show permission denied photo when direct link was accessed and authentication is...

diff --git a/images/nosign.jpg b/images/nosign.jpg
new file mode 100644 (file)
index 0000000..b736293
Binary files /dev/null and b/images/nosign.jpg differ

diff --git a/mod/photo.php b/mod/photo.php
index 7f13d1cbf83db67d765ccf3d6c527f2b81bd9c1c..2f8d180fdb9c60c1824bb84858d3068515f0ecda 100644 (file)
--- a/mod/photo.php
+++ b/mod/photo.php
@@ -108,6 +108,24 @@ function photo_init(&$a) {
                        if(count($r)) {
                                $data = $r[0]['data'];
                        }
+                       else {
+
+                               // Does the picture exist? It may be a remote person with no credentials,
+                               // but who should otherwise be able to view it. Show a default image to let 
+                               // them know permissions was denied. It may be possible to view the image 
+                               // through an authenticated profile visit.
+                               // There won't be many complete unauthorised people seeing this because
+                               // they won't have the photo link, so there's a reasonable chance that the person
+                               // might be able to obtain permission to view it.
+ 
+                               $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
+                                       dbesc($photo),
+                                       intval($resolution)
+                               );
+                               if(count($r)) {
+                                       $data = file_get_contents('images/nosign.jpg');
+                               }
+                       }
                }
        }