mod/photo.php

   1 <?php
   2
   3 /**
   4  * @file mod/photo.php
   5  */
   6 use Friendica\App;
   7 use Friendica\Database\DBA;
   8 use Friendica\Object\Image;
   9 use Friendica\Util\Security;
  10
  11 function photo_init(App $a)
  12 {
  13         global $_SERVER;
  14
  15         $prvcachecontrol = false;
  16         $file = "";
  17
  18         switch ($a->argc) {
  19                 case 4:
  20                         $person = $a->argv[3];
  21                         $customres = intval($a->argv[2]);
  22                         $type = $a->argv[1];
  23                         break;
  24                 case 3:
  25                         $person = $a->argv[2];
  26                         $type = $a->argv[1];
  27                         break;
  28                 case 2:
  29                         $photo = $a->argv[1];
  30                         $file = $photo;
  31                         break;
  32                 case 1:
  33                 default:
  34                         killme();
  35                         // NOTREACHED
  36         }
  37
  38         if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
  39                 header('HTTP/1.1 304 Not Modified');
  40                 header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
  41                 if (!empty($_SERVER['HTTP_IF_NONE_MATCH'])) {
  42                         header('Etag: ' . $_SERVER['HTTP_IF_NONE_MATCH']);
  43                 }
  44                 header("Expires: " . gmdate("D, d M Y H:i:s", time() + (31536000)) . " GMT");
  45                 header("Cache-Control: max-age=31536000");
  46                 if (function_exists('header_remove')) {
  47                         header_remove('Last-Modified');
  48                         header_remove('Expires');
  49                         header_remove('Cache-Control');
  50                 }
  51                 exit;
  52         }
  53
  54         $default = 'images/person-300.jpg';
  55         $public = true;
  56
  57         if (isset($type)) {
  58                 // Profile photos
  59                 switch ($type) {
  60                         case 'profile':
  61                         case 'custom':
  62                                 $resolution = 4;
  63                                 break;
  64                         case 'micro':
  65                                 $resolution = 6;
  66                                 $default = 'images/person-48.jpg';
  67                                 break;
  68                         case 'avatar':
  69                         default:
  70                                 $resolution = 5;
  71                                 $default = 'images/person-80.jpg';
  72                                 break;
  73                 }
  74
  75                 $uid = str_replace(['.jpg', '.png', '.gif'], ['', '', ''], $person);
  76
  77                 foreach (Image::supportedTypes() AS $m => $e) {
  78                         $uid = str_replace('.' . $e, '', $uid);
  79                 }
  80
  81                 $r = q("SELECT * FROM `photo` WHERE `scale` = %d AND `uid` = %d AND `profile` = 1 LIMIT 1",
  82                         intval($resolution),
  83                         intval($uid)
  84                 );
  85                 if (DBA::isResult($r)) {
  86                         $data = $r[0]['data'];
  87                         $mimetype = $r[0]['type'];
  88                 }
  89                 if (empty($data)) {
  90                         $data = file_get_contents($default);
  91                         $mimetype = 'image/jpeg';
  92                 }
  93         } else {
  94                 // Other photos
  95                 $resolution = 0;
  96                 $photo = str_replace(['.jpg', '.png', '.gif'], ['', '', ''], $photo);
  97
  98                 foreach (Image::supportedTypes() AS $m => $e) {
  99                         $photo = str_replace('.' . $e, '', $photo);
 100                 }
 101
 102                 if (substr($photo, -2, 1) == '-') {
 103                         $resolution = intval(substr($photo, -1, 1));
 104                         $photo = substr($photo, 0, -2);
 105                 }
 106
 107                 // check if the photo exists and get the owner of the photo
 108                 $r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' LIMIT 1",
 109                         DBA::escape($photo),
 110                         intval($resolution)
 111                 );
 112                 if (DBA::isResult($r)) {
 113                         $sql_extra = Security::getPermissionsSQLByUserId($r[0]['uid']);
 114
 115                         // Now we'll see if we can access the photo
 116                         $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` <= %d $sql_extra ORDER BY scale DESC LIMIT 1",
 117                                 DBA::escape($photo),
 118                                 intval($resolution)
 119                         );
 120                         if (DBA::isResult($r)) {
 121                                 $resolution = $r[0]['scale'];
 122                                 $data = $r[0]['data'];
 123                                 $mimetype = $r[0]['type'];
 124                                 $public = $r[0]['allow_cid'] == '' && $r[0]['allow_gid'] == '' && $r[0]['deny_cid'] == '' && $r[0]['deny_gid'] == '';
 125                         } else {
 126                                 // The picure exists. We already checked with the first query.
 127                                 // obviously, this is not an authorized viev!
 128                                 $data = file_get_contents('images/nosign.jpg');
 129                                 $mimetype = 'image/jpeg';
 130                                 $prvcachecontrol = true;
 131                                 $public = false;
 132                         }
 133                 }
 134         }
 135
 136         if (empty($data)) {
 137                 if (isset($resolution)) {
 138                         switch ($resolution) {
 139                                 case 4:
 140                                         $data = file_get_contents('images/person-300.jpg');
 141                                         $mimetype = 'image/jpeg';
 142                                         break;
 143                                 case 5:
 144                                         $data = file_get_contents('images/person-80.jpg');
 145                                         $mimetype = 'image/jpeg';
 146                                         break;
 147                                 case 6:
 148                                         $data = file_get_contents('images/person-48.jpg');
 149                                         $mimetype = 'image/jpeg';
 150                                         break;
 151                                 default:
 152                                         killme();
 153                                         // NOTREACHED
 154                                         break;
 155                         }
 156                 }
 157         }
 158
 159         // Resize only if its not a GIF and it is supported by the library
 160         if ($mimetype != "image/gif" && in_array($mimetype, Image::supportedTypes())) {
 161                 $Image = new Image($data, $mimetype);
 162                 if ($Image->isValid()) {
 163                         if (isset($customres) && $customres > 0 && $customres < 500) {
 164                                 $Image->scaleToSquare($customres);
 165                         }
 166                         $data = $Image->asString();
 167                         $mimetype = $Image->getType();
 168                 }
 169         }
 170
 171         if (function_exists('header_remove')) {
 172                 header_remove('Pragma');
 173                 header_remove('pragma');
 174         }
 175
 176         header("Content-type: " . $mimetype);
 177
 178         if ($prvcachecontrol) {
 179                 // it is a private photo that they have no permission to view.
 180                 // tell the browser not to cache it, in case they authenticate
 181                 // and subsequently have permission to see it
 182                 header("Cache-Control: no-store, no-cache, must-revalidate");
 183         } else {
 184                 header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
 185                 header('Etag: "' . md5($data) . '"');
 186                 header("Expires: " . gmdate("D, d M Y H:i:s", time() + (31536000)) . " GMT");
 187                 header("Cache-Control: max-age=31536000");
 188         }
 189         echo $data;
 190
 191         // If the photo is public and there is an existing photo directory store the photo there
 192         if ($public and $file != '') {
 193                 // If the photo path isn't there, try to create it
 194                 $basepath = $a->getBasePath();
 195                 if (!is_dir($basepath . "/photo")) {
 196                         if (is_writable($basepath)) {
 197                                 mkdir($basepath . "/photo");
 198                         }
 199                 }
 200
 201                 if (is_dir($basepath . "/photo")) {
 202                         file_put_contents($basepath . "/photo/" . $file, $data);
 203                 }
 204         }
 205
 206         killme();
 207         // NOTREACHED
 208 }