mod/photo.php

   1 <?php
   2
   3 require_once('include/security.php');
   4 require_once('include/Photo.php');
   5
   6 function photo_init(&$a) {
   7         global $_SERVER;
   8
   9         $prvcachecontrol = false;
  10         $file = "";
  11
  12         switch($a->argc) {
  13                 case 4:
  14                         $person = $a->argv[3];
  15                         $customres = intval($a->argv[2]);
  16                         $type = $a->argv[1];
  17                         break;
  18                 case 3:
  19                         $person = $a->argv[2];
  20                         $type = $a->argv[1];
  21                         break;
  22                 case 2:
  23                         $photo = $a->argv[1];
  24                         $file = $photo;
  25                         break;
  26                 case 1:
  27                 default:
  28                         killme();
  29                         // NOTREACHED
  30         }
  31
  32         //      strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= filemtime($localFileName)) {
  33         if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
  34                 header('HTTP/1.1 304 Not Modified');
  35                 header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
  36                 header('Etag: '.$_SERVER['HTTP_IF_NONE_MATCH']);
  37                 header("Expires: " . gmdate("D, d M Y H:i:s", time() + (31536000)) . " GMT");
  38                 header("Cache-Control: max-age=31536000");
  39                 if(function_exists('header_remove')) {
  40                         header_remove('Last-Modified');
  41                         header_remove('Expires');
  42                         header_remove('Cache-Control');
  43                 }
  44                 exit;
  45         }
  46
  47         $default = 'images/person-175.jpg';
  48
  49         if(isset($type)) {
  50
  51
  52                 /**
  53                  * Profile photos
  54                  */
  55
  56                 switch($type) {
  57
  58                         case 'profile':
  59                         case 'custom':
  60                                 $resolution = 4;
  61                                 break;
  62                         case 'micro':
  63                                 $resolution = 6;
  64                                 $default = 'images/person-48.jpg';
  65                                 break;
  66                         case 'avatar':
  67                         default:
  68                                 $resolution = 5;
  69                                 $default = 'images/person-80.jpg';
  70                                 break;
  71                 }
  72
  73                 $uid = str_replace(array('.jpg','.png'),array('',''), $person);
  74
  75                 $r = q("SELECT * FROM `photo` WHERE `scale` = %d AND `uid` = %d AND `profile` = 1 LIMIT 1",
  76                         intval($resolution),
  77                         intval($uid)
  78                 );
  79                 if(count($r)) {
  80                         $data = $r[0]['data'];
  81                         $mimetype = $r[0]['type'];
  82                 }
  83                 if(! isset($data)) {
  84                         $data = file_get_contents($default);
  85                         $mimetype = 'image/jpeg';
  86                 }
  87         }
  88         else {
  89
  90                 /**
  91                  * Other photos
  92                  */
  93
  94                 $resolution = 0;
  95                 foreach( Photo::supportedTypes() as $m=>$e){
  96                         $photo = str_replace(".$e",'',$photo);
  97                 }
  98
  99                 if(substr($photo,-2,1) == '-') {
 100                         $resolution = intval(substr($photo,-1,1));
 101                         $photo = substr($photo,0,-2);
 102                 }
 103
 104                 $r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
 105                         dbesc($photo),
 106                         intval($resolution)
 107                 );
 108                 if(count($r)) {
 109
 110                         $sql_extra = permissions_sql($r[0]['uid']);
 111
 112                         // Now we'll see if we can access the photo
 113
 114                         $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d $sql_extra LIMIT 1",
 115                                 dbesc($photo),
 116                                 intval($resolution)
 117                         );
 118
 119                         $public = ($r[0]['allow_cid'] == '') AND ($r[0]['allow_gid'] == '') AND ($r[0]['deny_cid']  == '') AND ($r[0]['deny_gid']  == '');
 120
 121                         if(count($r)) {
 122                                 $data = $r[0]['data'];
 123                                 $mimetype = $r[0]['type'];
 124                         }
 125                         else {
 126
 127                                 // Does the picture exist? It may be a remote person with no credentials,
 128                                 // but who should otherwise be able to view it. Show a default image to let
 129                                 // them know permissions was denied. It may be possible to view the image
 130                                 // through an authenticated profile visit.
 131                                 // There won't be many completely unauthorised people seeing this because
 132                                 // they won't have the photo link, so there's a reasonable chance that the person
 133                                 // might be able to obtain permission to view it.
 134
 135                                 $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
 136                                         dbesc($photo),
 137                                         intval($resolution)
 138                                 );
 139                                 if(count($r)) {
 140                                         $data = file_get_contents('images/nosign.jpg');
 141                                         $mimetype = 'image/jpeg';
 142                                         $prvcachecontrol = true;
 143                                 }
 144                         }
 145                 }
 146         }
 147
 148         if(! isset($data)) {
 149                 if(isset($resolution)) {
 150                         switch($resolution) {
 151
 152                                 case 4:
 153                                         $data = file_get_contents('images/person-175.jpg');
 154                                         $mimetype = 'image/jpeg';
 155                                         break;
 156                                 case 5:
 157                                         $data = file_get_contents('images/person-80.jpg');
 158                                         $mimetype = 'image/jpeg';
 159                                         break;
 160                                 case 6:
 161                                         $data = file_get_contents('images/person-48.jpg');
 162                                         $mimetype = 'image/jpeg';
 163                                         break;
 164                                 default:
 165                                         killme();
 166                                         // NOTREACHED
 167                                         break;
 168                         }
 169                 }
 170         }
 171
 172         // Resize only if its not a GIF
 173         if ($mime != "image/gif") {
 174                 $ph = new Photo($data, $mimetype);
 175                 if($ph->is_valid()) {
 176                         if(isset($customres) && $customres > 0 && $customres < 500) {
 177                                 $ph->scaleImageSquare($customres);
 178                         }
 179                         $data = $ph->imageString();
 180                         $mimetype = $ph->getType();
 181                 }
 182         }
 183
 184         if(function_exists('header_remove')) {
 185                 header_remove('Pragma');
 186                 header_remove('pragma');
 187         }
 188
 189         header("Content-type: ".$mimetype);
 190
 191         if($prvcachecontrol) {
 192
 193                 // it is a private photo that they have no permission to view.
 194                 // tell the browser not to cache it, in case they authenticate
 195                 // and subsequently have permission to see it
 196
 197                 header("Cache-Control: no-store, no-cache, must-revalidate");
 198
 199         }
 200         else {
 201                 header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
 202                 header('Etag: "'.md5($data).'"');
 203                 header("Expires: " . gmdate("D, d M Y H:i:s", time() + (31536000)) . " GMT");
 204                 header("Cache-Control: max-age=31536000");
 205         }
 206         echo $data;
 207
 208         // If the photo is public and there is an existing photo directory store the photo there
 209         if ($public and ($file != "")) {
 210                 // If the photo path isn't there, try to create it
 211                 if (!is_dir($_SERVER["DOCUMENT_ROOT"]."/photo"))
 212                         if (is_writable($_SERVER["DOCUMENT_ROOT"]))
 213                                 mkdir($_SERVER["DOCUMENT_ROOT"]."/photo");
 214
 215                 if (is_dir($_SERVER["DOCUMENT_ROOT"]."/photo"))
 216                         file_put_contents($_SERVER["DOCUMENT_ROOT"]."/photo/".$file, $data);
 217         }
 218
 219         killme();
 220         // NOTREACHED
 221 }