From cf2488e999944ca1135ac62955527a376ad0eac2 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 22 Jan 2013 17:48:42 -0800 Subject: clean up the photo storage backend, revamp mod/wall_upload --- boot.php | 2 +- include/Photo.php | 18 ++- include/items.php | 6 +- include/user.php | 320 ------------------------------------------------ install/database.sql | 4 +- install/update.php | 9 +- mod/intro.php | 7 +- mod/photos.php | 11 +- mod/profile_photo.php | 11 +- mod/wall_upload.php | 159 +++++++++++++----------- version.inc | 2 +- view/tpl/jot-header.tpl | 14 +-- 12 files changed, 138 insertions(+), 425 deletions(-) delete mode 100644 include/user.php diff --git a/boot.php b/boot.php index 6d38a21a6..e561ec6c2 100644 --- a/boot.php +++ b/boot.php @@ -16,7 +16,7 @@ require_once('include/features.php'); define ( 'FRIENDICA_PLATFORM', 'Friendica Red'); define ( 'FRIENDICA_VERSION', trim(file_get_contents('version.inc')) . 'R'); define ( 'ZOT_REVISION', 1 ); -define ( 'DB_UPDATE_VERSION', 1020 ); +define ( 'DB_UPDATE_VERSION', 1021 ); define ( 'EOL', '
' . "\r\n" ); define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' ); diff --git a/include/Photo.php b/include/Photo.php index c3165cc9f..a60cfc868 100644 --- a/include/Photo.php +++ b/include/Photo.php @@ -523,7 +523,7 @@ class Photo { - public function store($uid, $xchan, $rid, $filename, $album, $scale, $profile = 0, $allow_cid = '', $allow_gid = '', $deny_cid = '', $deny_gid = '') { + public function store($aid, $uid, $xchan, $rid, $filename, $album, $scale, $profile = 0, $allow_cid = '', $allow_gid = '', $deny_cid = '', $deny_gid = '') { $x = q("select id from photo where `resource_id` = '%s' and uid = %d and `xchan` = '%s' and `scale` = %d limit 1", dbesc($rid), @@ -533,6 +533,7 @@ class Photo { ); if(count($x)) { $r = q("UPDATE `photo` + set `aid` = %d, set `uid` = %d, `xchan` = '%s', `resource_id` = '%s', @@ -544,6 +545,7 @@ class Photo { `height` = %d, `width` = %d, `data` = '%s', + `size` = %d, `scale` = %d, `profile` = %d, `allow_cid` = '%s', @@ -552,6 +554,7 @@ class Photo { `deny_gid` = '%s' where id = %d limit 1", + intval($aid), intval($uid), dbesc($xchan), dbesc($rid), @@ -563,6 +566,7 @@ class Photo { intval($this->getHeight()), intval($this->getWidth()), dbesc($this->imageString()), + intval(strlen($this->imageString())), intval($scale), intval($profile), dbesc($allow_cid), @@ -574,8 +578,9 @@ class Photo { } else { $r = q("INSERT INTO `photo` - ( `uid`, `xchan`, `resource_id`, `created`, `edited`, `filename`, type, `album`, `height`, `width`, `data`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` ) - VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d, '%s', '%s', '%s', '%s' )", + ( `aid`, `uid`, `xchan`, `resource_id`, `created`, `edited`, `filename`, type, `album`, `height`, `width`, `data`, `size`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` ) + VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s' )", + intval($aid), intval($uid), dbesc($xchan), dbesc($rid), @@ -587,6 +592,7 @@ class Photo { intval($this->getHeight()), intval($this->getWidth()), dbesc($this->imageString()), + intval(strlen($this->imageString())), intval($scale), intval($profile), dbesc($allow_cid), @@ -669,21 +675,21 @@ function import_profile_photo($photo,$xchan) { $img->scaleImageSquare(175); - $r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 4 ); + $r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 4 ); if($r === false) $photo_failure = true; $img->scaleImage(80); - $r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 5 ); + $r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 5 ); if($r === false) $photo_failure = true; $img->scaleImage(48); - $r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 6 ); + $r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 6 ); if($r === false) $photo_failure = true; diff --git a/include/items.php b/include/items.php index fe8aadcbf..9ab39d7ae 100755 --- a/include/items.php +++ b/include/items.php @@ -2080,13 +2080,13 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) $img->scaleImageSquare(175); $hash = $resource_id; - $r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 4); + $r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 4); $img->scaleImage(80); - $r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 5); + $r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 5); $img->scaleImage(48); - $r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 6); + $r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 6); $a = get_app(); diff --git a/include/user.php b/include/user.php deleted file mode 100644 index d71f024d1..000000000 --- a/include/user.php +++ /dev/null @@ -1,320 +0,0 @@ - false, 'user' => null, 'password' => '', 'message' => ''); - - $using_invites = get_config('system','invitation_only'); - $num_invites = get_config('system','number_invites'); - - - $invite_id = ((x($arr,'invite_id')) ? notags(trim($arr['invite_id'])) : ''); - $username = ((x($arr,'username')) ? notags(trim($arr['username'])) : ''); - $nickname = ((x($arr,'nickname')) ? notags(trim($arr['nickname'])) : ''); - $email = ((x($arr,'email')) ? notags(trim($arr['email'])) : ''); - $openid_url = ((x($arr,'openid_url')) ? notags(trim($arr['openid_url'])) : ''); - $photo = ((x($arr,'photo')) ? notags(trim($arr['photo'])) : ''); - $password = ((x($arr,'password')) ? trim($arr['password']) : ''); - $blocked = ((x($arr,'blocked')) ? intval($arr['blocked']) : 0); - $verified = ((x($arr,'verified')) ? intval($arr['verified']) : 0); - - $publish = ((x($arr,'profile_publish_reg') && intval($arr['profile_publish_reg'])) ? 1 : 0); - $netpublish = ((strlen(get_config('system','directory_submit_url'))) ? $publish : 0); - - $tmp_str = $openid_url; - - if($using_invites) { - if(! $invite_id) { - $result['message'] .= t('An invitation is required.') . EOL; - return $result; - } - $r = q("select * from register where `hash` = '%s' limit 1", dbesc($invite_id)); - if(! results($r)) { - $result['message'] .= t('Invitation could not be verified.') . EOL; - return $result; - } - } - - if((! x($username)) || (! x($email)) || (! x($nickname))) { - if($openid_url) { - if(! validate_url($tmp_str)) { - $result['message'] .= t('Invalid OpenID url') . EOL; - return $result; - } - $_SESSION['register'] = 1; - $_SESSION['openid'] = $openid_url; - require_once('library/openid.php'); - $openid = new LightOpenID; - $openid->identity = $openid_url; - $openid->returnUrl = $a->get_baseurl() . '/openid'; - $openid->required = array('namePerson/friendly', 'contact/email', 'namePerson'); - $openid->optional = array('namePerson/first','media/image/aspect11','media/image/default'); - goaway($openid->authUrl()); - // NOTREACHED - } - - notice( t('Please enter the required information.') . EOL ); - return; - } - - if(! validate_url($tmp_str)) - $openid_url = ''; - - - $err = ''; - - // collapse multiple spaces in name - $username = preg_replace('/ +/',' ',$username); - - if(mb_strlen($username) > 48) - $result['message'] .= t('Please use a shorter name.') . EOL; - if(mb_strlen($username) < 3) - $result['message'] .= t('Name too short.') . EOL; - - // I don't really like having this rule, but it cuts down - // on the number of auto-registrations by Russian spammers - - // Using preg_match was completely unreliable, due to mixed UTF-8 regex support - // $no_utf = get_config('system','no_utf'); - // $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' ); - - // So now we are just looking for a space in the full name. - - $loose_reg = get_config('system','no_regfullname'); - if(! $loose_reg) { - $username = mb_convert_case($username,MB_CASE_TITLE,'UTF-8'); - if(! strpos($username,' ')) - $result['message'] .= t("That doesn't appear to be your full \x28First Last\x29 name.") . EOL; - } - - - if(! allowed_email($email)) - $result['message'] .= t('Your email domain is not among those allowed on this site.') . EOL; - - if((! valid_email($email)) || (! validate_email($email))) - $result['message'] .= t('Not a valid email address.') . EOL; - - // Disallow somebody creating an account using openid that uses the admin email address, - // since openid bypasses email verification. We'll allow it if there is not yet an admin account. - - if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) { - $r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1", - dbesc($email) - ); - if(count($r)) - $result['message'] .= t('Cannot use that email.') . EOL; - } - - $nickname = $arr['nickname'] = strtolower($nickname); - - if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname)) - $result['message'] .= t('Your "nickname" can only contain "a-z", "0-9", "-", and "_", and must also begin with a letter.') . EOL; - $r = q("SELECT `uid` FROM `user` - WHERE `nickname` = '%s' LIMIT 1", - dbesc($nickname) - ); - if(count($r)) - $result['message'] .= t('Nickname is already registered. Please choose another.') . EOL; - - // Check deleted accounts that had this nickname. Doesn't matter to us, - // but could be a security issue for federated platforms. - - $r = q("SELECT * FROM `userd` - WHERE `username` = '%s' LIMIT 1", - dbesc($nickname) - ); - if(count($r)) - $result['message'] .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL; - - if(strlen($result['message'])) { - return $result; - } - - $new_password = ((strlen($password)) ? $password : autoname(6) . mt_rand(100,9999)); - $new_password_encoded = hash('whirlpool',$new_password); - - $result['password'] = $new_password; - - require_once('include/crypto.php'); - - $keys = new_keypair(4096); - - if($keys === false) { - $result['message'] .= t('SERIOUS ERROR: Generation of security keys failed.') . EOL; - return $result; - } - - $default_service_class = get_config('system','default_service_class'); - if(! $default_service_class) - $default_service_class = ''; - - - $prvkey = $keys['prvkey']; - $pubkey = $keys['pubkey']; - - $r = q("INSERT INTO `user` ( `guid`, `username`, `password`, `email`, `openid`, `nickname`, - `pubkey`, `prvkey`, `register_date`, `verified`, `blocked`, `timezone`, `service_class` ) - VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, 'UTC', '%s' )", - dbesc(generate_user_guid()), - dbesc($username), - dbesc($new_password_encoded), - dbesc($email), - dbesc($openid_url), - dbesc($nickname), - dbesc($pubkey), - dbesc($prvkey), - dbesc(datetime_convert()), - intval($verified), - intval($blocked), - dbesc($default_service_class) - ); - - if($r) { - $r = q("SELECT * FROM `user` - WHERE `username` = '%s' AND `password` = '%s' LIMIT 1", - dbesc($username), - dbesc($new_password_encoded) - ); - if($r !== false && count($r)) { - $u = $r[0]; - $newuid = intval($r[0]['uid']); - } - } - else { - $result['message'] .= t('An error occurred during registration. Please try again.') . EOL ; - return $result; - } - - /** - * if somebody clicked submit twice very quickly, they could end up with two accounts - * due to race condition. Remove this one. - */ - - $r = q("SELECT `uid` FROM `user` - WHERE `nickname` = '%s' ", - dbesc($nickname) - ); - if((count($r) > 1) && $newuid) { - $result['message'] .= t('Nickname is already registered. Please choose another.') . EOL; - q("DELETE FROM `user` WHERE `uid` = %d LIMIT 1", - intval($newuid) - ); - return $result; - } - - if(x($newuid) !== false) { - $r = q("INSERT INTO `profile` ( `uid`, `profile_name`, `is_default`, `name`, `photo`, `thumb`, `publish`, `net-publish` ) - VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, %d ) ", - intval($newuid), - t('default'), - 1, - dbesc($username), - dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"), - dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}"), - intval($publish), - intval($netpublish) - - ); - if($r === false) { - $result['message'] .= t('An error occurred creating your default profile. Please try again.') . EOL; - // Start fresh next time. - $r = q("DELETE FROM `user` WHERE `uid` = %d", - intval($newuid)); - return $result; - } - $r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`, `nurl`, - `request`, `notify`, `poll`, `confirm`, `poco`, `name_date`, `uri_date`, `avatar_date`, `closeness` ) - VALUES ( %d, '%s', 1, '%s', '%s', '%s', '%s', '%s', 0, 0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 0 ) ", - intval($newuid), - datetime_convert(), - dbesc($username), - dbesc($nickname), - dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"), - dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}"), - dbesc($a->get_baseurl() . "/photo/micro/{$newuid}"), - dbesc($a->get_baseurl() . "/channel/$nickname"), - dbesc(normalise_link($a->get_baseurl() . "/channel/$nickname")), - dbesc($a->get_baseurl() . "/dfrn_request/$nickname"), - dbesc($a->get_baseurl() . "/dfrn_notify/$nickname"), - dbesc($a->get_baseurl() . "/dfrn_poll/$nickname"), - dbesc($a->get_baseurl() . "/dfrn_confirm/$nickname"), - dbesc($a->get_baseurl() . "/poco/$nickname"), - dbesc(datetime_convert()), - dbesc(datetime_convert()), - dbesc(datetime_convert()) - ); - - // Create a group with no members. This allows somebody to use it - // right away as a default group for new contacts. - - require_once('include/group.php'); - group_add($newuid, t('Friends')); - - } - - // if we have no OpenID photo try to look up an avatar - if(! strlen($photo)) - $photo = avatar_img($email); - - // unless there is no avatar-plugin loaded - if(strlen($photo)) { - require_once('include/Photo.php'); - $photo_failure = false; - - $filename = basename($photo); - $img_str = fetch_url($photo,true); - // guess mimetype from headers or filename - $type = guess_image_type($photo,true); - - - $img = new Photo($img_str, $type); - if($img->is_valid()) { - - $img->scaleImageSquare(175); - - $hash = photo_new_resource(); - - $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 4 ); - - if($r === false) - $photo_failure = true; - - $img->scaleImage(80); - - $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 5 ); - - if($r === false) - $photo_failure = true; - - $img->scaleImage(48); - - $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 6 ); - - if($r === false) - $photo_failure = true; - - if(! $photo_failure) { - q("UPDATE `photo` SET `profile` = 1 WHERE `resource_id` = '%s' ", - dbesc($hash) - ); - } - } - } - - call_hooks('register_account', $newuid); - - $result['success'] = true; - $result['user'] = $u; - return $result; - -} diff --git a/install/database.sql b/install/database.sql index 914add2d8..39c3b81c2 100644 --- a/install/database.sql +++ b/install/database.sql @@ -630,8 +630,6 @@ CREATE TABLE IF NOT EXISTS `photo` ( `aid` int(10) unsigned NOT NULL DEFAULT '0', `uid` int(10) unsigned NOT NULL, `xchan` char(255) NOT NULL DEFAULT '', - `contact-id` int(10) unsigned NOT NULL DEFAULT '0', - `guid` char(64) NOT NULL, `resource_id` char(255) NOT NULL, `created` datetime NOT NULL, `edited` datetime NOT NULL, @@ -652,7 +650,7 @@ CREATE TABLE IF NOT EXISTS `photo` ( `deny_gid` mediumtext NOT NULL, PRIMARY KEY (`id`), KEY `uid` (`uid`), - KEY `resource-id` (`resource_id`), + KEY `resource_id` (`resource_id`), KEY `album` (`album`), KEY `scale` (`scale`), KEY `profile` (`profile`), diff --git a/install/update.php b/install/update.php index 0459df817..8decfc133 100644 --- a/install/update.php +++ b/install/update.php @@ -1,6 +1,6 @@ '; $o .= '
' . $a->data['channel']['channel_name'] . '
'; - $o .= '
' . $a->data['channel']['channel_name'] . '
'; + $o .= '
' . $a->data['channel']['channel_name'] . '
'; $o .= ''; @@ -790,7 +790,9 @@ function photos_post(&$a) { $photo_hash = photo_new_resource(); - $r = $ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); + $page_owner_aid = $a->data['channel']['channel_account_id']; + + $r = $ph->store($page_owner_aid, $page_owner_uid, $visitor, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); if(! $r) { logger('mod/photos.php: photos_post(): image store failed' , LOGGER_DEBUG); @@ -800,13 +802,13 @@ function photos_post(&$a) { if($width > 640 || $height > 640) { $ph->scaleImage(640); - $ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); + $ph->store($page_owner_aid, $page_owner_uid, $visitor, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); $smallest = 1; } if($width > 320 || $height > 320) { $ph->scaleImage(320); - $ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); + $ph->store($page_owner_aid, $page_owner_uid, $visitor, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); $smallest = 2; } @@ -928,6 +930,7 @@ function photos_content(&$a) { $contact_id = 0; $owner_uid = $a->data['channel']['channel_id']; + $owner_aid = $a->data['channel']['channel_account_id']; $community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false); diff --git a/mod/profile_photo.php b/mod/profile_photo.php index d1e24269a..1bee046d1 100644 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -81,8 +81,9 @@ function profile_photo_post(&$a) { $im = new Photo($base_image['data'], $base_image['type']); if($im->is_valid()) { $im->cropImage(175,$srcX,$srcY,$srcW,$srcH); + $aid = get_account_id(); - $r = $im->store(local_user(), 0, $base_image['resource_id'],$base_image['filename'], + $r = $im->store($aid, local_user(), '', $base_image['resource_id'],$base_image['filename'], t('Profile Photos'), 4, $is_default_profile); if($r === false) @@ -90,7 +91,7 @@ function profile_photo_post(&$a) { $im->scaleImage(80); - $r = $im->store(local_user(), 0, $base_image['resource_id'],$base_image['filename'], + $r = $im->store($aid, local_user(), '', $base_image['resource_id'],$base_image['filename'], t('Profile Photos'), 5, $is_default_profile); if($r === false) @@ -98,7 +99,7 @@ function profile_photo_post(&$a) { $im->scaleImage(48); - $r = $im->store(local_user(), 0, $base_image['resource_id'],$base_image['filename'], + $r = $im->store($aid, local_user(), '', $base_image['resource_id'],$base_image['filename'], t('Profile Photos'), 6, $is_default_profile); if($r === false) @@ -308,7 +309,7 @@ function profile_photo_crop_ui_head(&$a, $ph){ $smallest = 0; - $r = $ph->store(local_user(), 0 , $hash, $filename, t('Profile Photos'), 0 ); + $r = $ph->store(get_account_id(), local_user(), '', $hash, $filename, t('Profile Photos'), 0 ); if($r) info( t('Image uploaded successfully.') . EOL ); @@ -317,7 +318,7 @@ function profile_photo_crop_ui_head(&$a, $ph){ if($width > 640 || $height > 640) { $ph->scaleImage(640); - $r = $ph->store(local_user(), 0 , $hash, $filename, t('Profile Photos'), 1 ); + $r = $ph->store(get_account_id(), local_user(), '' , $hash, $filename, t('Profile Photos'), 1 ); if($r === false) notice( sprintf(t('Image size reduction [%s] failed.'),"640") . EOL ); diff --git a/mod/wall_upload.php b/mod/wall_upload.php index c695f9b3e..a3dcf9a0b 100644 --- a/mod/wall_upload.php +++ b/mod/wall_upload.php @@ -2,72 +2,58 @@ require_once('Photo.php'); + + + function wall_upload_post(&$a) { - if(argc() > 1) { - if(! x($_FILES,'media')) { + $using_api = ((x($_FILES,'media')) ? true : false); + + if($using_api) { + require_once('include/api.php'); + $user_info = api_get_user($a); + $nick = $user_info['screen_name']; + } + else { + if(argc() > 1) $nick = argv(1); - } - else { - $user_info = api_get_user($a); - $nick = $user_info['screen_name']; - } + } + + $channel = null; + + if($nick) { $r = q("SELECT channel.* from channel where channel_address = '%s' limit 1", dbesc($nick) ); - if(! ($r && count($r))) - return; - $channel = $r[0]; + if($r) + $channel = $r[0]; } - else - return; + if(! $channel) { + if($using_api) + return; + else { + notice( t('Channel not found.') . EOL); + killme(); + } + } $can_post = false; $visitor = 0; + $page_owner_uid = $r[0]['channel_id']; -// $default_cid = $r[0]['id']; - - $page_owner_nick = $r[0]['channel_address']; - -// $community_page = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false); - - if((local_user()) && (local_user() == $page_owner_uid)) - $can_post = true; - -// else { -// if($community_page && remote_user()) { -// $cid = 0; -// if(is_array($_SESSION['remote'])) { -// foreach($_SESSION['remote'] as $v) { -// if($v['uid'] == $page_owner_uid) { -// $cid = $v['cid']; -// break; -// } -// } -// } -// if($cid) { - -// $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", -// intval($cid), -// intval($page_owner_uid) -// ); -// if(count($r)) { -// $can_post = true; -// $visitor = $cid; -// } -// } -// } -// } - - if(! $can_post) { - notice( t('Permission denied.') . EOL ); - killme(); - } - - if(! x($_FILES,'userfile') && ! x($_FILES,'media')) - killme(); + + $observer = $a->get_observer(); + + if(! perm_is_allowed($page_owner_uid,$observer['xchan_hash'],'post_photos')) { + if($using_api) + return; + else { + notice( t('Permission denied.') . EOL); + killme(); + } + } if(x($_FILES,'userfile')) { $src = $_FILES['userfile']['tmp_name']; @@ -81,36 +67,58 @@ function wall_upload_post(&$a) { $filesize = intval($_FILES['media']['size']); $filetype = $_FILES['media']['type']; } + else { + if($using_api) + return; + else { + notice( t('Empty upload.') . EOL); + killme(); + } + } + - if ($filetype=="") $filetype=guess_image_type($filename); + if($filetype == "") + $filetype=guess_image_type($filename); $maximagesize = get_config('system','maximagesize'); if(($maximagesize) && ($filesize > $maximagesize)) { - echo sprintf( t('Image exceeds size limit of %d'), $maximagesize) . EOL; @unlink($src); - killme(); + if($using_api) + return; + else { + echo sprintf( t('Image exceeds size limit of %d'), $maximagesize) . EOL; + killme(); + } } - $r = q("select sum(octet_length(data)) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ", - intval($page_owner_uid) - ); $limit = service_class_fetch($page_owner_uid,'photo_upload_limit'); - - if(($limit !== false) && (($r[0]['total'] + strlen($imagedata)) > $limit)) { - echo upgrade_message(true) . EOL ; - @unlink($src); - killme(); + if($limit !== false) { + $r = q("select sum(size) as total from photo where uid = %d and scale = 0 ", + intval($page_owner_uid) + ); + if(($r) && (($r[0]['total'] + strlen($imagedata)) > $limit)) { + @unlink($src); + if($using_api) + return; + else { + echo upgrade_message(true) . EOL ; + killme(); + } + } } - $imagedata = @file_get_contents($src); $ph = new Photo($imagedata, $filetype); if(! $ph->is_valid()) { - echo ( t('Unable to process image.') . EOL); @unlink($src); - killme(); + if($using_api) + return; + else { + echo ( t('Unable to process image.') . EOL); + killme(); + } } $ph->orient($src); @@ -130,31 +138,36 @@ function wall_upload_post(&$a) { $smallest = 0; $defperm = '<' . $channel['channel_hash'] . '>'; + $aid = $channel['channel_account_id']; + $visitor = ((remote_user()) ? remote_user() : ''); - $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, $defperm); + $r = $ph->store($aid, $page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, $defperm); if(! $r) { - echo ( t('Image upload failed.') . EOL); - killme(); + if($using_api) + return; + else { + echo ( t('Image upload failed.') . EOL); + killme(); + } } if($width > 640 || $height > 640) { $ph->scaleImage(640); - $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, $defperm); + $r = $ph->store($aid, $page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, $defperm); if($r) $smallest = 1; } if($width > 320 || $height > 320) { $ph->scaleImage(320); - $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, $defperm); + $r = $ph->store($aid, $page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, $defperm); if($r) $smallest = 2; } $basename = basename($filename); - if($_REQUEST['silent']) { $m = '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}.".$ph->getExt()."[/img][/url]"; return($m); diff --git a/version.inc b/version.inc index 6c9b95b8c..2e853b2e6 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2013-01-21.207 +2013-01-22.208 diff --git a/view/tpl/jot-header.tpl b/view/tpl/jot-header.tpl index f777e997f..e4fb00b7a 100644 --- a/view/tpl/jot-header.tpl +++ b/view/tpl/jot-header.tpl @@ -134,7 +134,7 @@ function enableOnUser(){ var uploader = new window.AjaxUpload( 'wall-image-upload', - { action: 'wall_upload/$nickname', + { action: '$baseurl/wall_upload/$nickname', name: 'userfile', onSubmit: function(file,ext) { $('#profile-rotator').show(); }, onComplete: function(file,response) { @@ -145,7 +145,7 @@ function enableOnUser(){ ); var file_uploader = new window.AjaxUpload( 'wall-file-upload', - { action: 'wall_attach/$nickname', + { action: '$baseurl/wall_attach/$nickname', name: 'userfile', onSubmit: function(file,ext) { $('#profile-rotator').show(); }, onComplete: function(file,response) { @@ -181,7 +181,7 @@ function enableOnUser(){ if(reply && reply.length) { reply = bin2hex(reply); $('#profile-rotator').show(); - $.get('parse_url?binurl=' + reply, function(data) { + $.get('$baseurl/parse_url?binurl=' + reply, function(data) { addeditortext(data); $('#profile-rotator').hide(); }); @@ -214,7 +214,7 @@ function enableOnUser(){ if ($('#jot-popup').length != 0) $('#jot-popup').show(); $('#like-rotator-' + id).show(); - $.get('share/' + id, function(data) { + $.get('$baseurl/share/' + id, function(data) { if (!editor) $("#profile-jot-text").val(""); initEditor(function(){ addeditortext(data); @@ -238,7 +238,7 @@ function enableOnUser(){ if(reply && reply.length) { reply = bin2hex(reply); $('#profile-rotator').show(); - $.get('parse_url?binurl=' + reply, function(data) { + $.get('$baseurl/parse_url?binurl=' + reply, function(data) { if (!editor) $("#profile-jot-text").val(""); initEditor(function(){ addeditortext(data); @@ -257,7 +257,7 @@ function enableOnUser(){ commentBusy = true; $('body').css('cursor', 'wait'); - $.get('tagger/' + id + '?term=' + reply); + $.get('$baseurl/tagger/' + id + '?term=' + reply); if(timer) clearTimeout(timer); timer = setTimeout(NavUpdate,3000); liking = 1; @@ -284,7 +284,7 @@ function enableOnUser(){ if(reply && reply.length) { commentBusy = true; $('body').css('cursor', 'wait'); - $.get('filer/' + id + '?term=' + reply, NavUpdate); + $.get('$baseurl/filer/' + id + '?term=' + reply, NavUpdate); // if(timer) clearTimeout(timer); // timer = setTimeout(NavUpdate,3000); liking = 1; -- cgit v1.2.3