]> git.mxchange.org Git - friendica.git/blob - mod/photo.php
Merge pull request #104 from chriscase/master
[friendica.git] / mod / photo.php
1 <?php
2
3 function photo_init(&$a) {
4
5         switch($a->argc) {
6                 case 3:
7                         $person = $a->argv[2];
8                         $type = $a->argv[1];
9                         break;
10                 case 2:
11                         $photo = $a->argv[1];
12                         break;
13                 case 1:
14                 default:
15                         killme();
16                         // NOTREACHED
17         }
18
19         $default = 'images/default-profile.jpg';
20
21         if(isset($type)) {
22
23                 /**
24                  * Profile photos
25                  */
26
27                 switch($type) {
28
29                         case 'profile':
30                                 $resolution = 4;
31                                 break;
32                         case 'micro':
33                                 $resolution = 6;
34                                 $default = 'images/default-profile-mm.jpg';
35                                 break;
36                         case 'avatar':
37                         default:
38                                 $resolution = 5;
39                                 $default = 'images/default-profile-sm.jpg';
40                                 break;
41                 }
42
43                 $uid = str_replace('.jpg', '', $person);
44
45                 $r = q("SELECT * FROM `photo` WHERE `scale` = %d AND `uid` = %d AND `profile` = 1 LIMIT 1",
46                         intval($resolution),
47                         intval($uid)
48                 );
49                 if(count($r)) {
50                         $data = $r[0]['data'];
51                 }
52                 if(! isset($data)) {
53                         $data = file_get_contents($default);
54                 }
55         }
56         else {
57
58                 /**
59                  * Other photos
60                  */
61
62                 $resolution = 0;
63                 $photo = str_replace('.jpg','',$photo);
64         
65                 if(substr($photo,-2,1) == '-') {
66                         $resolution = intval(substr($photo,-1,1));
67                         $photo = substr($photo,0,-2);
68                 }
69
70                 $r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
71                         dbesc($photo),
72                         intval($resolution)
73                 );
74                 if(count($r)) {
75                         
76                         $owner = $r[0]['uid'];
77
78                         $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
79
80                         if(local_user() && ($owner == $_SESSION['uid'])) {
81
82                                 // Owner can always see his/her photos
83                                 $sql_extra = ''; 
84
85                         }
86                         elseif(remote_user()) {
87
88                                 // authenticated visitor - here lie dragons
89
90                                 $groups = init_groups_visitor($_SESSION['visitor_id']);
91                                 $gs = '<<>>'; // should be impossible to match
92                                 if(count($groups)) {
93                                         foreach($groups as $g)
94                                                 $gs .= '|<' . intval($g) . '>';
95                                 } 
96
97                                 $sql_extra = sprintf(
98                                         " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) 
99                                           AND ( `deny_cid`  = '' OR  NOT `deny_cid` REGEXP '<%d>' ) 
100                                           AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
101                                           AND ( `deny_gid`  = '' OR NOT `deny_gid` REGEXP '%s') ",
102
103                                         intval($_SESSION['visitor_id']),
104                                         intval($_SESSION['visitor_id']),
105                                         dbesc($gs),
106                                         dbesc($gs)
107                                 );
108                         }
109
110                         // Now we'll see if we can access the photo
111
112                         $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d $sql_extra LIMIT 1",
113                                 dbesc($photo),
114                                 intval($resolution)
115                         );
116
117                         if(count($r)) {
118                                 $data = $r[0]['data'];
119                         }
120                         else {
121
122                                 // Does the picture exist? It may be a remote person with no credentials,
123                                 // but who should otherwise be able to view it. Show a default image to let 
124                                 // them know permissions was denied. It may be possible to view the image 
125                                 // through an authenticated profile visit.
126                                 // There won't be many completely unauthorised people seeing this because
127                                 // they won't have the photo link, so there's a reasonable chance that the person
128                                 // might be able to obtain permission to view it.
129  
130                                 $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
131                                         dbesc($photo),
132                                         intval($resolution)
133                                 );
134                                 if(count($r)) {
135                                         $data = file_get_contents('images/nosign.jpg');
136                                 }
137                         }
138                 }
139         }
140
141         if(! isset($data)) {
142                 killme();
143                 // NOTREACHED
144         }
145
146         header("Content-type: image/jpeg");
147         echo $data;
148         killme();
149         // NOTREACHED
150 }