diff options
Diffstat (limited to 'mod/photo.php')
| -rw-r--r-- | mod/photo.php | 187 |
1 files changed, 187 insertions, 0 deletions
diff --git a/mod/photo.php b/mod/photo.php new file mode 100644 index 000000000..1d38fe8e4 --- /dev/null +++ b/mod/photo.php @@ -0,0 +1,187 @@ +<?php + +require_once('include/security.php'); + +function photo_init(&$a) { + + // To-Do: + // - checking with realpath + // - checking permissions + /* + $cache = get_config('system','itemcache'); + if (($cache != '') and is_dir($cache)) { + $cachefile = $cache."/".$a->argc."-".$a->argv[1]."-".$a->argv[2]."-".$a->argv[3]; + if (file_exists($cachefile)) { + $data = file_get_contents($cachefile); + + if(function_exists('header_remove')) { + header_remove('Pragma'); + header_remove('pragma'); + } + + header("Content-type: image/jpeg"); + header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT"); + header("Cache-Control: max-age=" . (3600*24)); + echo $data; + killme(); + // NOTREACHED + } + }*/ + + switch($a->argc) { + case 4: + $person = $a->argv[3]; + $customres = intval($a->argv[2]); + $type = $a->argv[1]; + break; + case 3: + $person = $a->argv[2]; + $type = $a->argv[1]; + break; + case 2: + $photo = $a->argv[1]; + break; + case 1: + default: + killme(); + // NOTREACHED + } + + $default = 'images/person-175.jpg'; + + if(isset($type)) { + + + /** + * Profile photos + */ + + switch($type) { + + case 'profile': + case 'custom': + $resolution = 4; + break; + case 'micro': + $resolution = 6; + $default = 'images/person-48.jpg'; + break; + case 'avatar': + default: + $resolution = 5; + $default = 'images/person-80.jpg'; + break; + } + + $uid = str_replace('.jpg', '', $person); + + $r = q("SELECT * FROM `photo` WHERE `scale` = %d AND `uid` = %d AND `profile` = 1 LIMIT 1", + intval($resolution), + intval($uid) + ); + if(count($r)) { + $data = $r[0]['data']; + } + if(! isset($data)) { + $data = file_get_contents($default); + } + } + else { + + /** + * Other photos + */ + + $resolution = 0; + $photo = str_replace('.jpg','',$photo); + + if(substr($photo,-2,1) == '-') { + $resolution = intval(substr($photo,-1,1)); + $photo = substr($photo,0,-2); + } + + $r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", + dbesc($photo), + intval($resolution) + ); + if(count($r)) { + + $sql_extra = permissions_sql($r[0]['uid']); + + // Now we'll see if we can access the photo + + $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d $sql_extra LIMIT 1", + dbesc($photo), + intval($resolution) + ); + + if(count($r)) { + $data = $r[0]['data']; + } + else { + + // Does the picture exist? It may be a remote person with no credentials, + // but who should otherwise be able to view it. Show a default image to let + // them know permissions was denied. It may be possible to view the image + // through an authenticated profile visit. + // There won't be many completely unauthorised people seeing this because + // they won't have the photo link, so there's a reasonable chance that the person + // might be able to obtain permission to view it. + + $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", + dbesc($photo), + intval($resolution) + ); + if(count($r)) { + $data = file_get_contents('images/nosign.jpg'); + } + } + } + } + + if(! isset($data)) { + if(isset($resolution)) { + switch($resolution) { + + case 4: + $data = file_get_contents('images/person-175.jpg'); + break; + case 5: + $data = file_get_contents('images/person-80.jpg'); + break; + case 6: + $data = file_get_contents('images/person-48.jpg'); + break; + default: + killme(); + // NOTREACHED + break; + } + } + } + + if(isset($customres) && $customres > 0 && $customres < 500) { + require_once('include/Photo.php'); + $ph = new Photo($data); + if($ph->is_valid()) { + $ph->scaleImageSquare($customres); + $data = $ph->imageString(); + } + } + + // Writing in cachefile + if (isset($cachefile) && $cachefile != '') + file_put_contents($cachefile, $data); + + if(function_exists('header_remove')) { + header_remove('Pragma'); + header_remove('pragma'); + } + + header("Content-type: image/jpeg"); + header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT"); + header("Cache-Control: max-age=" . (3600*24)); + echo $data; + killme(); + // NOTREACHED +} |