diff options
Diffstat (limited to 'mod/profile_photo.php')
| -rw-r--r-- | mod/profile_photo.php | 151 |
1 files changed, 126 insertions, 25 deletions
diff --git a/mod/profile_photo.php b/mod/profile_photo.php index ea7a01bc9..c587b9606 100644 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -1,28 +1,82 @@ <?php -require_once("Photo.php"); +/* @file profile_photo.php + @brief Module-file with functions for handling of profile-photos -function profile_photo_init(&$a) { +*/ - if(! local_user()) { - return; +require_once('include/photo/photo_driver.php'); + +/* @brief Function for sync'ing permissions of profile-photos and their profile +* +* @param $profileid The id number of the profile to sync +* @return void +*/ + +function profile_photo_set_profile_perms($profileid = '') { + + $allowcid = ''; + if (x($profileid)) { + + $r = q("SELECT photo, profile_guid, id, is_default, uid FROM profile WHERE profile.id = %d OR profile.profile_guid = '%s' LIMIT 1", intval($profileid), dbesc($profileid)); + + } else { + + logger('Resetting permissions on default-profile-photo for user'.local_user()); + $r = q("SELECT photo, profile_guid, id, is_default, uid FROM profile WHERE profile.uid = %d AND is_default = 1 LIMIT 1", intval(local_user()) ); //If no profile is given, we update the default profile } - $channel = $a->get_channel(); - profile_load($a,$channel['channel_address']); + $profile = $r[0]; + if(x($profile['id']) && x($profile['photo'])) { + preg_match("@\w*(?=-\d*$)@i", $profile['photo'], $resource_id); + $resource_id = $resource_id[0]; + + if (intval($profile['is_default']) != 1) { + $r0 = q("SELECT channel_hash FROM channel WHERE channel_id = %d LIMIT 1", intval(local_user()) ); + $r1 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = %d ", intval($profile['id'])); //Should not be needed in future. Catches old int-profile-ids. + $r2 = q("SELECT abook.abook_xchan FROM abook WHERE abook_profile = '%s'", dbesc($profile['profile_guid'])); + $allowcid = "<" . $r0[0]['channel_hash'] . ">"; + foreach ($r1 as $entry) { + $allowcid .= "<" . $entry['abook_xchan'] . ">"; + } + foreach ($r2 as $entry) { + $allowcid .= "<" . $entry['abook_xchan'] . ">"; + } + + q("UPDATE `photo` SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d",dbesc($allowcid),dbesc($resource_id),intval($profile['uid'])); + + } else { + q("UPDATE `photo` SET allow_cid = '' WHERE profile = 1 AND uid = %d",intval($profile['uid'])); //Reset permissions on default profile picture to public + } + } + return; } +/* @brief Initalize the profile-photo edit view + * + * @param $a Current application + * @return void + * + */ -function profile_photo_aside(&$a) { +function profile_photo_init(&$a) { if(! local_user()) { return; } - profile_create_sidebar($a); + $channel = $a->get_channel(); + profile_load($a,$channel['channel_address']); + } +/* @brief Evaluate posted values + * + * @param $a Current application + * @return void + * + */ function profile_photo_post(&$a) { @@ -42,7 +96,7 @@ function profile_photo_post(&$a) { intval($_REQUEST['profile']), intval(local_user()) ); - if(count($r) && (! intval($r[0]['is_default']))) + if(($r) && (! intval($r[0]['is_default']))) $is_default_profile = 0; } @@ -77,25 +131,30 @@ function profile_photo_post(&$a) { $base_image = $r[0]; - $im = new Photo($base_image['data'], $base_image['type']); + $im = photo_factory($base_image['data'], $base_image['type']); if($im->is_valid()) { $im->cropImage(175,$srcX,$srcY,$srcW,$srcH); $aid = get_account_id(); - $r1 = $im->store($aid, local_user(), '', $base_image['resource_id'],$base_image['filename'], - t('Profile Photos'), 4, $is_default_profile); + $p = array('aid' => $aid, 'uid' => local_user(), 'resource_id' => $base_image['resource_id'], + 'filename' => $base_image['filename'], 'album' => t('Profile Photos')); + + $p['scale'] = 4; + $p['photo_flags'] = (($is_default_profile) ? PHOTO_PROFILE : PHOTO_NORMAL); + + $r1 = $im->save($p); $im->scaleImage(80); + $p['scale'] = 5; - $r2 = $im->store($aid, local_user(), '', $base_image['resource_id'],$base_image['filename'], - t('Profile Photos'), 5, $is_default_profile); + $r2 = $im->save($p); $im->scaleImage(48); + $p['scale'] = 6; - $r3 = $im->store($aid, local_user(), '', $base_image['resource_id'],$base_image['filename'], - t('Profile Photos'), 6, $is_default_profile); + $r3 = $im->save($p); if($r1 === false || $r2 === false || $r3 === false) { // if one failed, delete them all so we can start over. @@ -114,6 +173,13 @@ function profile_photo_post(&$a) { dbesc($base_image['resource_id']), intval(local_user()) ); + $r = q("UPDATE photo SET photo_flags = ( photo_flags ^ %d ) WHERE ( photo_flags & %d ) + AND resource_id != '%s' AND `uid` = %d", + intval(PHOTO_PROFILE), + intval(PHOTO_PROFILE), + dbesc($base_image['resource_id']), + intval(local_user()) + ); } else { $r = q("update profile set photo = '%s', thumb = '%s' where id = %d and uid = %d limit 1", @@ -140,6 +206,11 @@ function profile_photo_post(&$a) { // Update directory in background proc_run('php',"include/directory.php",$channel['channel_id']); + + // Now copy profile-permissions to pictures, to prevent privacyleaks by automatically created folder 'Profile Pictures' + + profile_photo_set_profile_perms($_REQUEST['profile']); + } else notice( t('Unable to process image') . EOL); @@ -164,7 +235,7 @@ function profile_photo_post(&$a) { } $imagedata = @file_get_contents($src); - $ph = new Photo($imagedata, $filetype); + $ph = photo_factory($imagedata, $filetype); if(! $ph->is_valid()) { notice( t('Unable to process image.') . EOL ); @@ -177,6 +248,13 @@ function profile_photo_post(&$a) { } +/* @brief Generate content of profile-photo view + * + * @param $a Current application + * @return void + * + */ + if(! function_exists('profile_photo_content')) { function profile_photo_content(&$a) { @@ -224,24 +302,35 @@ function profile_photo_content(&$a) { // unset any existing profile photos $r = q("UPDATE photo SET profile = 0 WHERE profile = 1 AND uid = %d", intval(local_user())); - + $r = q("UPDATE photo SET photo_flags = (photo_flags ^ %d ) WHERE (photo_flags & %d ) AND uid = %d", + intval(PHOTO_PROFILE), + intval(PHOTO_PROFILE), + intval(local_user())); + // set all sizes of this one as profile photos $r = q("UPDATE photo SET profile = 1 WHERE uid = %d AND resource_id = '%s'", intval(local_user()), dbesc($resource_id) ); + $r = q("UPDATE photo SET photo_flags = ( photo_flags | %d ) WHERE uid = %d AND resource_id = '%s'", + intval(PHOTO_PROFILE), + intval(local_user()), + dbesc($resource_id) + ); + $r = q("UPDATE xchan set xchan_photo_date = '%s' where xchan_hash = '%s' limit 1", dbesc(datetime_convert()), dbesc($channel['xchan_hash']) ); - proc_run('php','include/directory.php',local_user()); + profile_photo_set_profile_perms(); //Reset default photo permissions to public + proc_run('php','include/directory.php',local_user()); goaway($a->get_baseurl() . '/profiles'); } - $r = q("SELECT data, type FROM photo WHERE id = %d and uid = %d limit 1", + $r = q("SELECT `data`, `type` FROM photo WHERE id = %d and uid = %d limit 1", intval($r[0]['id']), intval(local_user()) @@ -251,7 +340,7 @@ function profile_photo_content(&$a) { return; } - $ph = new Photo($r[0]['data'], $r[0]['type']); + $ph = photo_factory($r[0]['data'], $r[0]['type']); // go ahead as if we have just uploaded a new photo to crop profile_photo_crop_ui_head($a, $ph); } @@ -261,7 +350,7 @@ function profile_photo_content(&$a) { ); if(! x($a->data,'imagecrop')) { - + $tpl = get_markup_template('profile_photo.tpl'); $o .= replace_macros($tpl,array( @@ -298,6 +387,14 @@ function profile_photo_content(&$a) { return; // NOTREACHED }} +/* @brief Generate the UI for photo-cropping + * + * @param $a Current application + * @param $ph Photo-Factory + * @return void + * + */ + if(! function_exists('profile_photo_crop_ui_head')) { function profile_photo_crop_ui_head(&$a, $ph){ @@ -320,7 +417,9 @@ function profile_photo_crop_ui_head(&$a, $ph){ $hash = photo_new_resource(); $smallest = 0; - $r = $ph->store(get_account_id(), local_user(), '', $hash, $filename, t('Profile Photos'), 0 ); + $p = array('aid' => get_account_id(), 'uid' => local_user(), 'resource_id' => $hash, + 'filename' => $filename, 'album' => t('Profile Photos'), 'scale' => 0); + $r = $ph->save($p); if($r) info( t('Image uploaded successfully.') . EOL ); @@ -329,8 +428,10 @@ function profile_photo_crop_ui_head(&$a, $ph){ if($width > 640 || $height > 640) { $ph->scaleImage(640); - $r = $ph->store(get_account_id(), local_user(), '' , $hash, $filename, t('Profile Photos'), 1 ); - + $p['scale'] = 1; + + $r = $ph->save($p); + if($r === false) notice( sprintf(t('Image size reduction [%s] failed.'),"640") . EOL ); else |