolution) ); if(count($r)) { - $data = $r[0]['data']; + + $owner = $r[0]['uid']; + + $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; + + if(local_user() && ($owner == $_SESSION['uid'])) { + + // Owner can always see his/her photos + $sql_extra = ''; + + } + elseif(remote_user()) { + + // authenticated visitor - here lie dragons + + $groups = init_groups_visitor($_SESSION['visitor_id']); + $gs = '<<>>'; // should be impossible to match + if(count($groups)) { + foreach($groups as $g) + $gs .= '|<' . intval($g) . '>'; + } + + $sql_extra = sprintf( + " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) + AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) + AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) + AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", + + intval($_SESSION['visitor_id']), + intval($_SESSION['visitor_id']), + dbesc($gs), + dbesc($gs) + ); + } + + // Now we'll see if we can access the photo + + $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d $sql_extra LIMIT 1", + dbesc($photo), + intval($resolution) + ); + + if(count($r)) { + $data = $r[0]['data']; + } } } diff --git a/mod/profile_photo.php b/mod/profile_photo.php index 818cbecb2..151277249 100644 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -42,7 +42,7 @@ function profile_photo_post(&$a) { $srcY = $_POST['ystart']; $srcW = $_POST['xfinal'] - $srcX; $srcH = $_POST['yfinal'] - $srcY; - +//dbg(3); $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = %d LIMIT 1", dbesc($image_id), dbesc($_SESSION['uid']), @@ -55,38 +55,14 @@ function profile_photo_post(&$a) { $im = new Photo($base_image['data']); $im->cropImage(175,$srcX,$srcY,$srcW,$srcH); - $ret = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`, `album`, - `height`, `width`, `data`, `scale`, `profile` ) - VALUES ( %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', 4, 1 )", - intval($_SESSION['uid']), - dbesc($base_image['resource-id']), - datetime_convert(), - datetime_convert(), - dbesc($base_image['filename']), - dbesc( t('Profile Photos') ), - intval($im->getHeight()), - intval($im->getWidth()), - dbesc($im->imageString()) - ); + $r = $im->store($_SESSION['uid'], 0, $base_image['resource-id'],$base_image['filename'], t('Profile Photos'), 4, 1); if($r === false) notice ( t('Image size reduction (175) failed.') . EOL ); $im->scaleImage(80); - $ret = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`, `album`, - `height`, `width`, `data`, `scale`, `profile` ) - VALUES ( %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', 5, 1 )", - intval($_SESSION['uid']), - dbesc($base_image['resource-id']), - datetime_convert(), - datetime_convert(), - dbesc($base_image['filename']), - dbesc( t('Profile Photos') ), - intval($im->getHeight()), - intval($im->getWidth()), - dbesc($im->imageString()) - ); + $r = $im->store($_SESSION['uid'], 0, $base_image['resource-id'],$base_image['filename'], t('Profile Photos'), 5, 1); if($r === false) notice( t('Image size reduction (80) failed.') . EOL ); @@ -129,21 +105,11 @@ function profile_photo_post(&$a) { $hash = hash('md5',uniqid(mt_rand(),true)); - $str_image = $ph->imageString(); + $smallest = 0; - $r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`, `album`, - `height`, `width`, `data`, `scale` ) - VALUES ( %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', 0 )", - intval($_SESSION['uid']), - dbesc($hash), - datetime_convert(), - datetime_convert(), - dbesc(basename($filename)), - dbesc( t('Profile Photos') ), - intval($height), - intval($width), - dbesc($str_image)); + $r = $ph->store($_SESSION['uid'], 0 , $hash, $filename, t('Profile Photos'), 0 ); + if($r) notice( t('Image uploaded successfully.') . EOL ); else @@ -151,23 +117,8 @@ function profile_photo_post(&$a) { if($width > 640 || $height > 640) { $ph->scaleImage(640); - $str_image = $ph->imageString(); - $width = $ph->getWidth(); - $height = $ph->getHeight(); + $r = $ph->store($_SESSION['uid'], 0 , $hash, $filename, t('Profile Photos'), 1 ); - $r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`, `album`, - `height`, `width`, `data`, `scale` ) - VALUES ( %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', 1 )", - intval($_SESSION['uid']), - dbesc($hash), - datetime_convert(), - datetime_convert(), - dbesc(basename($filename)), - dbesc( t('Profile Photos') ), - intval($ph->getHeight()), - intval($ph->getWidth()), - dbesc($ph->imageString()) - ); if($r === false) notice( t('Image size reduction (640) failed.') . EOL ); else diff --git a/mod/wall_upload.php b/mod/wall_upload.php index 34c541677..d05c8cf92 100644 --- a/mod/wall_upload.php +++ b/mod/wall_upload.php @@ -5,7 +5,7 @@ require_once('Photo.php'); function wall_upload_post(&$a) { if(! local_user()) { - echo ( "Permission denied." . EOL ); + echo ( t('Permission denied.') . EOL ); killme(); } @@ -20,7 +20,7 @@ function wall_upload_post(&$a) { $ph = new Photo($imagedata); if(! ($image = $ph->getImage())) { - echo ("Unable to process image." . EOL); + echo ( t('Unable to process image.') . EOL); @unlink($src); killme(); } @@ -32,62 +32,25 @@ function wall_upload_post(&$a) { $hash = hash('md5',uniqid(mt_rand(),true)); - $str_image = $ph->imageString(); $smallest = 0; - $r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`, `album`, - `height`, `width`, `data`, `scale` ) - VALUES ( %d, '%s', '%s', '%s', '%s', %d, %d, '%s', 0 )", - intval($_SESSION['uid']), - dbesc($hash), - datetime_convert(), - datetime_convert(), - dbesc(basename($filename)), - dbesc( t('Wall Photos')), - intval($height), - intval($width), - dbesc($str_image)); + $r = $ph->store($_SESSION['uid'], 0, $hash, $filename, t('Wall Photos'), 0 ); + if(! $r) { - echo ("Image upload failed." . EOL); + echo ( t('Image upload failed.') . EOL); killme(); } if($width > 640 || $height > 640) { $ph->scaleImage(640); - - $r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`, `album`, - `height`, `width`, `data`, `scale` ) - VALUES ( %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', 1 )", - intval($_SESSION['uid']), - dbesc($hash), - datetime_convert(), - datetime_convert(), - dbesc(basename($filename)), - dbesc( t('Wall Photos') ), - intval($ph->getHeight()), - intval($ph->getWidth()), - dbesc($ph->imageString()) - ); + $r = $ph->store($_SESSION['uid'], 0, $hash, $filename, t('Wall Photos'), 1 ); if($r) $smallest = 1; } if($width > 320 || $height > 320) { $ph->scaleImage(320); - - $r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`, `album`, - `height`, `width`, `data`, `scale` ) - VALUES ( %d, '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', 2 )", - intval($_SESSION['uid']), - dbesc($hash), - datetime_convert(), - datetime_convert(), - dbesc(basename($filename)), - dbesc( t('Wall Photos') ), - intval($ph->getHeight()), - intval($ph->getWidth()), - dbesc($ph->imageString()) - ); + $r = $ph->store($_SESSION['uid'], 0, $hash, $filename, t('Wall Photos'), 2 ); if($r) $smallest = 2; } diff --git a/view/jot-header.tpl b/view/jot-header.tpl index fc05a40be..6402d5db6 100644 --- a/view/jot-header.tpl +++ b/view/jot-header.tpl @@ -31,7 +31,7 @@ tinyMCE.init({ name: 'userfile', onSubmit: function(file,ext) { $('#profile-rotator').show(); }, onComplete: function(file,response) { -alert(response); tinyMCE.execCommand('mceInsertRawHTML',false,response); + tinyMCE.execCommand('mceInsertRawHTML',false,response); $('#profile-rotator').hide(); } } |