]> git.mxchange.org Git - friendica.git/blob - mod/photos.php
send unfollow before removing ostatus contact
[friendica.git] / mod / photos.php
1 <?php
2
3 require_once('include/Photo.php');
4 require_once('include/items.php');
5 require_once('include/acl_selectors.php');
6 require_once('include/bbcode.php');
7
8 function photos_init(&$a) {
9
10         $o = '';
11
12         if($a->argc > 1) {
13                 $nick = $a->argv[1];
14                 $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1",
15                         dbesc($nick)
16                 );
17
18                 if(! count($r))
19                         return;
20
21                 $a->data['user'] = $r[0];
22
23                 $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d",
24                         intval($a->data['user']['uid'])
25                 );
26
27                 if(count($albums)) {
28                         $a->data['albums'] = $albums;
29
30                         $o .= '<h4><a href="' . $a->get_baseurl() . '/profile/' . $a->data['user']['nickname'] . '">' . $a->data['user']['username'] . '</a></h4>';
31                         $o .= '<h4>' . '<a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '">' . t('Photo Albums') . '</a></h4>';
32                 
33                         $o .= '<ul>';
34                         foreach($albums as $album) {
35                                 if((! strlen($album['album'])) || ($album['album'] == t('Contact Photos')))
36                                         continue;
37                                 $o .= '<li>' . '<a href="photos/' . $a->argv[1] . '/album/' . bin2hex($album['album']) . '" />' . $album['album'] . '</a></li>'; 
38                         }
39                         $o .= '</ul>';
40                 }
41
42                 if(! x($a->page,'aside'))
43                         $a->page['aside'] = '';
44                 $a->page['aside'] .= $o;
45         }
46         return;
47 }
48
49
50
51
52 function photos_post(&$a) {
53
54
55         if(! local_user()) {
56                 notice( t('Permission denied.') . EOL );
57                 killme();
58         }
59
60         $r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` 
61                 WHERE `user`.`uid` = %d AND `self` = 1 LIMIT 1",
62                 intval(local_user())
63         );
64
65         if(! count($r)) {
66                 notice( t('Contact information unavailable') . EOL);
67                 logger('photos_post: unable to locate contact record for logged in user. uid=' . local_user());
68                 killme();
69         }
70
71         $contact_record = $r[0];        
72
73
74         if(($a->argc > 2) && ($a->argv[1] === 'album')) {
75                 $album = hex2bin($a->argv[2]);
76
77                 if($album == t('Profile Photos') || $album == t('Contact Photos')) {
78                         goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
79                         return; // NOTREACHED
80                 }
81
82                 $r = q("SELECT count(*) FROM `photo` WHERE `album` = '%s' AND `uid` = %d",
83                         dbesc($album),
84                         intval(local_user())
85                 );
86                 if(! count($r)) {
87                         notice( t('Album not found.') . EOL);
88                         goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
89                         return; // NOTREACHED
90                 }
91
92                 $newalbum = notags(trim($_POST['albumname']));
93                 if($newalbum != $album) {
94                         q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d",
95                                 dbesc($newalbum),
96                                 dbesc($album),
97                                 intval(local_user())
98                         );
99                         $newurl = str_replace(bin2hex($album),bin2hex($newalbum),$_SESSION['photo_return']);
100                         goaway($a->get_baseurl() . '/' . $newurl);
101                         return; // NOTREACHED
102                 }
103
104                 if($_POST['dropalbum'] == t('Delete Album')) {
105
106                         $res = array();
107                         $r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `uid` = %d AND `album` = '%s'",
108                                 intval(local_user()),
109                                 dbesc($album)
110                         );
111                         if(count($r)) {
112                                 foreach($r as $rr) {
113                                         $res[] = "'" . dbesc($rr['rid']) . "'" ;
114                                 }
115                         }
116                         else {
117                                 goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
118                                 return; // NOTREACHED
119                         }
120                         $str_res = implode(',', $res);
121
122                         q("DELETE FROM `photo` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d",
123                                 intval(local_user())
124                         );
125                         $r = q("SELECT `parent-uri` FROM `item` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d",
126                                 intval(local_user())
127                         );
128                         if(count($r)) {
129                                 foreach($r as $rr) {
130                                         q("UPDATE `item` SET `deleted` = 1, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d",
131                                                 dbesc(datetime_convert()),
132                                                 dbesc($rr['parent-uri']),
133                                                 intval(local_user())
134                                         );
135
136                                         $drop_id = intval($rr['id']);
137                                         $php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php');
138
139                                         // send the notification upstream/downstream as the case may be
140
141                                         if($rr['visible'])
142                                                 proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"drop\" \"$drop_id\" & ",
143                                                         array(),$foo));
144
145                                 }
146                         }
147                 }
148                 goaway($a->get_baseurl() . '/photos/' . $a->data['user']['nickname']);
149                 return; // NOTREACHED
150         }
151
152         if(($a->argc > 1) && (x($_POST,'delete')) && ($_POST['delete'] == t('Delete Photo'))) {
153                 $r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' LIMIT 1",
154                         intval(local_user()),
155                         dbesc($a->argv[1])
156                 );
157                 if(count($r)) {
158                         q("DELETE FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'",
159                                 intval(local_user()),
160                                 dbesc($r[0]['resource-id'])
161                         );
162                         $i = q("SELECT * FROM `item` WHERE `resource-id` = '%s' AND `uid` = %d LIMIT 1",
163                                 dbesc($r[0]['resource-id']),
164                                 intval(local_user())
165                         );
166                         if(count($i)) {
167                                 q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d",
168                                         dbesc(datetime_convert()),
169                                         dbesc(datetime_convert()),
170                                         dbesc($i[0]['uri']),
171                                         intval(local_user())
172                                 );
173
174                                 $url = $a->get_baseurl();
175                                 $drop_id = intval($i[0]['id']);
176                                 $php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php');
177
178                                 if($i[0]['visible'])
179                                         proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"drop\" \"$drop_id\" & ",
180                                                 array(),$foo));
181                         }
182                 }
183
184                 goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
185                 return; // NOTREACHED
186         }
187
188         if(($a->argc > 1) && ((x($_POST,'desc') !== false) || (x($_POST,'newtag') !== false))) {
189
190                 $desc        = ((x($_POST,'desc'))    ? notags(trim($_POST['desc']))   : '');
191                 $rawtags     = ((x($_POST,'newtag'))  ? notags(trim($_POST['newtag'])) : '');
192                 $item_id     = ((x($_POST,'item_id')) ? intval($_POST['item_id'])      : 0);
193                 $resource_id = $a->argv[1];
194
195                 $p = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ORDER BY `scale` DESC",
196                         dbesc($resource_id),
197                         intval(local_user())
198                 );
199                 if((count($p)) && ($p[0]['desc'] !== $desc)) {
200                         $r = q("UPDATE `photo` SET `desc` = '%s' WHERE `resource-id` = '%s' AND `uid` = %d",
201                                 dbesc($desc),
202                                 dbesc($resource_id),
203                                 intval(local_user())
204                         );
205                 }
206                 if(! $item_id) {
207
208                         // Create item container
209
210                         $title = '';
211                         $basename = basename($filename);
212                         $uri = item_new_uri($a->get_hostname(),local_user());
213
214                         $arr = array();
215
216                         $arr['uid']           = local_user();
217                         $arr['uri']           = $uri;
218                         $arr['parent-uri']    = $uri; 
219                         $arr['type']          = 'photo';
220                         $arr['wall']          = 1;
221                         $arr['resource-id']   = $p[0]['resource-id'];
222                         $arr['contact-id']    = $contact_record['id'];
223                         $arr['owner-name']    = $contact_record['name'];
224                         $arr['owner-link']    = $contact_record['url'];
225                         $arr['owner-avatar']  = $contact_record['thumb'];
226                         $arr['author-name']   = $contact_record['name'];
227                         $arr['author-link']   = $contact_record['url'];
228                         $arr['author-avatar'] = $contact_record['thumb'];
229                         $arr['title']         = $title;
230                         $arr['allow_cid']     = $p[0]['allow_cid'];
231                         $arr['allow_gid']     = $p[0]['allow_gid'];
232                         $arr['deny_cid']      = $p[0]['deny_cid'];
233                         $arr['deny_gid']      = $p[0]['deny_gid'];
234                         $arr['last-child']    = 1;
235                         $arr['body']          = '[url=' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $p[0]['resource-id'] . ']' 
236                                                 . '[img]' . $a->get_baseurl() . '/photo/' . $p[0]['resource-id'] . '-' . $p[0]['scale'] . '.jpg' . '[/img]' 
237                                                 . '[/url]';
238                 
239                         $item_id = item_store($arr);
240
241                 }
242
243                 if($item_id) {
244                         $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1",
245                                 intval($item_id),
246                                 intval(local_user())
247                         );
248                 }
249                 if(count($r)) {
250                         $old_tag    = $r[0]['tag'];
251                         $old_inform = $r[0]['inform'];
252                 }
253
254                 if(strlen($rawtags)) {
255
256                         $str_tags = '';
257                         $inform   = '';
258
259                         // if the new tag doesn't have a namespace specifier (@foo or #foo) give it a hashtag
260
261                         $x = substr($rawtags,0,1);
262                         if($x !== '@' && $x !== '#')
263                                 $rawtags = '#' . $rawtags;
264
265                         $taginfo = array();
266                         $tags = get_tags($rawtags);
267
268                         if(count($tags)) {
269                                 foreach($tags as $tag) {
270                                         if(strpos($tag,'@') === 0) {
271                                                 $name = substr($tag,1);
272                                                 if((strpos($name,'@')) || (strpos($name,'http://'))) {
273                                                         $newname = $name;
274                                                         $links = @lrdd($name);
275                                                         if(count($links)) {
276                                                                 foreach($links as $link) {
277                                                                         if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page')
278                                                         $profile = $link['@attributes']['href'];
279                                                                         if($link['@attributes']['rel'] === 'salmon') {
280                                                                                 $salmon = '$url:' . str_replace(',','%sc',$link['@attributes']['href']);
281                                                                                 if(strlen($inform))
282                                                                                         $inform .= ',';
283                                                         $inform .= $salmon;
284                                                                         }
285                                                                 }
286                                                         }
287                                                         $taginfo[] = array($newname,$profile,$salmon);
288                                                 }
289                                                 else {
290                                                         $newname = $name;
291                                                         if(strstr($name,'_')) {
292                                                                 $newname = str_replace('_',' ',$name);
293                                                                 $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
294                                                                         dbesc($newname),
295                                                                         intval(local_user())
296                                                                 );
297                                                         }
298                                                         else {
299                                                                 $r = q("SELECT * FROM `contact` WHERE `nick` = '%s' AND `uid` = %d LIMIT 1",
300                                                                         dbesc($name),
301                                                                         intval(local_user())
302                                                                 );
303                                                         }
304                                                         if(count($r)) {
305                                                                 $newname = $r[0]['name'];
306                                                                 $profile = $r[0]['url'];
307                                                                 $notify = 'cid:' . $r[0]['id'];
308                                                                 if(strlen($inform))
309                                                                         $inform .= ',';
310                                                                 $inform .= $notify;
311                                                         }
312                                                 }
313                                                 if($profile) {
314                                                         if(substr($notify,0,4) === 'cid:')
315                                                                 $taginfo[] = array($newname,$profile,$notify,$r[0],'@[url=' . str_replace(',','%2c',$profile) . ']' . $newname  . '[/url]');
316                                                         else
317                                                                 $taginfo[] = array($newname,$profile,$notify,null,$str_tags .= '@[url=' . $profile . ']' . $newname     . '[/url]');
318                                                         if(strlen($str_tags))
319                                                                 $str_tags .= ',';
320                                                         $profile = str_replace(',','%2c',$profile);
321                                                         $str_tags .= '@[url=' . $profile . ']' . $newname       . '[/url]';
322                                                 }
323                                         }
324                                 }
325                         }
326
327                         $newtag = $old_tag;
328                         if(strlen($newtag) && strlen($str_tags)) 
329                                 $newtag .= ',';
330                         $newtag .= $str_tags;
331
332                         $newinform = $old_inform;
333                         if(strlen($newinform) && strlen($inform))
334                                 $newinform .= ',';
335                         $newinform .= $inform;
336
337                         $r = q("UPDATE `item` SET `tag` = '%s', `inform` = '%s', `edited` = '%s', `changed` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
338                                 dbesc($newtag),
339                                 dbesc($newinform),
340                                 dbesc(datetime_convert()),
341                                 dbesc(datetime_convert()),
342                                 intval($item_id),
343                                 intval(local_user())
344                         );
345
346                         $best = 0;
347                         foreach($p as $scales) {
348                                 if(intval($scales['scale']) == 2) {
349                                         $best = 2;
350                                         break;
351                                 }
352                                 if(intval($scales['scale']) == 4) {
353                                         $best = 4;
354                                         break;
355                                 }
356                         }
357
358                         if(count($taginfo)) {
359                                 foreach($taginfo as $tagged) {
360                 
361                                         $uri = item_new_uri($a->get_hostname(),local_user());
362
363                                         $arr = array();
364
365                                         $arr['uid']           = local_user();
366                                         $arr['uri']           = $uri;
367                                         $arr['parent-uri']    = $uri;
368                                         $arr['type']          = 'activity';
369                                         $arr['wall']          = 1;
370                                         $arr['contact-id']    = $contact_record['id'];
371                                         $arr['owner-name']    = $contact_record['name'];
372                                         $arr['owner-link']    = $contact_record['url'];
373                                         $arr['owner-avatar']  = $contact_record['thumb'];
374                                         $arr['author-name']   = $contact_record['name'];
375                                         $arr['author-link']   = $contact_record['url'];
376                                         $arr['author-avatar'] = $contact_record['thumb'];
377                                         $arr['title']         = '';
378                                         $arr['allow_cid']     = $p[0]['allow_cid'];
379                                         $arr['allow_gid']     = $p[0]['allow_gid'];
380                                         $arr['deny_cid']      = $p[0]['deny_cid'];
381                                         $arr['deny_gid']      = $p[0]['deny_gid'];
382                                         $arr['last-child']    = 1;
383                                         $arr['visible']       = 1;
384                                         $arr['verb']          = ACTIVITY_TAG;
385                                         $arr['object-type']   = ACTIVITY_OBJ_PERSON;
386                                         $arr['target-type']   = ACTIVITY_OBJ_PHOTO;
387                                         $arr['tag']           = $tagged[4];
388                                         $arr['inform']        = $tagged[2];
389
390                                         $arr['body']          = '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]' . ' ' . t('was tagged in a') . ' ' . '[url=' . $a->get_baseurl() . '/photos/' . $contact_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . t('photo') . '[/url]' . ' ' . t('by') . ' ' . '[url=' . $contact_record['url'] . ']' . $contact_record['name'] . '[/url]' ;
391                                         $arr['body'] .= "\n\n" . '[url=' . $a->get_baseurl() . '/photos/' . $contact_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . $a->get_baseurl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.jpg' . '[/img][/url]' . "\n" ;
392
393                                         $arr['object'] = '<object><type>' . ACTIVITY_OBJ_PERSON . '</type><title>' . $tagged[0] . '</title><id>' . $tagged[1] . '/' . $tagged[0] . '</id>';
394                                         $arr['object'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $tagged[1] . '" />' . "\n");
395                                         if($tagged[3])
396                                                 $arr['object'] .= xmlify('<link rel="photo" type="image/jpeg" href="' . $tagged[3]['photo'] . '" />' . "\n");
397                                         $arr['object'] .= '</link></object>' . "\n";
398
399                                         $arr['target'] = '<target><type>' . ACTIVITY_OBJ_PHOTO . '</type><title>' . $p[0]['desc'] . '</title><id>'
400                                                 . $a->get_baseurl() . '/photos/' . $contact_record['nickname'] . '/image/' . $p[0]['resource-id'] . '</id>';
401                                         $arr['target'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/photos/' . $contact_record['nickname'] . '/image/' . $p[0]['resource-id'] . '" />' . "\n" . '<link rel="preview" type="image/jpeg" href="' . $a->get_baseurl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.jpg' . '" />') . '</link></target>';
402
403                                         $item_id = item_store($arr);
404                                         $php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php');
405                                         proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"tag\" \"$item_id\" & ",
406                                                 array(),$foo));
407                                 }
408
409                         }
410
411                 }
412                 goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
413                 return; // NOTREACHED
414         }
415
416
417         // default post action - upload a photo
418
419         if(! x($_FILES,'userfile'))
420                 killme();
421
422         if($_POST['partitionCount'])
423                 $java_upload = true;
424         else
425                 $java_upload = false;
426
427         $album =  notags(trim($_POST['album']));
428         $newalbum = notags(trim($_POST['newalbum']));
429
430         if(! strlen($album)) {
431                 if(strlen($newalbum))
432                         $album = $newalbum;
433                 else
434                         $album = datetime_convert('UTC',date_default_timezone_get(),'now', 'Y');
435         }
436
437         $r = q("SELECT * FROM `photo` WHERE `album` = '%s' AND `uid` = %d",
438                 dbesc($album),
439                 intval(local_user())
440         );
441         if((! count($r)) || ($album == t('Profile Photos')))
442                 $visible = 1;
443         else
444                 $visible = 0;
445
446
447         $str_group_allow   = perms2str($_POST['group_allow']);
448         $str_contact_allow = perms2str($_POST['contact_allow']);
449         $str_group_deny    = perms2str($_POST['group_deny']);
450         $str_contact_deny  = perms2str($_POST['contact_deny']);
451
452         $src               = $_FILES['userfile']['tmp_name'];
453         $filename          = basename($_FILES['userfile']['name']);
454         $filesize          = intval($_FILES['userfile']['size']);
455
456         $maximagesize = get_config('system','maximagesize');
457
458         if(($maximagesize) && ($filesize > $maximagesize)) {
459                 notice( t('Image exceeds size limit of ') . $maximagesize . EOL);
460                 @unlink($src);
461                 return;
462         }
463
464         $imagedata = @file_get_contents($src);
465         $ph = new Photo($imagedata);
466
467         if(! $ph->is_valid()) {
468                 notice( t('Unable to process image.') . EOL );
469                 @unlink($src);
470                 killme();
471         }
472
473         @unlink($src);
474
475         $width = $ph->getWidth();
476         $height = $ph->getHeight();
477
478         $smallest = 0;
479
480         $photo_hash = photo_new_resource();
481
482         $r = $ph->store(local_user(), 0, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
483
484         if(! $r) {
485                 notice( t('Image upload failed.') . EOL );
486                 killme();
487         }
488
489         if($width > 640 || $height > 640) {
490                 $ph->scaleImage(640);
491                 $ph->store(local_user(), 0, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
492                 $smallest = 1;
493         }
494
495         if($width > 320 || $height > 320) {
496                 $ph->scaleImage(320);
497                 $ph->store(local_user(), 0, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
498                 $smallest = 2;
499         }
500         
501         $basename = basename($filename);
502         $uri = item_new_uri($a->get_hostname(), local_user());
503
504         // Create item container
505
506
507         $arr = array();
508
509         $arr['uid']           = local_user();
510         $arr['uri']           = $uri;
511         $arr['parent-uri']    = $uri;
512         $arr['type']          = 'photo';
513         $arr['wall']          = 1;
514         $arr['resource-id']   = $photo_hash;
515         $arr['contact-id']    = $contact_record['id'];
516         $arr['owner-name']    = $contact_record['name'];
517         $arr['owner-link']    = $contact_record['url'];
518         $arr['owner-avatar']  = $contact_record['thumb'];
519         $arr['author-name']   = $contact_record['name'];
520         $arr['author-link']   = $contact_record['url'];
521         $arr['author-avatar'] = $contact_record['thumb'];
522         $arr['title']         = '';
523         $arr['allow_cid']     = $str_contact_allow;
524         $arr['allow_gid']     = $str_group_allow;
525         $arr['deny_cid']      = $str_contact_deny;
526         $arr['deny_gid']      = $str_group_deny;
527         $arr['last-child']    = 1;
528         $arr['visible']       = $visible;
529         $arr['body']          = '[url=' . $a->get_baseurl() . '/photos/' . $contact_record['nickname'] . '/image/' . $photo_hash . ']' 
530                                 . '[img]' . $a->get_baseurl() . "/photo/{$photo_hash}-{$smallest}.jpg" . '[/img]' 
531                                 . '[/url]';
532
533         $item_id = item_store($arr);
534
535         if(! $java_upload) {
536                 goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
537                 return; // NOTREACHED
538         }
539
540         killme();
541         return; // NOTREACHED
542
543 }
544
545
546
547 function photos_content(&$a) {
548
549         // URLs:
550         // photos/name
551         // photos/name/upload
552         // photos/name/album/xxxxx
553         // photos/name/album/xxxxx/edit
554         // photos/name/image/xxxxx
555         // photos/name/image/xxxxx/edit
556
557
558         if(! x($a->data,'user')) {
559                 notice( t('No photos selected') . EOL );
560                 return;
561         }
562
563         $_SESSION['photo_return'] = $a->cmd;
564
565         //
566         // Parse arguments 
567         //
568
569         if($a->argc > 3) {
570                 $datatype = $a->argv[2];
571                 $datum = $a->argv[3];
572         }
573         elseif(($a->argc > 2) && ($a->argv[2] === 'upload'))
574                 $datatype = 'upload';
575         else
576                 $datatype = 'summary';
577
578         if($a->argc > 4)
579                 $cmd = $a->argv[4];
580         else
581                 $cmd = 'view';
582
583         //
584         // Setup permissions structures
585         //
586
587         $owner_uid = $a->data['user']['uid'];
588
589
590
591         $contact = null;
592         $remote_contact = false;
593
594         if(remote_user()) {
595                 $contact_id = $_SESSION['visitor_id'];
596                 $groups = init_groups_visitor($contact_id);
597                 $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
598                         intval($contact_id),
599                         intval($owner_uid)
600                 );
601                 if(count($r)) {
602                         $contact = $r[0];
603                         $remote_contact = true;
604                 }
605         }
606
607         if(! $remote_contact) {
608                 if(local_user()) {
609                         $contact_id = $_SESSION['cid'];
610                         $contact = $a->contact;
611                 }
612         }
613
614
615         // default permissions - anonymous user
616
617         $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
618
619         // Profile owner - everything is visible
620
621         if(local_user() && (local_user() == $owner_uid)) {
622                 $sql_extra = '';        
623         }
624         elseif(remote_user()) {
625                 // authenticated visitor - here lie dragons
626                 $gs = '<<>>'; // should be impossible to match
627                 if(count($groups)) {
628                         foreach($groups as $g)
629                                 $gs .= '|<' . intval($g) . '>';
630                 } 
631                 $sql_extra = sprintf(
632                         " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) 
633                           AND ( `deny_cid`  = '' OR  NOT `deny_cid` REGEXP '<%d>' ) 
634                           AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
635                           AND ( `deny_gid`  = '' OR NOT `deny_gid` REGEXP '%s') ",
636
637                         intval($_SESSION['visitor_id']),
638                         intval($_SESSION['visitor_id']),
639                         dbesc($gs),
640                         dbesc($gs)
641                 );
642         }
643
644         //
645         // dispatch request
646         //
647
648
649         if($datatype === 'upload') {
650                 if( ! (local_user() && (local_user() == $a->data['user']['uid']))) {
651                         notice( t('Permission denied.'));
652                         return;
653                 }
654                 $albumselect = '<select id="photos-upload-album-select" name="album" size="4">';
655
656                 $albumselect .= '<option value="" selected="selected" >&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</option>';
657                 if(count($a->data['albums'])) {
658                         foreach($a->data['albums'] as $album) {
659                                 if(($album['album'] === '') || ($album['album'] == t('Contact Photos')))
660                                         continue;
661                                 $albumselect .= '<option value="' . $album['album'] . '">' . $album['album'] . '</option>';
662                         }
663                 }
664
665                 $celeb = ((($a->user['page-flags'] == PAGE_SOAPBOX) || ($a->user['page-flags'] == PAGE_COMMUNITY)) ? true : false);
666
667                 $albumselect .= '</select>';
668                 $tpl = load_view_file('view/photos_upload.tpl');
669                 $o .= replace_macros($tpl,array(
670                         '$pagename' => t('Upload Photos'),
671                         '$sessid' => session_id(),
672                         '$newalbum' => t('New album name: '),
673                         '$existalbumtext' => t('or existing album name: '),
674                         '$filestext' => t('Select files to upload: '),
675                         '$albumselect' => $albumselect,
676                         '$permissions' => t('Permissions'),
677                         '$aclselect' => populate_acl($a->user, $celeb),
678                         '$archive' => $a->get_baseurl() . '/jumploader_z.jar',
679                         '$nojava' => t('Use the following controls only if the Java uploader [above] fails to launch.'),
680                         '$uploadurl' => $a->get_baseurl() . '/photos',
681                         '$submit' => t('Submit')
682                 ));
683
684                 return $o; 
685
686         }
687
688         if($datatype === 'album') {
689
690                 $album = hex2bin($datum);
691
692                 $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' 
693                         $sql_extra GROUP BY `resource-id`",
694                         intval($a->data['user']['uid']),
695                         dbesc($album)
696                 );
697                 if(count($r))
698                         $a->set_pager_total(count($r));
699
700
701                 $r = q("SELECT `resource-id`, `id`, `filename`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' 
702                         $sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d",
703                         intval($a->data['user']['uid']),
704                         dbesc($album),
705                         intval($a->pager['start']),
706                         intval($a->pager['itemspage'])
707                 );
708
709                 $o .= '<h3>' . $album . '</h3>';
710                 
711                 if($cmd === 'edit') {           
712                         if(($album != t('Profile Photos')) && ($album != t('Contact Photos'))) {
713                                 if(local_user() && (local_user() == $a->data['user']['uid'])) {
714                                         $edit_tpl = load_view_file('view/album_edit.tpl');
715                                         $o .= replace_macros($edit_tpl,array(
716                                                 '$nametext' => t('New album name: '),
717                                                 '$album' => $album,
718                                                 '$hexalbum' => bin2hex($album),
719                                                 '$submit' => t('Submit'),
720                                                 '$dropsubmit' => t('Delete Album')
721                                         ));
722                                 }
723                         }
724                 }
725                 else {
726                         if(($album != t('Profile Photos')) && ($album != t('Contact Photos'))) {
727                                 if(local_user() && (local_user() == $a->data['user']['uid'])) {
728                                         $o .= '<div id="album-edit-link"><a href="'. $a->get_baseurl() . '/photos/' 
729                                                 . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '/edit' . '">' 
730                                                 . t('Edit Album') . '</a></div>';
731                                 }
732                         }
733                 }
734                 $tpl = load_view_file('view/photo_album.tpl');
735                 if(count($r))
736                         foreach($r as $rr) {
737                                 $o .= replace_macros($tpl,array(
738                                         '$id' => $rr['id'],
739                                         '$photolink' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $rr['resource-id'],
740                                         '$phototitle' => t('View Photo'),
741                                         '$imgsrc' => $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . $rr['scale'] . '.jpg',
742                                         '$imgalt' => $rr['filename']
743                                 ));
744
745                 }
746                 $o .= '<div id="photo-album-end"></div>';
747                 return $o;
748
749         }       
750
751
752         if($datatype === 'image') {
753
754                 require_once('security.php');
755                 require_once('bbcode.php');
756
757                 $o = '<div id="live-display"></div>' . "\r\n";
758                 // fetch image, item containing image, then comments
759
760                 $ph = q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' 
761                         $sql_extra ORDER BY `scale` ASC ",
762                         intval($a->data['user']['uid']),
763                         dbesc($datum)
764                 );
765
766                 if(! count($ph)) {
767                         notice( t('Photo not available') . EOL );
768                         return;
769                 }
770
771                 if(count($ph) == 1)
772                         $hires = $lores = $ph[0];
773                 if(count($ph) > 1) {
774                         if($ph[1]['scale'] == 2) {
775                                 // original is 640 or less, we can display it directly
776                                 $hires = $lores = $ph[0];
777                         }
778                         else {
779                         $hires = $ph[0];
780                         $lores = $ph[1];
781                         }
782                 }
783
784                 
785                 $o .= '<h3>' . '<a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($ph[0]['album']) . '">' . $ph[0]['album'] . '</a></h3>';
786  
787                 if(local_user() && ($ph[0]['uid'] == local_user())) {
788                         $o .= '<div id="photo-edit-link-wrap" ><a id="photo-edit-link" href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $datum . '/edit' . '">' . t('Edit photo') . '</a></div>';
789                 }
790
791
792                 $o .= '<a href="' . $a->get_baseurl() . '/photo/' 
793                         . $hires['resource-id'] . '-' . $hires['scale'] . '.jpg" title="' 
794                         . t('View Full Size') . '" ><img src="' . $a->get_baseurl() . '/photo/' 
795                         . $lores['resource-id'] . '-' . $lores['scale'] . '.jpg' . '" /></a>';
796
797
798                 // Do we have an item for this photo?
799
800                 $linked_items = q("SELECT * FROM `item` WHERE `resource-id` = '%s' $sql_extra LIMIT 1",
801                         dbesc($datum)
802                 );
803                 if(count($linked_items)) {
804                         $link_item = $linked_items[0];
805                         $r = q("SELECT COUNT(*) AS `total`
806                                 FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
807                                 WHERE `parent-uri` = '%s' AND `uri` != '%s' AND `item`.`deleted` = 0
808                                 AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
809                                 AND `item`.`uid` = %d 
810                                 $sql_extra ",
811                                 dbesc($link_item['uri']),
812                                 dbesc($link_item['uri']),
813                                 intval($link_item['uid'])
814
815                         );
816
817                         if(count($r))
818                                 $a->set_pager_total($r[0]['total']);
819
820
821                         $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, 
822                                 `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`network`, 
823                                 `contact`.`rel`, `contact`.`thumb`, `contact`.`self`, 
824                                 `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
825                                 FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
826                                 WHERE `parent-uri` = '%s' AND `uri` != '%s' AND `item`.`deleted` = 0
827                                 AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
828                                 AND `item`.`uid` = %d
829                                 $sql_extra
830                                 ORDER BY `parent` DESC, `id` ASC LIMIT %d ,%d ",
831                                 dbesc($link_item['uri']),
832                                 dbesc($link_item['uri']),
833                                 intval($link_item['uid']),
834                                 intval($a->pager['start']),
835                                 intval($a->pager['itemspage'])
836
837                         );
838                 
839                         if((local_user()) && (local_user() == $link_item['uid'])) {
840                                 q("UPDATE `item` SET `unseen` = 0 WHERE `parent` = %d and `uid` = %d",
841                                         intval($link_item['parent']),
842                                         intval(local_user())
843                                 );
844                         }
845                 }
846
847                 $o .= '<div id="photo-caption" >' . $ph[0]['desc'] . '</div>';
848
849                 if(count($linked_items) && strlen($link_item['tag'])) {
850                         $arr = explode(',',$link_item['tag']);
851                         // parse tags and add links     
852                         $o .= '<div id="in-this-photo-text">' . t('Tags: ') . '</div>';
853                         $o .= '<div id="in-this-photo">';
854                         $tag_str = '';
855                         foreach($arr as $t) {
856                                 if(strlen($tag_str))
857                                         $tag_str .= ', ';
858                                 $tag_str .= bbcode($t);
859                         } 
860                         $o .= $tag_str . '</div>';
861                         if($cmd === 'edit')
862                                 $o .= '<div id="tag-remove"><a href="' . $a->get_baseurl() . '/tagrm/' . $link_item['id'] . '">' . t('[Remove any tag]') . '</a></div>';
863                 }
864
865
866                 if($cmd === 'edit') {
867                         $edit_tpl = load_view_file('view/photo_edit.tpl');
868                         $o .= replace_macros($edit_tpl, array(
869                                 '$id' => $ph[0]['id'],
870                                 '$resource_id' => $ph[0]['resource-id'],
871                                 '$capt_label' => t('Caption'),
872                                 '$caption' => $ph[0]['desc'],
873                                 '$tag_label' => t('Add a Tag'),
874                                 '$tags' => $link_item['tag'],
875                                 '$help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com, #California, #camping'),
876                                 '$item_id' => ((count($linked_items)) ? $link_item['id'] : 0),
877                                 '$submit' => t('Submit'),
878                                 '$delete' => t('Delete Photo')
879
880                         ));
881                 }
882
883                 if(count($linked_items)) {
884
885                         $cmnt_tpl = load_view_file('view/comment_item.tpl');
886                         $tpl = load_view_file('view/photo_item.tpl');
887                         $return_url = $a->cmd;
888
889                         $like_tpl = load_view_file('view/like.tpl');
890
891                         $likebuttons = '';
892
893                         if(can_write_wall($a,$a->data['user']['uid']))
894                                 $likebuttons = replace_macros($like_tpl,array('$id' => $link_item['id']));
895
896                         if(! count($r)) {
897                                 $o .= '<div id="photo-like-div">';
898                                 $o .= $likebuttons;
899                                 $o .= '</div>';
900
901                                 if(can_write_wall($a,$a->data['user']['uid'])) {
902                                         if($link_item['last-child']) {
903                                                 $o .= replace_macros($cmnt_tpl,array(
904                                                         '$return_path' => $return_url,
905                                                         '$type' => 'wall-comment',
906                                                         '$id' => $link_item['id'],
907                                                         '$parent' => $link_item['id'],
908                                                         '$profile_uid' =>  $a->data['user']['uid'],
909                                                         '$mylink' => $contact['url'],
910                                                         '$mytitle' => t('This is you'),
911                                                         '$myphoto' => $contact['thumb'],
912                                                         '$ww' => ''
913                                                 ));
914                                         }
915                                 }
916                         }
917
918                         $alike = array();
919                         $dlike = array();
920
921                         // display comments
922                         if(count($r)) {
923
924                                 foreach($r as $item) {
925                                         like_puller($a,$item,$alike,'like');
926                                         like_puller($a,$item,$dlike,'dislike');
927                                 }
928
929                     $like    = ((isset($alike[$link_item['id']])) ? format_like($alike[$link_item['id']],$alike[$link_item['id'] . '-l'],'like',$link_item['id']) : '');
930                                 $dislike = ((isset($dlike[$link_item['id']])) ? format_like($dlike[$link_item['id']],$dlike[$link_item['id'] . '-l'],'dislike',$link_item['id']) : '');
931
932                                 $o .= '<div id="photo-like-div">';
933                                 $o .= $likebuttons;
934                                 $o .= $like;
935                                 $o .= $dislike;
936                                 $o .= '</div>';
937
938
939
940                                 if(can_write_wall($a,$a->data['user']['uid'])) {
941                                         if($link_item['last-child']) {
942                                                 $o .= replace_macros($cmnt_tpl,array(
943                                                         '$return_path' => $return_url,
944                                                         '$type' => 'wall-comment',
945                                                         '$id' => $link_item['id'],
946                                                         '$parent' => $link_item['id'],
947                                                         '$profile_uid' =>  $a->data['user']['uid'],
948                                                         '$mylink' => $contact['url'],
949                                                         '$mytitle' => t('This is you'),
950                                                         '$myphoto' => $contact['thumb'],
951                                                         '$ww' => ''
952                                                 ));
953                                         }
954                                 }
955
956
957                                 foreach($r as $item) {
958                                         $comment = '';
959                                         $template = $tpl;
960                                         $sparkle = '';
961
962                                         if(((activity_match($item['verb'],ACTIVITY_LIKE)) || (activity_match($item['verb'],ACTIVITY_DISLIKE))) && ($item['id'] != $item['parent']))
963                                                 continue;
964
965                                         $redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'] ;
966                         
967                                         if(can_write_wall($a,$a->data['user']['uid'])) {
968
969                                                 if($item['last-child']) {
970                                                         $comment = replace_macros($cmnt_tpl,array(
971                                                                 '$return_path' => $return_url,
972                                                                 '$type' => 'wall-comment',
973                                                                 '$id' => $item['item_id'],
974                                                                 '$parent' => $item['parent'],
975                                                                 '$profile_uid' =>  $a->data['user']['uid'],
976                                                                 '$mylink' => $contact['url'],
977                                                                 '$mytitle' => t('This is you'),
978                                                                 '$myphoto' => $contact['thumb'],
979                                                                 '$ww' => ''
980                                                         ));
981                                                 }
982                                         }
983
984
985                                         if(local_user() && ($item['contact-uid'] == local_user()) 
986                                                 && ($item['network'] == 'dfrn') && (! $item['self'] )) {
987                                                 $profile_url = $redirect_url;
988                                                 $sparkle = ' sparkle';
989                                         }
990                                         else {
991                                                 $profile_url = $item['url'];
992                                                 $sparkle = '';
993                                         }
994  
995                                         $profile_name = ((strlen($item['author-name'])) ? $item['author-name'] : $item['name']);
996                                         $profile_avatar = ((strlen($item['author-avatar'])) ? $item['author-avatar'] : $item['thumb']);
997                                         $profile_link = $profile_url;
998
999                                         $drop = '';
1000
1001                                         if(($item['contact-id'] == remote_user()) || ($item['uid'] == local_user()))
1002                                                 $drop = replace_macros(load_view_file('view/wall_item_drop.tpl'), array('$id' => $item['id']));
1003
1004
1005                                         $o .= replace_macros($template,array(
1006                                                 '$id' => $item['item_id'],
1007                                                 '$profile_url' => $profile_link,
1008                                                 '$name' => $profile_name,
1009                                                 '$thumb' => $profile_avatar,
1010                                                 '$sparkle' => $sparkle,
1011                                                 '$title' => $item['title'],
1012                                                 '$body' => bbcode($item['body']),
1013                                                 '$ago' => relative_date($item['created']),
1014                                                 '$indent' => (($item['parent'] != $item['item_id']) ? ' comment' : ''),
1015                                                 '$drop' => $drop,
1016                                                 '$comment' => $comment
1017                                         ));
1018                                 }
1019                         }
1020
1021                         $o .= paginate($a);
1022                 }
1023                 return $o;
1024         }
1025
1026         // Default - show recent photos with upload link (if applicable)
1027         $o = '';
1028
1029         $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' 
1030                 $sql_extra GROUP BY `resource-id`",
1031                 intval($a->data['user']['uid']),
1032                 dbesc( t('Contact Photos'))
1033         );
1034         if(count($r))
1035                 $a->set_pager_total(count($r));
1036
1037
1038         $r = q("SELECT `resource-id`, `id`, `filename`, `album`, max(`scale`) AS `scale` FROM `photo`
1039                 WHERE `uid` = %d AND `album` != '%s' 
1040                 $sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d",
1041                 intval($a->data['user']['uid']),
1042                 dbesc( t('Contact Photos')),
1043                 intval($a->pager['start']),
1044                 intval($a->pager['itemspage'])
1045         );
1046
1047         $o .= '<h3>' . t('Recent Photos') . '</h3>';
1048
1049         if( local_user() && (local_user() == $a->data['user']['uid'])) {
1050                 $o .= '<div id="photo-top-links"><a id="photo-top-upload-link" href="'. $a->get_baseurl() . '/photos/' 
1051                         . $a->data['user']['nickname'] . '/upload' . '">' . t('Upload New Photos') . '</a></div>';
1052         }
1053
1054         $tpl = load_view_file('view/photo_top.tpl');
1055         if(count($r)) {
1056                 foreach($r as $rr) {
1057                         $o .= replace_macros($tpl,array(
1058                                 '$id' => $rr['id'],
1059                                 '$photolink' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] 
1060                                         . '/image/' . $rr['resource-id'],
1061                                 '$phototitle' => t('View Photo'),
1062                                 '$imgsrc' => $a->get_baseurl() . '/photo/' 
1063                                         . $rr['resource-id'] . '-' . ((($rr['scale']) == 6) ? 4 : $rr['scale']) . '.jpg',
1064                                 '$albumlink' => $a->get_baseurl() . '/photos/' 
1065                                         . $a->data['user']['nickname'] . '/album/' . bin2hex($rr['album']),
1066                                 '$albumname' => $rr['album'],
1067                                 '$albumalt' => t('View Album'),
1068                                 '$imgalt' => $rr['filename']
1069                         ));
1070
1071                 }
1072                 $o .= '<div id="photo-top-end"></div>';
1073         }
1074         return $o;
1075 }