X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fphoto.php;h=a5a5a1dc174fb05ecb1a7e9bc64b527aed58b5eb;hb=969cd145ce0e717399dbfff6cbc1a45342206e1a;hp=2f8d180fdb9c60c1824bb84858d3068515f0ecda;hpb=2270e73fcd231013929d5f9e7475fc8b0d872149;p=friendica.git

diff --git a/mod/photo.php b/mod/photo.php
index 2f8d180fdb..a5a5a1dc17 100644
--- a/mod/photo.php
+++ b/mod/photo.php
@@ -1,8 +1,15 @@
 <?php
 
+require_once('include/security.php');
+
 function photo_init(&$a) {
 
 	switch($a->argc) {
+		case 4:
+			$person = $a->argv[3];
+			$customres = intval($a->argv[2]);
+			$type = $a->argv[1];
+			break;
 		case 3:
 			$person = $a->argv[2];
 			$type = $a->argv[1];
@@ -19,9 +26,15 @@ function photo_init(&$a) {
 	$default = 'images/default-profile.jpg';
 
 	if(isset($type)) {
+
+		/**
+		 * Profile photos
+		 */
+
 		switch($type) {
 
 			case 'profile':
+			case 'custom':
 				$resolution = 4;
 				break;
 			case 'micro':
@@ -50,6 +63,10 @@ function photo_init(&$a) {
 	}
 	else {
 
+		/**
+		 * Other photos
+		 */
+
 		$resolution = 0;
 		$photo = str_replace('.jpg','',$photo);
 	
@@ -64,39 +81,7 @@ function photo_init(&$a) {
 		);
 		if(count($r)) {
 			
-			$owner = $r[0]['uid'];
-
-			$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
-
-			if(local_user() && ($owner == $_SESSION['uid'])) {
-
-				// Owner can always see his/her photos
-				$sql_extra = ''; 
-
-			}
-			elseif(remote_user()) {
-
-				// authenticated visitor - here lie dragons
-
-				$groups = init_groups_visitor($_SESSION['visitor_id']);
-				$gs = '<<>>'; // should be impossible to match
-				if(count($groups)) {
-					foreach($groups as $g)
-						$gs .= '|<' . intval($g) . '>';
-				} 
-
-				$sql_extra = sprintf(
-					" AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) 
-					  AND ( `deny_cid`  = '' OR  NOT `deny_cid` REGEXP '<%d>' ) 
-					  AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
-					  AND ( `deny_gid`  = '' OR NOT `deny_gid` REGEXP '%s') ",
-
-					intval($_SESSION['visitor_id']),
-					intval($_SESSION['visitor_id']),
-					dbesc($gs),
-					dbesc($gs)
-				);
-			}
+			$sql_extra = permissions_sql($r[0]['uid']);
 
 			// Now we'll see if we can access the photo
 
@@ -114,7 +99,7 @@ function photo_init(&$a) {
 				// but who should otherwise be able to view it. Show a default image to let 
 				// them know permissions was denied. It may be possible to view the image 
 				// through an authenticated profile visit.
-				// There won't be many complete unauthorised people seeing this because
+				// There won't be many completely unauthorised people seeing this because
 				// they won't have the photo link, so there's a reasonable chance that the person
 				// might be able to obtain permission to view it.
  
@@ -134,8 +119,24 @@ function photo_init(&$a) {
 		// NOTREACHED
 	}
 
+	if(intval($customres) && $customres > 0 && $customres < 500) {
+		require_once('include/Photo.php');
+		$ph = new Photo($data);
+		if($ph->is_valid()) {
+			$ph->scaleImageSquare($customres);
+			$data = $ph->imageString();
+		}
+	}
+
+	if(function_exists('header_remove')) {
+		header_remove('Pragma');
+		header_remove('pragma');
+	}
+
 	header("Content-type: image/jpeg");
+ 	header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT");
+	header("Cache-Control: max-age=" . (3600*24));
 	echo $data;
 	killme();
 	// NOTREACHED
-}
\ No newline at end of file
+}