X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fphoto.php;h=dee483d835bbda6479376d21a0c5a603f9cf29b1;hb=d0775be2e28db6a0418e0065f501f1665a05724c;hp=653ca81c27ede3eae17f6633de6232dcdd73ddd7;hpb=06bdf8a4cfe9087573494c0b782a33d1e28ac043;p=friendica.git diff --git a/mod/photo.php b/mod/photo.php index 653ca81c27..dee483d835 100644 --- a/mod/photo.php +++ b/mod/photo.php @@ -1,8 +1,42 @@ argc."-".$a->argv[1]."-".$a->argv[2]."-".$a->argv[3]; + if (file_exists($cachefile)) { + $data = file_get_contents($cachefile); + + if(function_exists('header_remove')) { + header_remove('Pragma'); + header_remove('pragma'); + } + + header("Content-type: image/jpeg"); + header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT"); + header("Cache-Control: max-age=" . (3600*24)); + echo $data; + killme(); + // NOTREACHED + } + }*/ + + $prvcachecontrol = false; + switch($a->argc) { + case 4: + $person = $a->argv[3]; + $customres = intval($a->argv[2]); + $type = $a->argv[1]; + break; case 3: $person = $a->argv[2]; $type = $a->argv[1]; @@ -13,22 +47,36 @@ function photo_init(&$a) { case 1: default: killme(); - return; // NOTREACHED + // NOTREACHED } - if(x($type)) { + $default = 'images/person-175.jpg'; + + if(isset($type)) { + + + /** + * Profile photos + */ + switch($type) { case 'profile': + case 'custom': $resolution = 4; break; + case 'micro': + $resolution = 6; + $default = 'images/person-48.jpg'; + break; case 'avatar': default: $resolution = 5; + $default = 'images/person-80.jpg'; break; } - $uid = str_replace('.jpg', '', $person); + $uid = str_replace(array('.jpg','.png'),array('',''), $person); $r = q("SELECT * FROM `photo` WHERE `scale` = %d AND `uid` = %d AND `profile` = 1 LIMIT 1", intval($resolution), @@ -36,17 +84,23 @@ function photo_init(&$a) { ); if(count($r)) { $data = $r[0]['data']; + $mimetype = $r[0]['type']; } - if(x($data) === false) { - $data = file_get_contents(($resolution == 5) - ? 'images/default-profile-sm.jpg' - : 'images/default-profile.jpg'); + if(! isset($data)) { + $data = file_get_contents($default); + $mimetype = 'image/jpeg'; } } else { + /** + * Other photos + */ + $resolution = 0; - $photo = str_replace('.jpg','',$photo); + foreach( Photo::supportedTypes() as $m=>$e){ + $photo = str_replace(".$e",'',$photo); + } if(substr($photo,-2,1) == '-') { $resolution = intval(substr($photo,-1,1)); @@ -59,39 +113,7 @@ function photo_init(&$a) { ); if(count($r)) { - $owner = $r[0]['uid']; - - $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; - - if(local_user() && ($owner == $_SESSION['uid'])) { - - // Owner can always see his/her photos - $sql_extra = ''; - - } - elseif(remote_user()) { - - // authenticated visitor - here lie dragons - - $groups = init_groups_visitor($_SESSION['visitor_id']); - $gs = '<<>>'; // should be impossible to match - if(count($groups)) { - foreach($groups as $g) - $gs .= '|<' . intval($g) . '>'; - } - - $sql_extra = sprintf( - " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) - AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) - AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) - AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", - - intval($_SESSION['visitor_id']), - intval($_SESSION['visitor_id']), - dbesc($gs), - dbesc($gs) - ); - } + $sql_extra = permissions_sql($r[0]['uid']); // Now we'll see if we can access the photo @@ -102,19 +124,91 @@ function photo_init(&$a) { if(count($r)) { $data = $r[0]['data']; + $mimetype = $r[0]['type']; + } + else { + + // Does the picture exist? It may be a remote person with no credentials, + // but who should otherwise be able to view it. Show a default image to let + // them know permissions was denied. It may be possible to view the image + // through an authenticated profile visit. + // There won't be many completely unauthorised people seeing this because + // they won't have the photo link, so there's a reasonable chance that the person + // might be able to obtain permission to view it. + + $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", + dbesc($photo), + intval($resolution) + ); + if(count($r)) { + $data = file_get_contents('images/nosign.jpg'); + $mimetype = 'image/jpeg'; + $prvcachecontrol = true; + } } } } - if(x($data) === false) { - killme(); - return; // NOTREACHED + if(! isset($data)) { + if(isset($resolution)) { + switch($resolution) { + + case 4: + $data = file_get_contents('images/person-175.jpg'); + $mimetype = 'image/jpeg'; + break; + case 5: + $data = file_get_contents('images/person-80.jpg'); + $mimetype = 'image/jpeg'; + break; + case 6: + $data = file_get_contents('images/person-48.jpg'); + $mimetype = 'image/jpeg'; + break; + default: + killme(); + // NOTREACHED + break; + } + } } - header("Content-type: image/jpeg"); - header('Expires: ' . datetime_convert('UTC','UTC', 'now + 3 months', 'D, d M Y H:i:s' . ' GMT')); -// header("Cache-Control: max-age=36000, only-if-cached"); - echo $data; + if(isset($customres) && $customres > 0 && $customres < 500) { + $ph = new Photo($data, $mimetype); + if($ph->is_valid()) { + $ph->scaleImageSquare($customres); + $data = $ph->imageString(); + $mimetype = $ph->getType(); + } + } + + // Writing in cachefile + if (isset($cachefile) && $cachefile != '') + file_put_contents($cachefile, $data); + + if(function_exists('header_remove')) { + header_remove('Pragma'); + header_remove('pragma'); + } + + header("Content-type: ".$mimetype); + + if($prvcachecontrol) { + + // it is a private photo that they have no permission to view. + // tell the browser not to cache it, in case they authenticate + // and subsequently have permission to see it + + header("Cache-Control: no-store, no-cache, must-revalidate"); + + } + else { + + header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT"); + header("Cache-Control: max-age=" . (3600*24)); + + } + echo $data; killme(); - return; //NOTREACHED -} \ No newline at end of file + // NOTREACHED +}