From 2270e73fcd231013929d5f9e7475fc8b0d872149 Mon Sep 17 00:00:00 2001
From: Friendika <info@friendika.com>
Date: Wed, 9 Mar 2011 21:29:32 -0800
Subject: show permission denied photo when direct link was accessed and
 authentication is insufficient to view

---
 mod/photo.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'mod/photo.php')

diff --git a/mod/photo.php b/mod/photo.php
index 7f13d1cbf..2f8d180fd 100644
--- a/mod/photo.php
+++ b/mod/photo.php
@@ -108,6 +108,24 @@ function photo_init(&$a) {
 			if(count($r)) {
 				$data = $r[0]['data'];
 			}
+			else {
+
+				// Does the picture exist? It may be a remote person with no credentials,
+				// but who should otherwise be able to view it. Show a default image to let 
+				// them know permissions was denied. It may be possible to view the image 
+				// through an authenticated profile visit.
+				// There won't be many complete unauthorised people seeing this because
+				// they won't have the photo link, so there's a reasonable chance that the person
+				// might be able to obtain permission to view it.
+ 
+				$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
+					dbesc($photo),
+					intval($resolution)
+				);
+				if(count($r)) {
+					$data = file_get_contents('images/nosign.jpg');
+				}
+			}
 		}
 	}
 
-- 
cgit v1.2.3