Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2024-12-22 22:40:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

allow community page members to upload photos and assorted other stuff which was previously restricted to the page owner

Browse source
This commit is contained in:
Friendika 2010-12-05 18:08:36 -08:00
parent e9a1abd133
commit 75306b6294
8 changed files with 240 additions and 117 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
mod/network.php
View file

@ -38,7 +38,8 @@ function network_content(&$a, $update = 0) {
$a->page['htmlhead'] .= replace_macros($tpl, array(
'$baseurl' => $a->get_baseurl(),
'$geotag' => $geotag
'$geotag' => $geotag,
'$nickname' => $a->user['nickname']
));
require_once('include/acl_selectors.php');

278
mod/photos.php
View file

@ -11,7 +11,7 @@ function photos_init(&$a) {
if($a->argc > 1) {
$nick = $a->argv[1];
$r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1",
$r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
dbesc($nick)
);
@ -43,6 +43,7 @@ function photos_init(&$a) {
$a->page['aside'] = '';
$a->page['aside'] .= $o;
}
return;
}
@ -51,28 +52,48 @@ function photos_init(&$a) {
function photos_post(&$a) {
$can_post = false;
$visitor = 0;
if(! local_user()) {
$page_owner_uid = $a->data['user']['uid'];
$community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false);
if((local_user()) && (local_user() == $page_owner_uid))
$can_post = true;
else {
if($community_page && remote_user()) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval(remote_user()),
intval($page_owner_uid)
);
if(count($r)) {
$can_post = true;
$visitor = remote_user();
}
}
}
if(! $can_post) {
notice( t('Permission denied.') . EOL );
killme();
}
$r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
WHERE `user`.`uid` = %d AND `self` = 1 LIMIT 1",
intval(local_user())
intval($page_owner_uid)
);
if(! count($r)) {
notice( t('Contact information unavailable') . EOL);
logger('photos_post: unable to locate contact record for logged in user. uid=' . local_user());
logger('photos_post: unable to locate contact record for page owner. uid=' . $page_owner_uid);
killme();
}
$contact_record = $r[0];
$owner_record = $r[0];
if(($a->argc > 2) && ($a->argv[1] === 'album')) {
$album = hex2bin($a->argv[2]);
if(($a->argc > 3) && ($a->argv[2] === 'album')) {
$album = hex2bin($a->argv[3]);
if($album == t('Profile Photos') || $album == t('Contact Photos')) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
@ -81,7 +102,7 @@ function photos_post(&$a) {
$r = q("SELECT count(*) FROM `photo` WHERE `album` = '%s' AND `uid` = %d",
dbesc($album),
intval(local_user())
intval($page_owner_uid)
);
if(! count($r)) {
notice( t('Album not found.') . EOL);
@ -94,20 +115,33 @@ function photos_post(&$a) {
q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d",
dbesc($newalbum),
dbesc($album),
intval(local_user())
intval($page_owner_uid)
);
$newurl = str_replace(bin2hex($album),bin2hex($newalbum),$_SESSION['photo_return']);
goaway($a->get_baseurl() . '/' . $newurl);
return; // NOTREACHED
}
if($_POST['dropalbum'] == t('Delete Album')) {
$res = array();
$r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `uid` = %d AND `album` = '%s'",
intval(local_user()),
dbesc($album)
);
// get the list of photos we are about to delete
if($visitor) {
$r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `album` = '%s'",
intval($visitor),
intval($page_owner_uid),
dbesc($album)
);
}
else {
$r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `uid` = %d AND `album` = '%s'",
intval(local_user()),
dbesc($album)
);
}
if(count($r)) {
foreach($r as $rr) {
$res[] = "'" . dbesc($rr['rid']) . "'" ;
@ -117,20 +151,26 @@ function photos_post(&$a) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
return; // NOTREACHED
}
$str_res = implode(',', $res);
// remove the associated photos
q("DELETE FROM `photo` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d",
intval(local_user())
intval($page_owner_uid)
);
// find and delete the corresponding item with all the comments and likes/dislikes
$r = q("SELECT `parent-uri` FROM `item` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d",
intval(local_user())
intval($page_owner_uid)
);
if(count($r)) {
foreach($r as $rr) {
q("UPDATE `item` SET `deleted` = 1, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d",
dbesc(datetime_convert()),
dbesc($rr['parent-uri']),
intval(local_user())
intval($page_owner_uid)
);
$drop_id = intval($rr['id']);
@ -149,26 +189,38 @@ function photos_post(&$a) {
return; // NOTREACHED
}
if(($a->argc > 1) && (x($_POST,'delete')) && ($_POST['delete'] == t('Delete Photo'))) {
$r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' LIMIT 1",
intval(local_user()),
dbesc($a->argv[1])
);
if(($a->argc > 2) && (x($_POST,'delete')) && ($_POST['delete'] == t('Delete Photo'))) {
// same as above but remove single photo
if($visitor) {
$r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `resource-id` = '%s' LIMIT 1",
intval($visitor),
intval($page_owner_uid),
dbesc($a->argv[2])
);
}
else {
$r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' LIMIT 1",
intval(local_user()),
dbesc($a->argv[2])
);
}
if(count($r)) {
q("DELETE FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'",
intval(local_user()),
intval($page_owner_uid),
dbesc($r[0]['resource-id'])
);
$i = q("SELECT * FROM `item` WHERE `resource-id` = '%s' AND `uid` = %d LIMIT 1",
dbesc($r[0]['resource-id']),
intval(local_user())
intval($page_owner_uid)
);
if(count($i)) {
q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d",
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc($i[0]['uri']),
intval(local_user())
intval($page_owner_uid)
);
$url = $a->get_baseurl();
@ -185,22 +237,22 @@ function photos_post(&$a) {
return; // NOTREACHED
}
if(($a->argc > 1) && ((x($_POST,'desc') !== false) || (x($_POST,'newtag') !== false))) {
if(($a->argc > 2) && ((x($_POST,'desc') !== false) || (x($_POST,'newtag') !== false))) {
$desc = ((x($_POST,'desc')) ? notags(trim($_POST['desc'])) : '');
$rawtags = ((x($_POST,'newtag')) ? notags(trim($_POST['newtag'])) : '');
$item_id = ((x($_POST,'item_id')) ? intval($_POST['item_id']) : 0);
$resource_id = $a->argv[1];
$resource_id = $a->argv[2];
$p = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ORDER BY `scale` DESC",
dbesc($resource_id),
intval(local_user())
intval($page_owner_uid)
);
if((count($p)) && ($p[0]['desc'] !== $desc)) {
$r = q("UPDATE `photo` SET `desc` = '%s' WHERE `resource-id` = '%s' AND `uid` = %d",
dbesc($desc),
dbesc($resource_id),
intval(local_user())
intval($page_owner_uid)
);
}
if(! $item_id) {
@ -209,23 +261,23 @@ function photos_post(&$a) {
$title = '';
$basename = basename($filename);
$uri = item_new_uri($a->get_hostname(),local_user());
$uri = item_new_uri($a->get_hostname(),$page_owner_uid);
$arr = array();
$arr['uid'] = local_user();
$arr['uid'] = $page_owner_uid;
$arr['uri'] = $uri;
$arr['parent-uri'] = $uri;
$arr['type'] = 'photo';
$arr['wall'] = 1;
$arr['resource-id'] = $p[0]['resource-id'];
$arr['contact-id'] = $contact_record['id'];
$arr['owner-name'] = $contact_record['name'];
$arr['owner-link'] = $contact_record['url'];
$arr['owner-avatar'] = $contact_record['thumb'];
$arr['author-name'] = $contact_record['name'];
$arr['author-link'] = $contact_record['url'];
$arr['author-avatar'] = $contact_record['thumb'];
$arr['contact-id'] = $owner_record['id'];
$arr['owner-name'] = $owner_record['name'];
$arr['owner-link'] = $owner_record['url'];
$arr['owner-avatar'] = $owner_record['thumb'];
$arr['author-name'] = $owner_record['name'];
$arr['author-link'] = $owner_record['url'];
$arr['author-avatar'] = $owner_record['thumb'];
$arr['title'] = $title;
$arr['allow_cid'] = $p[0]['allow_cid'];
$arr['allow_gid'] = $p[0]['allow_gid'];
@ -243,7 +295,7 @@ function photos_post(&$a) {
if($item_id) {
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($item_id),
intval(local_user())
intval($page_owner_uid)
);
}
if(count($r)) {
@ -292,13 +344,13 @@ function photos_post(&$a) {
$newname = str_replace('_',' ',$name);
$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
dbesc($newname),
intval(local_user())
intval($page_owner_uid)
);
}
else {
$r = q("SELECT * FROM `contact` WHERE `nick` = '%s' AND `uid` = %d LIMIT 1",
dbesc($name),
intval(local_user())
intval($page_owner_uid)
);
}
if(count($r)) {
@ -340,7 +392,7 @@ function photos_post(&$a) {
dbesc(datetime_convert()),
dbesc(datetime_convert()),
intval($item_id),
intval(local_user())
intval($page_owner_uid)
);
$best = 0;
@ -358,22 +410,22 @@ function photos_post(&$a) {
if(count($taginfo)) {
foreach($taginfo as $tagged) {
$uri = item_new_uri($a->get_hostname(),local_user());
$uri = item_new_uri($a->get_hostname(),$page_owner_uid);
$arr = array();
$arr['uid'] = local_user();
$arr['uid'] = $page_owner_uid;
$arr['uri'] = $uri;
$arr['parent-uri'] = $uri;
$arr['type'] = 'activity';
$arr['wall'] = 1;
$arr['contact-id'] = $contact_record['id'];
$arr['owner-name'] = $contact_record['name'];
$arr['owner-link'] = $contact_record['url'];
$arr['owner-avatar'] = $contact_record['thumb'];
$arr['author-name'] = $contact_record['name'];
$arr['author-link'] = $contact_record['url'];
$arr['author-avatar'] = $contact_record['thumb'];
$arr['contact-id'] = $owner_record['id'];
$arr['owner-name'] = $owner_record['name'];
$arr['owner-link'] = $owner_record['url'];
$arr['owner-avatar'] = $owner_record['thumb'];
$arr['author-name'] = $owner_record['name'];
$arr['author-link'] = $owner_record['url'];
$arr['author-avatar'] = $owner_record['thumb'];
$arr['title'] = '';
$arr['allow_cid'] = $p[0]['allow_cid'];
$arr['allow_gid'] = $p[0]['allow_gid'];
@ -387,8 +439,8 @@ function photos_post(&$a) {
$arr['tag'] = $tagged[4];
$arr['inform'] = $tagged[2];
$arr['body'] = '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]' . ' ' . t('was tagged in a') . ' ' . '[url=' . $a->get_baseurl() . '/photos/' . $contact_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . t('photo') . '[/url]' . ' ' . t('by') . ' ' . '[url=' . $contact_record['url'] . ']' . $contact_record['name'] . '[/url]' ;
$arr['body'] .= "\n\n" . '[url=' . $a->get_baseurl() . '/photos/' . $contact_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . $a->get_baseurl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.jpg' . '[/img][/url]' . "\n" ;
$arr['body'] = '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]' . ' ' . t('was tagged in a') . ' ' . '[url=' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . t('photo') . '[/url]' . ' ' . t('by') . ' ' . '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]' ;
$arr['body'] .= "\n\n" . '[url=' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . $a->get_baseurl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.jpg' . '[/img][/url]' . "\n" ;
$arr['object'] = '<object><type>' . ACTIVITY_OBJ_PERSON . '</type><title>' . $tagged[0] . '</title><id>' . $tagged[1] . '/' . $tagged[0] . '</id>';
$arr['object'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $tagged[1] . '" />' . "\n");
@ -397,8 +449,8 @@ function photos_post(&$a) {
$arr['object'] .= '</link></object>' . "\n";
$arr['target'] = '<target><type>' . ACTIVITY_OBJ_PHOTO . '</type><title>' . $p[0]['desc'] . '</title><id>'
. $a->get_baseurl() . '/photos/' . $contact_record['nickname'] . '/image/' . $p[0]['resource-id'] . '</id>';
$arr['target'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/photos/' . $contact_record['nickname'] . '/image/' . $p[0]['resource-id'] . '" />' . "\n" . '<link rel="preview" type="image/jpeg" href="' . $a->get_baseurl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.jpg' . '" />') . '</link></target>';
. $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '</id>';
$arr['target'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '" />' . "\n" . '<link rel="preview" type="image/jpeg" href="' . $a->get_baseurl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.jpg' . '" />') . '</link></target>';
$item_id = item_store($arr);
$php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php');
@ -436,7 +488,7 @@ function photos_post(&$a) {
$r = q("SELECT * FROM `photo` WHERE `album` = '%s' AND `uid` = %d",
dbesc($album),
intval(local_user())
intval($page_owner_uid)
);
if((! count($r)) || ($album == t('Profile Photos')))
$visible = 1;
@ -479,7 +531,7 @@ function photos_post(&$a) {
$photo_hash = photo_new_resource();
$r = $ph->store(local_user(), 0, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$r = $ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
if(! $r) {
notice( t('Image upload failed.') . EOL );
@ -488,37 +540,37 @@ function photos_post(&$a) {
if($width > 640 || $height > 640) {
$ph->scaleImage(640);
$ph->store(local_user(), 0, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$smallest = 1;
}
if($width > 320 || $height > 320) {
$ph->scaleImage(320);
$ph->store(local_user(), 0, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$smallest = 2;
}
$basename = basename($filename);
$uri = item_new_uri($a->get_hostname(), local_user());
$uri = item_new_uri($a->get_hostname(), $page_owner_uid);
// Create item container
$arr = array();
$arr['uid'] = local_user();
$arr['uid'] = $page_owner_uid;
$arr['uri'] = $uri;
$arr['parent-uri'] = $uri;
$arr['type'] = 'photo';
$arr['wall'] = 1;
$arr['resource-id'] = $photo_hash;
$arr['contact-id'] = $contact_record['id'];
$arr['owner-name'] = $contact_record['name'];
$arr['owner-link'] = $contact_record['url'];
$arr['owner-avatar'] = $contact_record['thumb'];
$arr['author-name'] = $contact_record['name'];
$arr['author-link'] = $contact_record['url'];
$arr['author-avatar'] = $contact_record['thumb'];
$arr['contact-id'] = $owner_record['id'];
$arr['owner-name'] = $owner_record['name'];
$arr['owner-link'] = $owner_record['url'];
$arr['owner-avatar'] = $owner_record['thumb'];
$arr['author-name'] = $owner_record['name'];
$arr['author-link'] = $owner_record['url'];
$arr['author-avatar'] = $owner_record['thumb'];
$arr['title'] = '';
$arr['allow_cid'] = $str_contact_allow;
$arr['allow_gid'] = $str_group_allow;
@ -526,7 +578,7 @@ function photos_post(&$a) {
$arr['deny_gid'] = $str_group_deny;
$arr['last-child'] = 1;
$arr['visible'] = $visible;
$arr['body'] = '[url=' . $a->get_baseurl() . '/photos/' . $contact_record['nickname'] . '/image/' . $photo_hash . ']'
$arr['body'] = '[url=' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $photo_hash . ']'
. '[img]' . $a->get_baseurl() . "/photo/{$photo_hash}-{$smallest}.jpg" . '[/img]'
. '[/url]';
@ -584,18 +636,39 @@ function photos_content(&$a) {
// Setup permissions structures
//
$owner_uid = $a->data['user']['uid'];
$contact = null;
$can_post = false;
$visitor = 0;
$contact = null;
$remote_contact = false;
if(remote_user()) {
$owner_uid = $a->data['user']['uid'];
$community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false);
dbg(1);
if((local_user()) && (local_user() == $owner_uid))
$can_post = true;
else {
if($community_page && remote_user()) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval(remote_user()),
intval($owner_uid)
);
if(count($r)) {
$can_post = true;
$contact = $r[0];
$remote_contact = true;
$visitor = remote_user();
}
}
}
// perhaps they're visiting - but not a community page, so they wouldn't have write access
if(remote_user() && (! $visitor)) {
$contact_id = $_SESSION['visitor_id'];
$groups = init_groups_visitor($contact_id);
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval(remote_user()),
intval($owner_uid)
);
if(count($r)) {
@ -611,7 +684,6 @@ function photos_content(&$a) {
}
}
// default permissions - anonymous user
$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
@ -634,8 +706,8 @@ function photos_content(&$a) {
AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ",
intval($_SESSION['visitor_id']),
intval($_SESSION['visitor_id']),
intval(remote_user()),
intval(remote_user()),
dbesc($gs),
dbesc($gs)
);
@ -647,7 +719,7 @@ function photos_content(&$a) {
if($datatype === 'upload') {
if( ! (local_user() && (local_user() == $a->data['user']['uid']))) {
if(! ($can_post)) {
notice( t('Permission denied.'));
return;
}
@ -669,20 +741,20 @@ function photos_content(&$a) {
$o .= replace_macros($tpl,array(
'$pagename' => t('Upload Photos'),
'$sessid' => session_id(),
'$nickname' => $a->data['user']['nickname'],
'$newalbum' => t('New album name: '),
'$existalbumtext' => t('or existing album name: '),
'$filestext' => t('Select files to upload: '),
'$albumselect' => $albumselect,
'$permissions' => t('Permissions'),
'$aclselect' => populate_acl($a->user, $celeb),
'$aclselect' => (($visitor) ? '' : populate_acl($a->user, $celeb)),
'$archive' => $a->get_baseurl() . '/jumploader_z.jar',
'$nojava' => t('Use the following controls only if the Java uploader [above] fails to launch.'),
'$uploadurl' => $a->get_baseurl() . '/photos',
'$uploadurl' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'],
'$submit' => t('Submit')
));
return $o;
}
if($datatype === 'album') {
@ -691,7 +763,7 @@ function photos_content(&$a) {
$r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s'
$sql_extra GROUP BY `resource-id`",
intval($a->data['user']['uid']),
intval($owner_uid),
dbesc($album)
);
if(count($r))
@ -700,7 +772,7 @@ function photos_content(&$a) {
$r = q("SELECT `resource-id`, `id`, `filename`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s'
$sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d",
intval($a->data['user']['uid']),
intval($owner_uid),
dbesc($album),
intval($a->pager['start']),
intval($a->pager['itemspage'])
@ -710,10 +782,11 @@ function photos_content(&$a) {
if($cmd === 'edit') {
if(($album != t('Profile Photos')) && ($album != t('Contact Photos'))) {
if(local_user() && (local_user() == $a->data['user']['uid'])) {
if($can_post) {
$edit_tpl = load_view_file('view/album_edit.tpl');
$o .= replace_macros($edit_tpl,array(
'$nametext' => t('New album name: '),
'$nickname' => $a->data['user']['nickname'],
'$album' => $album,
'$hexalbum' => bin2hex($album),
'$submit' => t('Submit'),
@ -724,7 +797,7 @@ function photos_content(&$a) {
}
else {
if(($album != t('Profile Photos')) && ($album != t('Contact Photos'))) {
if(local_user() && (local_user() == $a->data['user']['uid'])) {
if($can_post) {
$o .= '<div id="album-edit-link"><a href="'. $a->get_baseurl() . '/photos/'
. $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '/edit' . '">'
. t('Edit Album') . '</a></div>';
@ -759,7 +832,7 @@ function photos_content(&$a) {
$ph = q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'
$sql_extra ORDER BY `scale` ASC ",
intval($a->data['user']['uid']),
intval($owner_uid),
dbesc($datum)
);
@ -784,7 +857,7 @@ function photos_content(&$a) {
$o .= '<h3>' . '<a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($ph[0]['album']) . '">' . $ph[0]['album'] . '</a></h3>';
if(local_user() && ($ph[0]['uid'] == local_user())) {
if($can_post && ($ph[0]['uid'] == $owner_uid)) {
$o .= '<div id="photo-edit-link-wrap" ><a id="photo-edit-link" href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $datum . '/edit' . '">' . t('Edit photo') . '</a></div>';
}
@ -863,10 +936,11 @@ function photos_content(&$a) {
}
if($cmd === 'edit') {
if(($cmd === 'edit') && ($can_post)) {
$edit_tpl = load_view_file('view/photo_edit.tpl');
$o .= replace_macros($edit_tpl, array(
'$id' => $ph[0]['id'],
'$nickname' => $a->data['user']['nickname'],
'$resource_id' => $ph[0]['resource-id'],
'$capt_label' => t('Caption'),
'$caption' => $ph[0]['desc'],
@ -876,7 +950,6 @@ function photos_content(&$a) {
'$item_id' => ((count($linked_items)) ? $link_item['id'] : 0),
'$submit' => t('Submit'),
'$delete' => t('Delete Photo')
));
}
@ -890,7 +963,7 @@ function photos_content(&$a) {
$likebuttons = '';
if(can_write_wall($a,$a->data['user']['uid']))
if($can_post || can_write_wall($a,$owner_uid))
$likebuttons = replace_macros($like_tpl,array('$id' => $link_item['id']));
if(! count($r)) {
@ -898,14 +971,14 @@ function photos_content(&$a) {
$o .= $likebuttons;
$o .= '</div>';
if(can_write_wall($a,$a->data['user']['uid'])) {
if($can_post || can_write_wall($a,$owner_uid)) {
if($link_item['last-child']) {
$o .= replace_macros($cmnt_tpl,array(
'$return_path' => $return_url,
'$type' => 'wall-comment',
'$id' => $link_item['id'],
'$parent' => $link_item['id'],
'$profile_uid' => $a->data['user']['uid'],
'$profile_uid' => $owner_uid,
'$mylink' => $contact['url'],
'$mytitle' => t('This is you'),
'$myphoto' => $contact['thumb'],
@ -937,14 +1010,14 @@ function photos_content(&$a) {
if(can_write_wall($a,$a->data['user']['uid'])) {
if($can_post || can_write_wall($a,$owner_uid)) {
if($link_item['last-child']) {
$o .= replace_macros($cmnt_tpl,array(
'$return_path' => $return_url,
'$type' => 'wall-comment',
'$id' => $link_item['id'],
'$parent' => $link_item['id'],
'$profile_uid' => $a->data['user']['uid'],
'$profile_uid' => $owner_uid,
'$mylink' => $contact['url'],
'$mytitle' => t('This is you'),
'$myphoto' => $contact['thumb'],
@ -964,7 +1037,7 @@ function photos_content(&$a) {
$redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'] ;
if(can_write_wall($a,$a->data['user']['uid'])) {
if($can_post || can_write_wall($a,$owner_uid)) {
if($item['last-child']) {
$comment = replace_macros($cmnt_tpl,array(
@ -972,7 +1045,7 @@ function photos_content(&$a) {
'$type' => 'wall-comment',
'$id' => $item['item_id'],
'$parent' => $item['parent'],
'$profile_uid' => $a->data['user']['uid'],
'$profile_uid' => $owner_uid,
'$mylink' => $contact['url'],
'$mytitle' => t('This is you'),
'$myphoto' => $contact['thumb'],
@ -992,8 +1065,11 @@ function photos_content(&$a) {
$sparkle = '';
}
$profile_name = ((strlen($item['author-name'])) ? $item['author-name'] : $item['name']);
$profile_avatar = ((strlen($item['author-avatar'])) ? $item['author-avatar'] : $item['thumb']);
$diff_author = (($item['url'] !== $item['author-link']) ? true : false);
$profile_name = (((strlen($item['author-name'])) && $diff_author) ? $item['author-name'] : $item['name']);
$profile_avatar = (((strlen($item['author-avatar'])) && $diff_author) ? $item['author-avatar'] : $item['thumb']);
$profile_link = $profile_url;
$drop = '';
@ -1046,7 +1122,7 @@ function photos_content(&$a) {
$o .= '<h3>' . t('Recent Photos') . '</h3>';
if( local_user() && (local_user() == $a->data['user']['uid'])) {
if($can_post) {
$o .= '<div id="photo-top-links"><a id="photo-top-upload-link" href="'. $a->get_baseurl() . '/photos/'
. $a->data['user']['nickname'] . '/upload' . '">' . t('Upload New Photos') . '</a></div>';
}

17
mod/profile.php
View file

@ -82,7 +82,6 @@ function profile_init(&$a) {
function profile_content(&$a, $update = 0) {
require_once("include/bbcode.php");
require_once('include/security.php');
@ -124,6 +123,7 @@ function profile_content(&$a, $update = 0) {
}
$is_owner = ((local_user()) && (local_user() == $a->profile['profile_uid']) ? true : false);
if(! $update) {
if(x($_GET,'tab'))
@ -148,22 +148,27 @@ function profile_content(&$a, $update = 0) {
return $o;
}
$commpage = (($a->profile['page-flags'] == PAGE_COMMUNITY) ? true : false);
$commvisitor = (($commpage && $remote_contact == true) ? true : false);
$celeb = ((($a->profile['page-flags'] == PAGE_SOAPBOX) || ($a->profile['page-flags'] == PAGE_COMMUNITY)) ? true : false);
if(can_write_wall($a,$a->profile['profile_uid'])) {
$geotag = (($is_owner && $a->profile['allow_location']) ? load_view_file('view/jot_geotag.tpl') : '');
$geotag = ((($is_owner || $commvisitor) && $a->profile['allow_location']) ? load_view_file('view/jot_geotag.tpl') : '');
$tpl = load_view_file('view/jot-header.tpl');
$a->page['htmlhead'] .= replace_macros($tpl, array(
'$baseurl' => $a->get_baseurl(),
'$geotag' => $geotag
'$geotag' => $geotag,
'$nickname' => $a->profile['nickname']
));
require_once('include/acl_selectors.php');
$tpl = load_view_file("view/jot.tpl");
$tpl = load_view_file('view/jot.tpl');
if(is_array($a->user) && ((strlen($a->user['allow_cid'])) || (strlen($a->user['allow_gid'])) || (strlen($a->user['deny_cid'])) || (strlen($a->user['deny_gid']))))
$lockstate = 'lock';
else
@ -172,7 +177,7 @@ function profile_content(&$a, $update = 0) {
'$baseurl' => $a->get_baseurl(),
'$defloc' => (($is_owner) ? $a->user['default-location'] : ''),
'$return_path' => $a->cmd,
'$visitor' => (($is_owner) ? 'block' : 'none'),
'$visitor' => (($is_owner || $commvisitor) ? 'block' : 'none'),
'$lockstate' => $lockstate,
'$bang' => '',
'$acl' => (($is_owner) ? populate_acl($a->user, $celeb) : ''),

51
mod/wall_upload.php
View file

@ -4,8 +4,41 @@ require_once('Photo.php');
function wall_upload_post(&$a) {
if(! local_user()) {
echo ( t('Permission denied.') . EOL );
if($a->argc > 1) {
$nick = $a->argv[1];
$r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 LIMIT 1",
dbesc($nick)
);
if(! count($r))
return;
}
else
return;
$can_post = false;
$visitor = 0;
$page_owner_uid = $r[0]['uid'];
$community_page = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
if((local_user()) && (local_user() == $page_owner_uid))
$can_post = true;
else {
if($community_page && remote_user()) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval(remote_user()),
intval($page_owner_uid)
);
if(count($r)) {
$can_post = true;
$visitor = remote_user();
}
}
}
if(! $can_post) {
notice( t('Permission denied.') . EOL );
killme();
}
@ -16,6 +49,14 @@ function wall_upload_post(&$a) {
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$maximagesize = get_config('system','maximagesize');
if(($maximagesize) && ($filesize > $maximagesize)) {
notice( t('Image exceeds size limit of ') . $maximagesize . EOL);
@unlink($src);
return;
}
$imagedata = @file_get_contents($src);
$ph = new Photo($imagedata);
@ -34,7 +75,7 @@ function wall_upload_post(&$a) {
$smallest = 0;
$r = $ph->store(local_user(), 0, $hash, $filename, t('Wall Photos'), 0 );
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0 );
if(! $r) {
echo ( t('Image upload failed.') . EOL);
@ -43,14 +84,14 @@ function wall_upload_post(&$a) {
if($width > 640 || $height > 640) {
$ph->scaleImage(640);
$r = $ph->store(local_user(), 0, $hash, $filename, t('Wall Photos'), 1 );
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1 );
if($r)
$smallest = 1;
}
if($width > 320 || $height > 320) {
$ph->scaleImage(320);
$r = $ph->store(local_user(), 0, $hash, $filename, t('Wall Photos'), 2 );
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2 );
if($r)
$smallest = 2;
}

2
view/album_edit.tpl
View file

@ -1,5 +1,5 @@
<div id="photo-album-edit-wrapper">
<form name="photo-album-edit-form" id="photo-album-edit-form" action="photos/album/$hexalbum" method="post" >
<form name="photo-album-edit-form" id="photo-album-edit-form" action="photos/$nickname/album/$hexalbum" method="post" >
<label id="photo-album-edit-name-label" for="photo-album-edit-name" >$nametext</label>

2
view/en/jot-header.tpl
View file

@ -53,7 +53,7 @@ tinyMCE.init({
$(document).ready(function() {
var uploader = new window.AjaxUpload(
'wall-image-upload',
{ action: 'wall_upload',
{ action: 'wall_upload/$nickname',
name: 'userfile',
onSubmit: function(file,ext) { $('#profile-rotator').show(); },
onComplete: function(file,response) {

2
view/photo_edit.tpl
View file

@ -1,5 +1,5 @@
<form action="photos/$resource_id" method="post" id="photo_edit_form" >
<form action="photos/$nickname/$resource_id" method="post" id="photo_edit_form" >
<input type="hidden" name="item_id" value="$item_id" />

2
view/photos_upload.tpl
View file

@ -1,5 +1,5 @@
<h3>$pagename</h3>
<form action="photos" enctype="multipart/form-data" method="post" name="photos-upload-form" id="photos-upload-form" >
<form action="photos/$nickname" enctype="multipart/form-data" method="post" name="photos-upload-form" id="photos-upload-form" >
<div id="photos-upload-new-wrapper" >
<div id="photos-upload-newalbum-div">
<label id="photos-upload-newalbum-text" for="photos-upload-newalbum" >$newalbum</label>