X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fphoto.php;h=c4a93769af8d99a0944c5a1186e053a1507137c3;hb=5fc3c3ab854d1e2100fc5fdeb82298c60e320c92;hp=d4abb041a0db95981aa7d31852880437ee2b0990;hpb=b94cb8d234d70bc534ad1cef767b9f62d10eef26;p=friendica.git diff --git a/mod/photo.php b/mod/photo.php old mode 100644 new mode 100755 index d4abb041a0..c4a93769af --- a/mod/photo.php +++ b/mod/photo.php @@ -1,8 +1,15 @@ argc) { + case 4: + $person = $a->argv[3]; + $customres = intval($a->argv[2]); + $type = $a->argv[1]; + break; case 3: $person = $a->argv[2]; $type = $a->argv[1]; @@ -13,15 +20,21 @@ function photo_init(&$a) { case 1: default: killme(); - return; // NOTREACHED + // NOTREACHED } $default = 'images/default-profile.jpg'; if(isset($type)) { + + /** + * Profile photos + */ + switch($type) { case 'profile': + case 'custom': $resolution = 4; break; case 'micro': @@ -50,6 +63,10 @@ function photo_init(&$a) { } else { + /** + * Other photos + */ + $resolution = 0; $photo = str_replace('.jpg','',$photo); @@ -64,39 +81,7 @@ function photo_init(&$a) { ); if(count($r)) { - $owner = $r[0]['uid']; - - $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; - - if(local_user() && ($owner == $_SESSION['uid'])) { - - // Owner can always see his/her photos - $sql_extra = ''; - - } - elseif(remote_user()) { - - // authenticated visitor - here lie dragons - - $groups = init_groups_visitor($_SESSION['visitor_id']); - $gs = '<<>>'; // should be impossible to match - if(count($groups)) { - foreach($groups as $g) - $gs .= '|<' . intval($g) . '>'; - } - - $sql_extra = sprintf( - " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) - AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) - AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) - AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", - - intval($_SESSION['visitor_id']), - intval($_SESSION['visitor_id']), - dbesc($gs), - dbesc($gs) - ); - } + $sql_extra = permissions_sql($r[0]['uid']); // Now we'll see if we can access the photo @@ -108,18 +93,50 @@ function photo_init(&$a) { if(count($r)) { $data = $r[0]['data']; } + else { + + // Does the picture exist? It may be a remote person with no credentials, + // but who should otherwise be able to view it. Show a default image to let + // them know permissions was denied. It may be possible to view the image + // through an authenticated profile visit. + // There won't be many completely unauthorised people seeing this because + // they won't have the photo link, so there's a reasonable chance that the person + // might be able to obtain permission to view it. + + $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", + dbesc($photo), + intval($resolution) + ); + if(count($r)) { + $data = file_get_contents('images/nosign.jpg'); + } + } } } - if(x($data) === false) { + if(! isset($data)) { killme(); - return; // NOTREACHED + // NOTREACHED + } + + if(isset($customres) && $customres > 0 && $customres < 500) { + require_once('include/Photo.php'); + $ph = new Photo($data); + if($ph->is_valid()) { + $ph->scaleImageSquare($customres); + $data = $ph->imageString(); + } + } + + if(function_exists('header_remove')) { + header_remove('Pragma'); + header_remove('pragma'); } - header("Content-type: image/jpeg"); - header('Expires: ' . datetime_convert('UTC','UTC', 'now + 3 months', 'D, d M Y H:i:s' . ' GMT')); -// header("Cache-Control: max-age=36000, only-if-cached"); - echo $data; + header("Content-type: image/jpeg"); + header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT"); + header("Cache-Control: max-age=" . (3600*24)); + echo $data; killme(); - return; //NOTREACHED -} \ No newline at end of file + // NOTREACHED +}