mod/wall_attach.php

   1 <?php
   2
   3 use Friendica\App;
   4
   5 require_once('include/attach.php');
   6 require_once('include/datetime.php');
   7
   8 function wall_attach_post(App $a) {
   9
  10         $r_json = (x($_GET,'response') && $_GET['response']=='json');
  11
  12         if($a->argc > 1) {
  13                 $nick = $a->argv[1];
  14                 $r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid`  WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1",
  15                         dbesc($nick)
  16                 );
  17                 if (! dbm::is_result($r)) {
  18                         if ($r_json) {
  19                                 echo json_encode(array('error'=>t('Invalid request.')));
  20                                 killme();
  21                         }
  22                         return;
  23         }
  24
  25         } else {
  26                 if ($r_json) {
  27                         echo json_encode(array('error'=>t('Invalid request.')));
  28                         killme();
  29                 }
  30                 return;
  31         }
  32
  33         $can_post  = false;
  34         $visitor   = 0;
  35
  36         $page_owner_uid   = $r[0]['uid'];
  37         $page_owner_cid   = $r[0]['id'];
  38         $page_owner_nick  = $r[0]['nickname'];
  39         $community_page   = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
  40
  41         if((local_user()) && (local_user() == $page_owner_uid))
  42                 $can_post = true;
  43         else {
  44                 if($community_page && remote_user()) {
  45                         $contact_id = 0;
  46                         if(is_array($_SESSION['remote'])) {
  47                                 foreach($_SESSION['remote'] as $v) {
  48                                         if($v['uid'] == $page_owner_uid) {
  49                                                 $contact_id = $v['cid'];
  50                                                 break;
  51                                         }
  52                                 }
  53                         }
  54                         if($contact_id) {
  55
  56                                 $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
  57                                         intval($contact_id),
  58                                         intval($page_owner_uid)
  59                                 );
  60                                 if (dbm::is_result($r)) {
  61                                         $can_post = true;
  62                                         $visitor = $contact_id;
  63                                 }
  64                         }
  65                 }
  66         }
  67         if(! $can_post) {
  68                 if ($r_json) {
  69                         echo json_encode(array('error'=>t('Permission denied.')));
  70                         killme();
  71                 }
  72                 notice( t('Permission denied.') . EOL );
  73                 killme();
  74         }
  75
  76         if(! x($_FILES,'userfile')) {
  77                 if ($r_json) {
  78                         echo json_encode(array('error'=>t('Invalid request.')));
  79                 }
  80                 killme();
  81         }
  82
  83         $src      = $_FILES['userfile']['tmp_name'];
  84         $filename = basename($_FILES['userfile']['name']);
  85         $filesize = intval($_FILES['userfile']['size']);
  86
  87         $maxfilesize = get_config('system','maxfilesize');
  88
  89         /* Found html code written in text field of form,
  90          * when trying to upload a file with filesize
  91          * greater than upload_max_filesize. Cause is unknown.
  92          * Then Filesize gets <= 0.
  93          */
  94
  95         if($filesize <=0) {
  96                 $msg = t('Sorry, maybe your upload is bigger than the PHP configuration allows') . EOL .(t('Or - did you try to upload an empty file?'));
  97                 if ($r_json) {
  98                         echo json_encode(array('error'=>$msg));
  99                 } else {
 100                         notice( $msg. EOL );
 101                 }
 102                 @unlink($src);
 103                 killme();
 104         }
 105
 106         if(($maxfilesize) && ($filesize > $maxfilesize)) {
 107                 $msg = sprintf(t('File exceeds size limit of %s'), formatBytes($maxfilesize));
 108                 if ($r_json) {
 109                         echo json_encode(array('error'=>$msg));
 110                 } else {
 111                         echo  $msg. EOL ;
 112                 }
 113                 @unlink($src);
 114                 killme();
 115         }
 116
 117         $limit = service_class_fetch($page_owner_uid,'attach_upload_limit');
 118
 119         if ($limit) {
 120                 $r = q("select sum(octet_length(data)) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ",
 121                         intval($page_owner_uid)
 122                 );
 123                 $size = $r[0]['total'];
 124
 125                 if (($size + strlen($imagedata)) > $limit) {
 126                         $msg = upgrade_message(true);
 127                         if ($r_json) {
 128                                 echo json_encode(array('error'=>$msg));
 129                         } else {
 130                                 echo  $msg. EOL ;
 131                         }
 132                         @unlink($src);
 133                         killme();
 134                 }
 135         }
 136
 137         $filedata = @file_get_contents($src);
 138         $mimetype = z_mime_content_type($filename);
 139         $hash = get_guid(64);
 140         $created = datetime_convert();
 141
 142         $fields = array('uid' => $page_owner_uid, 'hash' => $hash, 'filename' => $filename, 'filetype' => $mimetype,
 143                 'filesize' => $filesize, 'data' => $filedata, 'created' => $created, 'edited' => $created,
 144                 'allow_cid' => '<' . $page_owner_cid . '>', 'allow_gid' => '','deny_cid' => '', 'deny_gid' => '');
 145
 146         $r = dba::insert('attach', $fields);
 147
 148         @unlink($src);
 149
 150         if(! $r) {
 151                 $msg =  t('File upload failed.');
 152                 if ($r_json) {
 153                         echo json_encode(array('error'=>$msg));
 154                 } else {
 155                         echo  $msg. EOL ;
 156                 }
 157                 killme();
 158         }
 159
 160         $r = q("SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1",
 161                 intval($page_owner_uid),
 162                 dbesc($created),
 163                 dbesc($hash)
 164         );
 165
 166         if (! dbm::is_result($r)) {
 167                 $msg = t('File upload failed.');
 168                 if ($r_json) {
 169                         echo json_encode(array('error'=>$msg));
 170                 } else {
 171                         echo  $msg. EOL ;
 172                 }
 173                 killme();
 174         }
 175
 176         if ($r_json) {
 177                 echo json_encode(array('ok'=>true));
 178                 killme();
 179         }
 180
 181         $lf = "\n";
 182
 183         echo  $lf . $lf . '[attachment]' . $r[0]['id'] . '[/attachment]' . $lf;
 184
 185         killme();
 186         // NOTREACHED
 187 }