mod/photo.php

   1 <?php
   2
   3 require_once('include/security.php');
   4
   5 function photo_init(&$a) {
   6
   7         // To-Do:
   8         // - checking with realpath
   9         // - checking permissions
  10         /*
  11         $cache = get_config('system','itemcache');
  12         if (($cache != '') and is_dir($cache)) {
  13                 $cachefile = $cache."/".$a->argc."-".$a->argv[1]."-".$a->argv[2]."-".$a->argv[3];
  14                 if (file_exists($cachefile)) {
  15                         $data = file_get_contents($cachefile);
  16
  17                         if(function_exists('header_remove')) {
  18                                 header_remove('Pragma');
  19                                 header_remove('pragma');
  20                         }
  21
  22                         header("Content-type: image/jpeg");
  23                         header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT");
  24                         header("Cache-Control: max-age=" . (3600*24));
  25                         echo $data;
  26                         killme();
  27                         // NOTREACHED
  28                 }
  29         }*/
  30
  31         switch($a->argc) {
  32                 case 4:
  33                         $person = $a->argv[3];
  34                         $customres = intval($a->argv[2]);
  35                         $type = $a->argv[1];
  36                         break;
  37                 case 3:
  38                         $person = $a->argv[2];
  39                         $type = $a->argv[1];
  40                         break;
  41                 case 2:
  42                         $photo = $a->argv[1];
  43                         break;
  44                 case 1:
  45                 default:
  46                         killme();
  47                         // NOTREACHED
  48         }
  49
  50         $default = 'images/person-175.jpg';
  51
  52         if(isset($type)) {
  53
  54
  55                 /**
  56                  * Profile photos
  57                  */
  58
  59                 switch($type) {
  60
  61                         case 'profile':
  62                         case 'custom':
  63                                 $resolution = 4;
  64                                 break;
  65                         case 'micro':
  66                                 $resolution = 6;
  67                                 $default = 'images/person-48.jpg';
  68                                 break;
  69                         case 'avatar':
  70                         default:
  71                                 $resolution = 5;
  72                                 $default = 'images/person-80.jpg';
  73                                 break;
  74                 }
  75
  76                 $uid = str_replace('.jpg', '', $person);
  77
  78                 $r = q("SELECT * FROM `photo` WHERE `scale` = %d AND `uid` = %d AND `profile` = 1 LIMIT 1",
  79                         intval($resolution),
  80                         intval($uid)
  81                 );
  82                 if(count($r)) {
  83                         $data = $r[0]['data'];
  84                 }
  85                 if(! isset($data)) {
  86                         $data = file_get_contents($default);
  87                 }
  88         }
  89         else {
  90
  91                 /**
  92                  * Other photos
  93                  */
  94
  95                 $resolution = 0;
  96                 $photo = str_replace('.jpg','',$photo);
  97
  98                 if(substr($photo,-2,1) == '-') {
  99                         $resolution = intval(substr($photo,-1,1));
 100                         $photo = substr($photo,0,-2);
 101                 }
 102
 103                 $r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
 104                         dbesc($photo),
 105                         intval($resolution)
 106                 );
 107                 if(count($r)) {
 108
 109                         $sql_extra = permissions_sql($r[0]['uid']);
 110
 111                         // Now we'll see if we can access the photo
 112
 113                         $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d $sql_extra LIMIT 1",
 114                                 dbesc($photo),
 115                                 intval($resolution)
 116                         );
 117
 118                         if(count($r)) {
 119                                 $data = $r[0]['data'];
 120                         }
 121                         else {
 122
 123                                 // Does the picture exist? It may be a remote person with no credentials,
 124                                 // but who should otherwise be able to view it. Show a default image to let
 125                                 // them know permissions was denied. It may be possible to view the image
 126                                 // through an authenticated profile visit.
 127                                 // There won't be many completely unauthorised people seeing this because
 128                                 // they won't have the photo link, so there's a reasonable chance that the person
 129                                 // might be able to obtain permission to view it.
 130
 131                                 $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
 132                                         dbesc($photo),
 133                                         intval($resolution)
 134                                 );
 135                                 if(count($r)) {
 136                                         $data = file_get_contents('images/nosign.jpg');
 137                                 }
 138                         }
 139                 }
 140         }
 141
 142         if(! isset($data)) {
 143                 if(isset($resolution)) {
 144                         switch($resolution) {
 145
 146                                 case 4:
 147                                         $data = file_get_contents('images/person-175.jpg');
 148                                         break;
 149                                 case 5:
 150                                         $data = file_get_contents('images/person-80.jpg');
 151                                         break;
 152                                 case 6:
 153                                         $data = file_get_contents('images/person-48.jpg');
 154                                         break;
 155                                 default:
 156                                         killme();
 157                                         // NOTREACHED
 158                                         break;
 159                         }
 160                 }
 161         }
 162
 163         if(isset($customres) && $customres > 0 && $customres < 500) {
 164                 require_once('include/Photo.php');
 165                 $ph = new Photo($data);
 166                 if($ph->is_valid()) {
 167                         $ph->scaleImageSquare($customres);
 168                         $data = $ph->imageString();
 169                 }
 170         }
 171
 172         // Writing in cachefile
 173         if (isset($cachefile) && $cachefile != '')
 174                 file_put_contents($cachefile, $data);
 175
 176         if(function_exists('header_remove')) {
 177                 header_remove('Pragma');
 178                 header_remove('pragma');
 179         }
 180
 181         header("Content-type: image/jpeg");
 182         header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT");
 183         header("Cache-Control: max-age=" . (3600*24));
 184         echo $data;
 185         killme();
 186         // NOTREACHED
 187 }