mod/wall_attach.php

   1 <?php
   2 /**
   3  * @file mod/wall_attach.php
   4  */
   5 use Friendica\App;
   6 use Friendica\Core\Config;
   7 use Friendica\Database\DBM;
   8 use Friendica\Util\Mimetype;
   9
  10 require_once 'include/datetime.php';
  11
  12 function wall_attach_post(App $a) {
  13
  14         $r_json = (x($_GET,'response') && $_GET['response']=='json');
  15
  16         if($a->argc > 1) {
  17                 $nick = $a->argv[1];
  18                 $r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid`  WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1",
  19                         dbesc($nick)
  20                 );
  21                 if (! DBM::is_result($r)) {
  22                         if ($r_json) {
  23                                 echo json_encode(array('error'=>t('Invalid request.')));
  24                                 killme();
  25                         }
  26                         return;
  27         }
  28
  29         } else {
  30                 if ($r_json) {
  31                         echo json_encode(array('error'=>t('Invalid request.')));
  32                         killme();
  33                 }
  34                 return;
  35         }
  36
  37         $can_post  = false;
  38         $visitor   = 0;
  39
  40         $page_owner_uid   = $r[0]['uid'];
  41         $page_owner_cid   = $r[0]['id'];
  42         $page_owner_nick  = $r[0]['nickname'];
  43         $community_page   = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
  44
  45         if((local_user()) && (local_user() == $page_owner_uid))
  46                 $can_post = true;
  47         else {
  48                 if($community_page && remote_user()) {
  49                         $contact_id = 0;
  50                         if(is_array($_SESSION['remote'])) {
  51                                 foreach($_SESSION['remote'] as $v) {
  52                                         if($v['uid'] == $page_owner_uid) {
  53                                                 $contact_id = $v['cid'];
  54                                                 break;
  55                                         }
  56                                 }
  57                         }
  58                         if($contact_id) {
  59
  60                                 $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
  61                                         intval($contact_id),
  62                                         intval($page_owner_uid)
  63                                 );
  64                                 if (DBM::is_result($r)) {
  65                                         $can_post = true;
  66                                         $visitor = $contact_id;
  67                                 }
  68                         }
  69                 }
  70         }
  71         if(! $can_post) {
  72                 if ($r_json) {
  73                         echo json_encode(array('error'=>t('Permission denied.')));
  74                         killme();
  75                 }
  76                 notice( t('Permission denied.') . EOL );
  77                 killme();
  78         }
  79
  80         if(! x($_FILES,'userfile')) {
  81                 if ($r_json) {
  82                         echo json_encode(array('error'=>t('Invalid request.')));
  83                 }
  84                 killme();
  85         }
  86
  87         $src      = $_FILES['userfile']['tmp_name'];
  88         $filename = basename($_FILES['userfile']['name']);
  89         $filesize = intval($_FILES['userfile']['size']);
  90
  91         $maxfilesize = Config::get('system','maxfilesize');
  92
  93         /* Found html code written in text field of form,
  94          * when trying to upload a file with filesize
  95          * greater than upload_max_filesize. Cause is unknown.
  96          * Then Filesize gets <= 0.
  97          */
  98
  99         if($filesize <=0) {
 100                 $msg = t('Sorry, maybe your upload is bigger than the PHP configuration allows') . EOL .(t('Or - did you try to upload an empty file?'));
 101                 if ($r_json) {
 102                         echo json_encode(array('error'=>$msg));
 103                 } else {
 104                         notice( $msg. EOL );
 105                 }
 106                 @unlink($src);
 107                 killme();
 108         }
 109
 110         if(($maxfilesize) && ($filesize > $maxfilesize)) {
 111                 $msg = sprintf(t('File exceeds size limit of %s'), formatBytes($maxfilesize));
 112                 if ($r_json) {
 113                         echo json_encode(array('error'=>$msg));
 114                 } else {
 115                         echo  $msg. EOL ;
 116                 }
 117                 @unlink($src);
 118                 killme();
 119         }
 120
 121         $filedata = @file_get_contents($src);
 122         $mimetype = Mimetype::getContentType($filename);
 123         $hash = get_guid(64);
 124         $created = datetime_convert();
 125
 126         $fields = array('uid' => $page_owner_uid, 'hash' => $hash, 'filename' => $filename, 'filetype' => $mimetype,
 127                 'filesize' => $filesize, 'data' => $filedata, 'created' => $created, 'edited' => $created,
 128                 'allow_cid' => '<' . $page_owner_cid . '>', 'allow_gid' => '','deny_cid' => '', 'deny_gid' => '');
 129
 130         $r = dba::insert('attach', $fields);
 131
 132         @unlink($src);
 133
 134         if(! $r) {
 135                 $msg =  t('File upload failed.');
 136                 if ($r_json) {
 137                         echo json_encode(array('error'=>$msg));
 138                 } else {
 139                         echo  $msg. EOL ;
 140                 }
 141                 killme();
 142         }
 143
 144         $r = q("SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1",
 145                 intval($page_owner_uid),
 146                 dbesc($created),
 147                 dbesc($hash)
 148         );
 149
 150         if (! DBM::is_result($r)) {
 151                 $msg = t('File upload failed.');
 152                 if ($r_json) {
 153                         echo json_encode(array('error'=>$msg));
 154                 } else {
 155                         echo  $msg. EOL ;
 156                 }
 157                 killme();
 158         }
 159
 160         if ($r_json) {
 161                 echo json_encode(array('ok'=>true));
 162                 killme();
 163         }
 164
 165         $lf = "\n";
 166
 167         echo  $lf . $lf . '[attachment]' . $r[0]['id'] . '[/attachment]' . $lf;
 168
 169         killme();
 170         // NOTREACHED
 171 }