mod/wall_upload.php

   1 <?php
   2 /**
   3  * @file mod/wall_upload.php
   4  * @brief Module for uploading a picture to the profile wall
   5  *
   6  * By default the picture will be stored in the photo album with the name Wall Photos.
   7  * You can specify a different album by adding an optional query string "album="
   8  * to the url
   9  */
  10
  11 use Friendica\App;
  12 use Friendica\Core\L10n;
  13 use Friendica\Core\Logger;
  14 use Friendica\Core\System;
  15 use Friendica\Core\Config;
  16 use Friendica\Database\DBA;
  17 use Friendica\Model\Contact;
  18 use Friendica\Model\Photo;
  19 use Friendica\Object\Image;
  20 use Friendica\Util\Strings;
  21
  22 function wall_upload_post(App $a, $desktopmode = true)
  23 {
  24         Logger::log("wall upload: starting new upload", Logger::DEBUG);
  25
  26         $r_json = (!empty($_GET['response']) && $_GET['response'] == 'json');
  27         $album = (!empty($_GET['album']) ? Strings::escapeTags(trim($_GET['album'])) : '');
  28
  29         if ($a->argc > 1) {
  30                 if (empty($_FILES['media'])) {
  31                         $nick = $a->argv[1];
  32                         $r = q("SELECT `user`.*, `contact`.`id` FROM `user`
  33                                 INNER JOIN `contact` on `user`.`uid` = `contact`.`uid`
  34                                 WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0
  35                                 AND `contact`.`self` = 1 LIMIT 1",
  36                                 DBA::escape($nick)
  37                         );
  38
  39                         if (!DBA::isResult($r)) {
  40                                 if ($r_json) {
  41                                         echo json_encode(['error' => L10n::t('Invalid request.')]);
  42                                         killme();
  43                                 }
  44                                 return;
  45                         }
  46                 } else {
  47                         $user_info = api_get_user($a);
  48                         $r = q("SELECT `user`.*, `contact`.`id` FROM `user`
  49                                 INNER JOIN `contact` on `user`.`uid` = `contact`.`uid`
  50                                 WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0
  51                                 AND `contact`.`self` = 1 LIMIT 1",
  52                                 DBA::escape($user_info['screen_name'])
  53                         );
  54                 }
  55         } else {
  56                 if ($r_json) {
  57                         echo json_encode(['error' => L10n::t('Invalid request.')]);
  58                         killme();
  59                 }
  60                 return;
  61         }
  62
  63         /*
  64          * Setup permissions structures
  65          */
  66         $can_post  = false;
  67         $visitor   = 0;
  68
  69         $page_owner_uid   = $r[0]['uid'];
  70         $default_cid      = $r[0]['id'];
  71         $page_owner_nick  = $r[0]['nickname'];
  72         $community_page   = (($r[0]['page-flags'] == Contact::PAGE_COMMUNITY) ? true : false);
  73
  74         if ((local_user()) && (local_user() == $page_owner_uid)) {
  75                 $can_post = true;
  76         } else {
  77                 if ($community_page && remote_user()) {
  78                         $contact_id = 0;
  79                         if (is_array($_SESSION['remote'])) {
  80                                 foreach ($_SESSION['remote'] as $v) {
  81                                         if ($v['uid'] == $page_owner_uid) {
  82                                                 $contact_id = $v['cid'];
  83                                                 break;
  84                                         }
  85                                 }
  86                         }
  87
  88                         if ($contact_id) {
  89                                 $r = q("SELECT `uid` FROM `contact`
  90                                         WHERE `blocked` = 0 AND `pending` = 0
  91                                         AND `id` = %d AND `uid` = %d LIMIT 1",
  92                                         intval($contact_id),
  93                                         intval($page_owner_uid)
  94                                 );
  95                                 if (DBA::isResult($r)) {
  96                                         $can_post = true;
  97                                         $visitor = $contact_id;
  98                                 }
  99                         }
 100                 }
 101         }
 102
 103
 104         if (!$can_post) {
 105                 if ($r_json) {
 106                         echo json_encode(['error' => L10n::t('Permission denied.')]);
 107                         killme();
 108                 }
 109                 notice(L10n::t('Permission denied.') . EOL);
 110                 killme();
 111         }
 112
 113         if (empty($_FILES['userfile']) && empty($_FILES['media'])) {
 114                 if ($r_json) {
 115                         echo json_encode(['error' => L10n::t('Invalid request.')]);
 116                 }
 117                 killme();
 118         }
 119
 120         $src = '';
 121         $filename = '';
 122         $filesize = 0;
 123         $filetype = '';
 124         if (!empty($_FILES['userfile'])) {
 125                 $src      = $_FILES['userfile']['tmp_name'];
 126                 $filename = basename($_FILES['userfile']['name']);
 127                 $filesize = intval($_FILES['userfile']['size']);
 128                 $filetype = $_FILES['userfile']['type'];
 129
 130         } elseif (!empty($_FILES['media'])) {
 131                 if (!empty($_FILES['media']['tmp_name'])) {
 132                         if (is_array($_FILES['media']['tmp_name'])) {
 133                                 $src = $_FILES['media']['tmp_name'][0];
 134                         } else {
 135                                 $src = $_FILES['media']['tmp_name'];
 136                         }
 137                 }
 138
 139                 if (!empty($_FILES['media']['name'])) {
 140                         if (is_array($_FILES['media']['name'])) {
 141                                 $filename = basename($_FILES['media']['name'][0]);
 142                         } else {
 143                                 $filename = basename($_FILES['media']['name']);
 144                         }
 145                 }
 146
 147                 if (!empty($_FILES['media']['size'])) {
 148                         if (is_array($_FILES['media']['size'])) {
 149                                 $filesize = intval($_FILES['media']['size'][0]);
 150                         } else {
 151                                 $filesize = intval($_FILES['media']['size']);
 152                         }
 153                 }
 154
 155                 if (!empty($_FILES['media']['type'])) {
 156                         if (is_array($_FILES['media']['type'])) {
 157                                 $filetype = $_FILES['media']['type'][0];
 158                         } else {
 159                                 $filetype = $_FILES['media']['type'];
 160                         }
 161                 }
 162         }
 163
 164         if ($src == "") {
 165                 if ($r_json) {
 166                         echo json_encode(['error' => L10n::t('Invalid request.')]);
 167                         killme();
 168                 }
 169                 notice(L10n::t('Invalid request.').EOL);
 170                 killme();
 171         }
 172
 173         // This is a special treatment for picture upload from Twidere
 174         if (($filename == "octet-stream") && ($filetype != "")) {
 175                 $filename = $filetype;
 176                 $filetype = "";
 177         }
 178
 179         if ($filetype == "") {
 180                 $filetype = Image::guessType($filename);
 181         }
 182
 183         // If there is a temp name, then do a manual check
 184         // This is more reliable than the provided value
 185
 186         $imagedata = getimagesize($src);
 187         if ($imagedata) {
 188                 $filetype = $imagedata['mime'];
 189         }
 190
 191         Logger::log("File upload src: " . $src . " - filename: " . $filename .
 192                 " - size: " . $filesize . " - type: " . $filetype, Logger::DEBUG);
 193
 194         $maximagesize = Config::get('system', 'maximagesize');
 195
 196         if (($maximagesize) && ($filesize > $maximagesize)) {
 197                 $msg = L10n::t('Image exceeds size limit of %s', Strings::formatBytes($maximagesize));
 198                 if ($r_json) {
 199                         echo json_encode(['error' => $msg]);
 200                 } else {
 201                         echo  $msg. EOL;
 202                 }
 203                 @unlink($src);
 204                 killme();
 205         }
 206
 207         $imagedata = @file_get_contents($src);
 208         $Image = new Image($imagedata, $filetype);
 209
 210         if (!$Image->isValid()) {
 211                 $msg = L10n::t('Unable to process image.');
 212                 if ($r_json) {
 213                         echo json_encode(['error' => $msg]);
 214                 } else {
 215                         echo  $msg. EOL;
 216                 }
 217                 @unlink($src);
 218                 killme();
 219         }
 220
 221         $Image->orient($src);
 222         @unlink($src);
 223
 224         $max_length = Config::get('system', 'max_image_length');
 225         if (!$max_length) {
 226                 $max_length = MAX_IMAGE_LENGTH;
 227         }
 228         if ($max_length > 0) {
 229                 $Image->scaleDown($max_length);
 230                 Logger::log("File upload: Scaling picture to new size " . $max_length, Logger::DEBUG);
 231         }
 232
 233         $width = $Image->getWidth();
 234         $height = $Image->getHeight();
 235
 236         $hash = Photo::newResource();
 237
 238         $smallest = 0;
 239
 240         // If we don't have an album name use the Wall Photos album
 241         if (!strlen($album)) {
 242                 $album = L10n::t('Wall Photos');
 243         }
 244
 245         $defperm = '<' . $default_cid . '>';
 246
 247         $r = Photo::store($Image, $page_owner_uid, $visitor, $hash, $filename, $album, 0, 0, $defperm);
 248
 249         if (!$r) {
 250                 $msg = L10n::t('Image upload failed.');
 251                 if ($r_json) {
 252                         echo json_encode(['error' => $msg]);
 253                 } else {
 254                         echo  $msg. EOL;
 255                 }
 256                 killme();
 257         }
 258
 259         if ($width > 640 || $height > 640) {
 260                 $Image->scaleDown(640);
 261                 $r = Photo::store($Image, $page_owner_uid, $visitor, $hash, $filename, $album, 1, 0, $defperm);
 262                 if ($r) {
 263                         $smallest = 1;
 264                 }
 265         }
 266
 267         if ($width > 320 || $height > 320) {
 268                 $Image->scaleDown(320);
 269                 $r = Photo::store($Image, $page_owner_uid, $visitor, $hash, $filename, $album, 2, 0, $defperm);
 270                 if ($r && ($smallest == 0)) {
 271                         $smallest = 2;
 272                 }
 273         }
 274
 275         $basename = basename($filename);
 276
 277         if (!$desktopmode) {
 278                 $r = q("SELECT `id`, `datasize`, `width`, `height`, `type` FROM `photo`
 279                         WHERE `resource-id` = '%s'
 280                         ORDER BY `width` DESC LIMIT 1",
 281                         $hash
 282                 );
 283                 if (!$r) {
 284                         if ($r_json) {
 285                                 echo json_encode(['error' => '']);
 286                                 killme();
 287                         }
 288                         return false;
 289                 }
 290                 $picture = [];
 291
 292                 $picture["id"]        = $r[0]["id"];
 293                 $picture["size"]      = $r[0]["datasize"];
 294                 $picture["width"]     = $r[0]["width"];
 295                 $picture["height"]    = $r[0]["height"];
 296                 $picture["type"]      = $r[0]["type"];
 297                 $picture["albumpage"] = System::baseUrl() . '/photos/' . $page_owner_nick . '/image/' . $hash;
 298                 $picture["picture"]   = System::baseUrl() . "/photo/{$hash}-0." . $Image->getExt();
 299                 $picture["preview"]   = System::baseUrl() . "/photo/{$hash}-{$smallest}." . $Image->getExt();
 300
 301                 if ($r_json) {
 302                         echo json_encode(['picture' => $picture]);
 303                         killme();
 304                 }
 305                 Logger::log("upload done", Logger::DEBUG);
 306                 return $picture;
 307         }
 308
 309         Logger::log("upload done", Logger::DEBUG);
 310
 311         if ($r_json) {
 312                 echo json_encode(['ok' => true]);
 313                 killme();
 314         }
 315
 316         echo  "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . System::baseUrl() . "/photo/{$hash}-{$smallest}.".$Image->getExt()."[/img][/url]\n\n";
 317         killme();
 318         // NOTREACHED
 319 }