]> git.mxchange.org Git - friendica.git/blob - mod/wall_attach.php
Merge pull request #3149 from annando/1601-new-diaspora-mention
[friendica.git] / mod / wall_attach.php
1 <?php
2
3 require_once('include/attach.php');
4 require_once('include/datetime.php');
5
6 function wall_attach_post(App $a) {
7
8         $r_json = (x($_GET,'response') && $_GET['response']=='json');
9
10         if($a->argc > 1) {
11                 $nick = $a->argv[1];
12                 $r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid`  WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1",
13                         dbesc($nick)
14                 );
15                 if (! dbm::is_result($r)) {
16                         if ($r_json) {
17                                 echo json_encode(array('error'=>t('Invalid request.')));
18                                 killme();
19                         }
20                         return;
21         }
22
23         } else {
24                 if ($r_json) {
25                         echo json_encode(array('error'=>t('Invalid request.')));
26                         killme();
27                 }
28                 return;
29         }
30
31         $can_post  = false;
32         $visitor   = 0;
33
34         $page_owner_uid   = $r[0]['uid'];
35         $page_owner_cid   = $r[0]['id'];
36         $page_owner_nick  = $r[0]['nickname'];
37         $community_page   = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
38
39         if((local_user()) && (local_user() == $page_owner_uid))
40                 $can_post = true;
41         else {
42                 if($community_page && remote_user()) {
43                         $contact_id = 0;
44                         if(is_array($_SESSION['remote'])) {
45                                 foreach($_SESSION['remote'] as $v) {
46                                         if($v['uid'] == $page_owner_uid) {
47                                                 $contact_id = $v['cid'];
48                                                 break;
49                                         }
50                                 }
51                         }
52                         if($contact_id) {
53
54                                 $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
55                                         intval($contact_id),
56                                         intval($page_owner_uid)
57                                 );
58                                 if (dbm::is_result($r)) {
59                                         $can_post = true;
60                                         $visitor = $contact_id;
61                                 }
62                         }
63                 }
64         }
65         if(! $can_post) {
66                 if ($r_json) {
67                         echo json_encode(array('error'=>t('Permission denied.')));
68                         killme();
69                 }
70                 notice( t('Permission denied.') . EOL );
71                 killme();
72         }
73
74         if(! x($_FILES,'userfile')) {
75                 if ($r_json) {
76                         echo json_encode(array('error'=>t('Invalid request.')));
77                 }
78                 killme();
79         }
80
81         $src      = $_FILES['userfile']['tmp_name'];
82         $filename = basename($_FILES['userfile']['name']);
83         $filesize = intval($_FILES['userfile']['size']);
84
85         $maxfilesize = get_config('system','maxfilesize');
86
87         /* Found html code written in text field of form,
88          * when trying to upload a file with filesize
89          * greater than upload_max_filesize. Cause is unknown.
90          * Then Filesize gets <= 0.
91          */
92
93         if($filesize <=0) {
94                 $msg = t('Sorry, maybe your upload is bigger than the PHP configuration allows') . EOL .(t('Or - did you try to upload an empty file?'));
95                 if ($r_json) {
96                         echo json_encode(array('error'=>$msg));
97                 } else {
98                         notice( $msg. EOL );
99                 }
100                 @unlink($src);
101                 killme();
102         }
103
104         if(($maxfilesize) && ($filesize > $maxfilesize)) {
105                 $msg = sprintf(t('File exceeds size limit of %s'), formatBytes($maxfilesize));
106                 if ($r_json) {
107                         echo json_encode(array('error'=>$msg));
108                 } else {
109                         echo  $msg. EOL ;
110                 }
111                 @unlink($src);
112                 killme();
113         }
114
115         $limit = service_class_fetch($page_owner_uid,'attach_upload_limit');
116
117         if ($limit) {
118                 $r = q("select sum(octet_length(data)) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ",
119                         intval($page_owner_uid)
120                 );
121                 $size = $r[0]['total'];
122
123                 if (($size + strlen($imagedata)) > $limit) {
124                         $msg = upgrade_message(true);
125                         if ($r_json) {
126                                 echo json_encode(array('error'=>$msg));
127                         } else {
128                                 echo  $msg. EOL ;
129                         }
130                         @unlink($src);
131                         killme();
132                 }
133         }
134
135         $filedata = @file_get_contents($src);
136         $mimetype = z_mime_content_type($filename);
137         $hash = get_guid(64);
138         $created = datetime_convert();
139         $r = q("INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
140                 VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
141                 intval($page_owner_uid),
142                 dbesc($hash),
143                 dbesc($filename),
144                 dbesc($mimetype),
145                 intval($filesize),
146                 dbesc($filedata),
147                 dbesc($created),
148                 dbesc($created),
149                 dbesc('<' . $page_owner_cid . '>'),
150                 dbesc(''),
151                 dbesc(''),
152                 dbesc('')
153         );
154
155         @unlink($src);
156
157         if(! $r) {
158                 $msg =  t('File upload failed.');
159                 if ($r_json) {
160                         echo json_encode(array('error'=>$msg));
161                 } else {
162                         echo  $msg. EOL ;
163                 }
164                 killme();
165         }
166
167         $r = q("SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1",
168                 intval($page_owner_uid),
169                 dbesc($created),
170                 dbesc($hash)
171         );
172
173         if (! dbm::is_result($r)) {
174                 $msg = t('File upload failed.');
175                 if ($r_json) {
176                         echo json_encode(array('error'=>$msg));
177                 } else {
178                         echo  $msg. EOL ;
179                 }
180                 killme();
181         }
182
183         if ($r_json) {
184                 echo json_encode(array('ok'=>true));
185                 killme();
186         }
187
188         $lf = "\n";
189
190         echo  $lf . $lf . '[attachment]' . $r[0]['id'] . '[/attachment]' . $lf;
191
192         killme();
193         // NOTREACHED
194 }