X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fphoto.php;h=a5a5a1dc174fb05ecb1a7e9bc64b527aed58b5eb;hb=969cd145ce0e717399dbfff6cbc1a45342206e1a;hp=6174b10abe9b0d84364b9330e6f82b34d9ee14f5;hpb=04e65823d70d448400d3be7f0b3244ea8658834d;p=friendica.git diff --git a/mod/photo.php b/mod/photo.php index 6174b10abe..a5a5a1dc17 100644 --- a/mod/photo.php +++ b/mod/photo.php @@ -1,8 +1,15 @@ argc) { + case 4: + $person = $a->argv[3]; + $customres = intval($a->argv[2]); + $type = $a->argv[1]; + break; case 3: $person = $a->argv[2]; $type = $a->argv[1]; @@ -13,18 +20,31 @@ function photo_init(&$a) { case 1: default: killme(); - return; // NOTREACHED + // NOTREACHED } - if(x($type)) { + $default = 'images/default-profile.jpg'; + + if(isset($type)) { + + /** + * Profile photos + */ + switch($type) { case 'profile': + case 'custom': $resolution = 4; break; + case 'micro': + $resolution = 6; + $default = 'images/default-profile-mm.jpg'; + break; case 'avatar': default: $resolution = 5; + $default = 'images/default-profile-sm.jpg'; break; } @@ -37,14 +57,16 @@ function photo_init(&$a) { if(count($r)) { $data = $r[0]['data']; } - if(x($data) === false) { - $data = file_get_contents(($resolution == 5) - ? 'images/default-profile-sm.jpg' - : 'images/default-profile.jpg'); + if(! isset($data)) { + $data = file_get_contents($default); } } else { + /** + * Other photos + */ + $resolution = 0; $photo = str_replace('.jpg','',$photo); @@ -59,39 +81,7 @@ function photo_init(&$a) { ); if(count($r)) { - $owner = $r[0]['uid']; - - $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; - - if(local_user() && ($owner == $_SESSION['uid'])) { - - // Owner can always see his/her photos - $sql_extra = ''; - - } - elseif(remote_user()) { - - // authenticated visitor - here lie dragons - - $groups = init_groups_visitor($_SESSION['visitor_id']); - $gs = '<<>>'; // should be impossible to match - if(count($groups)) { - foreach($groups as $g) - $gs .= '|<' . intval($g) . '>'; - } - - $sql_extra = sprintf( - " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) - AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) - AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) - AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", - - intval($_SESSION['visitor_id']), - intval($_SESSION['visitor_id']), - dbesc($gs), - dbesc($gs) - ); - } + $sql_extra = permissions_sql($r[0]['uid']); // Now we'll see if we can access the photo @@ -103,19 +93,50 @@ function photo_init(&$a) { if(count($r)) { $data = $r[0]['data']; } + else { + + // Does the picture exist? It may be a remote person with no credentials, + // but who should otherwise be able to view it. Show a default image to let + // them know permissions was denied. It may be possible to view the image + // through an authenticated profile visit. + // There won't be many completely unauthorised people seeing this because + // they won't have the photo link, so there's a reasonable chance that the person + // might be able to obtain permission to view it. + + $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", + dbesc($photo), + intval($resolution) + ); + if(count($r)) { + $data = file_get_contents('images/nosign.jpg'); + } + } } } - if(x($data) === false) { + if(! isset($data)) { killme(); - return; // NOTREACHED + // NOTREACHED + } + + if(intval($customres) && $customres > 0 && $customres < 500) { + require_once('include/Photo.php'); + $ph = new Photo($data); + if($ph->is_valid()) { + $ph->scaleImageSquare($customres); + $data = $ph->imageString(); + } + } + + if(function_exists('header_remove')) { + header_remove('Pragma'); + header_remove('pragma'); } - header("Content-type: image/jpeg"); - header('Expires: ' . datetime_convert('UTC','UTC', 'now + 30 minutes', 'D, d M Y H:i:s' . ' GMT')); - header('Expires: ' . datetime_convert('UTC','UTC', 'now + 30 minutes', 'D, d M Y H:i:s' . ' GMT')); - header("Cache-Control: max-age=3600, must-revalidate"); - echo $data; + header("Content-type: image/jpeg"); + header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT"); + header("Cache-Control: max-age=" . (3600*24)); + echo $data; killme(); - return; //NOTREACHED -} \ No newline at end of file + // NOTREACHED +}