X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fphoto.php;h=a5a5a1dc174fb05ecb1a7e9bc64b527aed58b5eb;hb=edc44933a4f57c09ee1cfb93615d052a2b125d99;hp=f922c7ab26355043d01fc336c25ccf789791f1d8;hpb=c3fd5ed73202f4dd17dda87ac968b0db4f44d423;p=friendica.git

diff --git a/mod/photo.php b/mod/photo.php
old mode 100644
new mode 100755
index f922c7ab26..a5a5a1dc17
--- a/mod/photo.php
+++ b/mod/photo.php
@@ -1,8 +1,15 @@
 <?php
 
+require_once('include/security.php');
+
 function photo_init(&$a) {
 
 	switch($a->argc) {
+		case 4:
+			$person = $a->argv[3];
+			$customres = intval($a->argv[2]);
+			$type = $a->argv[1];
+			break;
 		case 3:
 			$person = $a->argv[2];
 			$type = $a->argv[1];
@@ -13,18 +20,31 @@ function photo_init(&$a) {
 		case 1:
 		default:
 			killme();
-			return; // NOTREACHED
+			// NOTREACHED
 	}
 
-	if(x($type)) {
+	$default = 'images/default-profile.jpg';
+
+	if(isset($type)) {
+
+		/**
+		 * Profile photos
+		 */
+
 		switch($type) {
 
 			case 'profile':
+			case 'custom':
 				$resolution = 4;
 				break;
+			case 'micro':
+				$resolution = 6;
+				$default = 'images/default-profile-mm.jpg';
+				break;
 			case 'avatar':
 			default:
 				$resolution = 5;
+				$default = 'images/default-profile-sm.jpg';
 				break;
 		}
 
@@ -37,13 +57,16 @@ function photo_init(&$a) {
 		if(count($r)) {
 			$data = $r[0]['data'];
 		}
-		if(x($data) === false) {
-			$data = file_get_contents(($resolution == 5) 
-				? 'images/default-profile-sm.jpg' 
-				: 'images/default-profile.jpg');
+		if(! isset($data)) {
+			$data = file_get_contents($default);
 		}
 	}
 	else {
+
+		/**
+		 * Other photos
+		 */
+
 		$resolution = 0;
 		$photo = str_replace('.jpg','',$photo);
 	
@@ -52,22 +75,68 @@ function photo_init(&$a) {
 			$photo = substr($photo,0,-2);
 		}
 
-		$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
+		$r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
 			dbesc($photo),
 			intval($resolution)
 		);
 		if(count($r)) {
-			$data = $r[0]['data'];
+			
+			$sql_extra = permissions_sql($r[0]['uid']);
+
+			// Now we'll see if we can access the photo
+
+			$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d $sql_extra LIMIT 1",
+				dbesc($photo),
+				intval($resolution)
+			);
+
+			if(count($r)) {
+				$data = $r[0]['data'];
+			}
+			else {
+
+				// Does the picture exist? It may be a remote person with no credentials,
+				// but who should otherwise be able to view it. Show a default image to let 
+				// them know permissions was denied. It may be possible to view the image 
+				// through an authenticated profile visit.
+				// There won't be many completely unauthorised people seeing this because
+				// they won't have the photo link, so there's a reasonable chance that the person
+				// might be able to obtain permission to view it.
+ 
+				$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
+					dbesc($photo),
+					intval($resolution)
+				);
+				if(count($r)) {
+					$data = file_get_contents('images/nosign.jpg');
+				}
+			}
 		}
 	}
 
-	if(x($data) === false) {
+	if(! isset($data)) {
 		killme();
-		return; // NOTREACHED
+		// NOTREACHED
+	}
+
+	if(intval($customres) && $customres > 0 && $customres < 500) {
+		require_once('include/Photo.php');
+		$ph = new Photo($data);
+		if($ph->is_valid()) {
+			$ph->scaleImageSquare($customres);
+			$data = $ph->imageString();
+		}
+	}
+
+	if(function_exists('header_remove')) {
+		header_remove('Pragma');
+		header_remove('pragma');
 	}
 
-        header("Content-type: image/jpeg");
-        echo $data;
+	header("Content-type: image/jpeg");
+ 	header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT");
+	header("Cache-Control: max-age=" . (3600*24));
+	echo $data;
 	killme();
-	return; //NOTREACHED
-}
\ No newline at end of file
+	// NOTREACHED
+}