X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fphoto.php;h=3994620f89cfcd1e3fb1253cdfa7bb9bf1290097;hb=2abcf76ec17a9a7754c399cdde9a4449308a4b02;hp=7f13d1cbf83db67d765ccf3d6c527f2b81bd9c1c;hpb=d825db36497b1af43f0f58134702665f1ac1ab55;p=friendica.git diff --git a/mod/photo.php b/mod/photo.php index 7f13d1cbf8..3994620f89 100644 --- a/mod/photo.php +++ b/mod/photo.php @@ -1,8 +1,15 @@ argc) { + case 4: + $person = $a->argv[3]; + $customres = intval($a->argv[2]); + $type = $a->argv[1]; + break; case 3: $person = $a->argv[2]; $type = $a->argv[1]; @@ -19,9 +26,15 @@ function photo_init(&$a) { $default = 'images/default-profile.jpg'; if(isset($type)) { + + /** + * Profile photos + */ + switch($type) { case 'profile': + case 'custom': $resolution = 4; break; case 'micro': @@ -50,6 +63,10 @@ function photo_init(&$a) { } else { + /** + * Other photos + */ + $resolution = 0; $photo = str_replace('.jpg','',$photo); @@ -64,39 +81,7 @@ function photo_init(&$a) { ); if(count($r)) { - $owner = $r[0]['uid']; - - $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; - - if(local_user() && ($owner == $_SESSION['uid'])) { - - // Owner can always see his/her photos - $sql_extra = ''; - - } - elseif(remote_user()) { - - // authenticated visitor - here lie dragons - - $groups = init_groups_visitor($_SESSION['visitor_id']); - $gs = '<<>>'; // should be impossible to match - if(count($groups)) { - foreach($groups as $g) - $gs .= '|<' . intval($g) . '>'; - } - - $sql_extra = sprintf( - " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) - AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) - AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) - AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", - - intval($_SESSION['visitor_id']), - intval($_SESSION['visitor_id']), - dbesc($gs), - dbesc($gs) - ); - } + $sql_extra = permissions_sql($r[0]['uid']); // Now we'll see if we can access the photo @@ -108,6 +93,24 @@ function photo_init(&$a) { if(count($r)) { $data = $r[0]['data']; } + else { + + // Does the picture exist? It may be a remote person with no credentials, + // but who should otherwise be able to view it. Show a default image to let + // them know permissions was denied. It may be possible to view the image + // through an authenticated profile visit. + // There won't be many completely unauthorised people seeing this because + // they won't have the photo link, so there's a reasonable chance that the person + // might be able to obtain permission to view it. + + $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", + dbesc($photo), + intval($resolution) + ); + if(count($r)) { + $data = file_get_contents('images/nosign.jpg'); + } + } } } @@ -116,8 +119,17 @@ function photo_init(&$a) { // NOTREACHED } + if(intval($customres) && $customres > 0 && $customres < 500) { + require_once('include/Photo.php'); + $ph = new Photo($data); + if($ph->is_valid()) { + $ph->scaleImageSquare($customres); + $data = $ph->imageString(); + } + } + header("Content-type: image/jpeg"); echo $data; killme(); // NOTREACHED -} \ No newline at end of file +}