- /**
- * @brief upload a new photo or change an existing photo
- *
- * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
- * @return string
- */
- function api_fr_photo_create_update($type) {
- if (api_user() === false) {
- throw new ForbiddenException();
- }
- // input params
- $photo_id = (x($_REQUEST, 'photo_id') ? $_REQUEST['photo_id'] : null);
- $desc = (x($_REQUEST, 'desc') ? $_REQUEST['desc'] : (array_key_exists('desc', $_REQUEST) ? "" : null)); // extra check necessary to distinguish between 'not provided' and 'empty string'
- $album = (x($_REQUEST,'album') ? $_REQUEST['album'] : null);
- $album_new = (x($_REQUEST,'album_new') ? $_REQUEST['album_new'] : null);
- $allow_cid = (x($_REQUEST, 'allow_cid') ? $_REQUEST['allow_cid'] : (array_key_exists('allow_cid', $_REQUEST) ? " " : null));
- $deny_cid = (x($_REQUEST, 'deny_cid') ? $_REQUEST['deny_cid'] : (array_key_exists('deny_cid', $_REQUEST) ? " " : null));
- $allow_gid = (x($_REQUEST, 'allow_gid') ? $_REQUEST['allow_gid'] : (array_key_exists('allow_gid', $_REQUEST) ? " " : null));
- $deny_gid = (x($_REQUEST, 'deny_gid') ? $_REQUEST['deny_gid'] : (array_key_exists('deny_gid', $_REQUEST) ? " " : null));
- $visibility = (x($_REQUEST, 'visibility') ? (($_REQUEST['visibility'] == "true" || $_REQUEST['visibility'] == 1) ? true : false) : false);
-
- // do several checks on input parameters
- // we do not allow calls without album string
- if ($album == null) {
- throw new BadRequestException("no albumname specified");
- }
- // if photo_id == null --> we are uploading a new photo
- if ($photo_id == null) {
- $mode = "create";
-
- // error if no media posted in create-mode
- if (!x($_FILES,'media')) {
- // Output error
- throw new BadRequestException("no media data submitted");
- }
-
- // album_new will be ignored in create-mode
- $album_new = "";
- } else {
- $mode = "update";
-
- // check if photo is existing in database
- $r = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' AND `album` = '%s'",
- intval(api_user()),
- dbesc($photo_id),
- dbesc($album));
- if (!dbm::is_result($r)) {
- throw new BadRequestException("photo not available");
- }
- }
-
- // checks on acl strings provided by clients
- $acl_input_error = false;
- $acl_input_error |= check_acl_input($allow_cid);
- $acl_input_error |= check_acl_input($deny_cid);
- $acl_input_error |= check_acl_input($allow_gid);
- $acl_input_error |= check_acl_input($deny_gid);
- if ($acl_input_error) {
- throw new BadRequestException("acl data invalid");
- }
- // now let's upload the new media in create-mode
- if ($mode == "create") {
- $media = $_FILES['media'];
- $data = save_media_to_database("photo", $media, $type, $album, trim($allow_cid), trim($deny_cid), trim($allow_gid), trim($deny_gid), $desc, $visibility);
-
- // return success of updating or error message
- if (!is_null($data)) {
- return api_format_data("photo_create", $type, $data);
- } else {
- throw new InternalServerErrorException("unknown error - uploading photo failed, see Friendica log for more information");
- }
- }
-
- // now let's do the changes in update-mode
- if ($mode == "update") {
- $sql_extra = "";
-
- if (!is_null($desc)) {
- $sql_extra .= (($sql_extra != "") ? " ," : "") . "`desc` = '$desc'";
- }
-
- if (!is_null($album_new)) {
- $sql_extra .= (($sql_extra != "") ? " ," : "") . "`album` = '$album_new'";
- }
-
- if (!is_null($allow_cid)) {
- $allow_cid = trim($allow_cid);
- $sql_extra .= (($sql_extra != "") ? " ," : "") . "`allow_cid` = '$allow_cid'";
- }
-
- if (!is_null($deny_cid)) {
- $deny_cid = trim($deny_cid);
- $sql_extra .= (($sql_extra != "") ? " ," : "") . "`deny_cid` = '$deny_cid'";
- }
-
- if (!is_null($allow_gid)) {
- $allow_gid = trim($allow_gid);
- $sql_extra .= (($sql_extra != "") ? " ," : "") . "`allow_gid` = '$allow_gid'";
- }
-
- if (!is_null($deny_gid)) {
- $deny_gid = trim($deny_gid);
- $sql_extra .= (($sql_extra != "") ? " ," : "") . "`deny_gid` = '$deny_gid'";
- }
-
- $result = false;
- if ($sql_extra != "") {
- $nothingtodo = false;
- $result = q("UPDATE `photo` SET %s, `edited`='%s' WHERE `uid` = %d AND `resource-id` = '%s' AND `album` = '%s'",
- $sql_extra,
- datetime_convert(), // update edited timestamp
- intval(api_user()),
- dbesc($photo_id),
- dbesc($album));
- } else {
- $nothingtodo = true;
- }