2010-07-01 23:48:07 +00:00
< ? php
2014-04-15 22:40:01 +00:00
/* @ file profile_photo . php
@ brief Module - file with functions for handling of profile - photos
*/
2013-04-26 03:01:24 +00:00
require_once ( 'include/photo/photo_driver.php' );
2010-07-01 23:48:07 +00:00
2014-04-15 22:40:01 +00:00
/* @ brief Function for sync ' ing permissions of profile - photos and their profile
*
* @ param $profileid The id number of the profile to sync
* @ return void
*/
2014-04-19 22:31:18 +00:00
function profile_photo_set_profile_perms ( $profileid = '' ) {
2014-04-13 22:45:24 +00:00
$allowcid = '' ;
2014-04-15 22:40:01 +00:00
if ( x ( $profileid )) {
2014-04-13 22:45:24 +00:00
2014-04-19 22:58:26 +00:00
$r = q ( " SELECT photo, profile_guid, id, is_default, uid FROM profile WHERE profile.id = %d OR profile.profile_guid = '%s' LIMIT 1 " , intval ( $profileid ), dbesc ( $profileid ));
2014-04-13 22:45:24 +00:00
2014-04-19 22:31:18 +00:00
} else {
2015-01-29 04:56:04 +00:00
logger ( 'Resetting permissions on default-profile-photo for user' . local_channel ());
$r = q ( " SELECT photo, profile_guid, id, is_default, uid FROM profile WHERE profile.uid = %d AND is_default = 1 LIMIT 1 " , intval ( local_channel ()) ); //If no profile is given, we update the default profile
2014-04-19 22:31:18 +00:00
}
$profile = $r [ 0 ];
if ( x ( $profile [ 'id' ]) && x ( $profile [ 'photo' ])) {
preg_match ( " @ \ w*(?=- \ d* $ )@i " , $profile [ 'photo' ], $resource_id );
$resource_id = $resource_id [ 0 ];
if ( intval ( $profile [ 'is_default' ]) != 1 ) {
2015-01-29 04:56:04 +00:00
$r0 = q ( " SELECT channel_hash FROM channel WHERE channel_id = %d LIMIT 1 " , intval ( local_channel ()) );
2014-11-21 23:33:21 +00:00
$r1 = q ( " SELECT abook.abook_xchan FROM abook WHERE abook_profile = '%d' " , intval ( $profile [ 'id' ])); //Should not be needed in future. Catches old int-profile-ids.
2014-04-13 22:45:24 +00:00
$r2 = q ( " SELECT abook.abook_xchan FROM abook WHERE abook_profile = '%s' " , dbesc ( $profile [ 'profile_guid' ]));
2014-04-19 22:31:18 +00:00
$allowcid = " < " . $r0 [ 0 ][ 'channel_hash' ] . " > " ;
2014-04-13 22:45:24 +00:00
foreach ( $r1 as $entry ) {
$allowcid .= " < " . $entry [ 'abook_xchan' ] . " > " ;
}
foreach ( $r2 as $entry ) {
2014-04-19 22:31:18 +00:00
$allowcid .= " < " . $entry [ 'abook_xchan' ] . " > " ;
}
q ( " UPDATE `photo` SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d " , dbesc ( $allowcid ), dbesc ( $resource_id ), intval ( $profile [ 'uid' ]));
} else {
q ( " UPDATE `photo` SET allow_cid = '' WHERE profile = 1 AND uid = %d " , intval ( $profile [ 'uid' ])); //Reset permissions on default profile picture to public
2014-04-13 22:45:24 +00:00
}
}
2014-04-19 22:31:18 +00:00
2014-04-13 22:45:24 +00:00
return ;
}
2014-04-19 22:58:26 +00:00
/* @ brief Initalize the profile - photo edit view
*
* @ param $a Current application
* @ return void
*
*/
2010-07-01 23:48:07 +00:00
function profile_photo_init ( & $a ) {
2015-01-29 04:56:04 +00:00
if ( ! local_channel ()) {
2010-07-01 23:48:07 +00:00
return ;
}
2010-08-03 03:21:21 +00:00
2012-09-26 00:57:20 +00:00
$channel = $a -> get_channel ();
profile_load ( $a , $channel [ 'channel_address' ]);
2010-08-03 03:21:21 +00:00
2010-07-01 23:48:07 +00:00
}
2014-04-19 22:58:26 +00:00
/* @ brief Evaluate posted values
*
* @ param $a Current application
* @ return void
*
*/
2010-07-01 23:48:07 +00:00
function profile_photo_post ( & $a ) {
2015-01-29 04:56:04 +00:00
if ( ! local_channel ()) {
2012-03-12 20:17:37 +00:00
return ;
}
check_form_security_token_redirectOnErr ( '/profile_photo' , 'profile_photo' );
2010-07-20 02:09:58 +00:00
if (( x ( $_POST , 'cropfinal' )) && ( $_POST [ 'cropfinal' ] == 1 )) {
2010-07-01 23:48:07 +00:00
2012-07-17 23:02:16 +00:00
// unless proven otherwise
$is_default_profile = 1 ;
if ( $_REQUEST [ 'profile' ]) {
2013-02-12 10:02:35 +00:00
$r = q ( " select id, is_default from profile where id = %d and uid = %d limit 1 " ,
2012-07-17 23:02:16 +00:00
intval ( $_REQUEST [ 'profile' ]),
2015-01-29 04:56:04 +00:00
intval ( local_channel ())
2012-07-17 23:02:16 +00:00
);
2013-12-06 02:17:16 +00:00
if (( $r ) && ( ! intval ( $r [ 0 ][ 'is_default' ])))
2012-07-17 23:02:16 +00:00
$is_default_profile = 0 ;
}
2010-07-01 23:48:07 +00:00
// phase 2 - we have finished cropping
2010-07-20 02:09:58 +00:00
2013-02-06 04:14:19 +00:00
if ( argc () != 2 ) {
2010-08-03 03:21:21 +00:00
notice ( t ( 'Image uploaded but image cropping failed.' ) . EOL );
2010-07-01 23:48:07 +00:00
return ;
}
2010-07-20 02:09:58 +00:00
2013-02-06 04:14:19 +00:00
$image_id = argv ( 1 );
2010-07-20 02:09:58 +00:00
2010-07-01 23:48:07 +00:00
if ( substr ( $image_id , - 2 , 1 ) == '-' ) {
$scale = substr ( $image_id , - 1 , 1 );
$image_id = substr ( $image_id , 0 , - 2 );
}
$srcX = $_POST [ 'xstart' ];
$srcY = $_POST [ 'ystart' ];
$srcW = $_POST [ 'xfinal' ] - $srcX ;
$srcH = $_POST [ 'yfinal' ] - $srcY ;
2010-11-10 02:24:35 +00:00
2013-02-06 04:14:19 +00:00
$r = q ( " SELECT * FROM photo WHERE resource_id = '%s' AND uid = %d AND scale = %d LIMIT 1 " ,
2010-07-01 23:48:07 +00:00
dbesc ( $image_id ),
2015-01-29 04:56:04 +00:00
dbesc ( local_channel ()),
2010-07-01 23:48:07 +00:00
intval ( $scale ));
2010-07-20 02:09:58 +00:00
2013-02-06 04:14:19 +00:00
if ( $r ) {
2010-07-20 02:09:58 +00:00
$base_image = $r [ 0 ];
2015-01-10 19:08:37 +00:00
$base_image [ 'data' ] = dbunescbin ( $base_image [ 'data' ]);
2012-10-24 06:37:15 +00:00
2013-04-26 03:01:24 +00:00
$im = photo_factory ( $base_image [ 'data' ], $base_image [ 'type' ]);
2010-10-04 23:04:52 +00:00
if ( $im -> is_valid ()) {
2013-02-06 04:14:19 +00:00
2010-10-04 23:04:52 +00:00
$im -> cropImage ( 175 , $srcX , $srcY , $srcW , $srcH );
2013-02-06 04:14:19 +00:00
2013-01-23 01:48:42 +00:00
$aid = get_account_id ();
2010-07-01 23:48:07 +00:00
2015-01-29 04:56:04 +00:00
$p = array ( 'aid' => $aid , 'uid' => local_channel (), 'resource_id' => $base_image [ 'resource_id' ],
2013-08-07 08:42:45 +00:00
'filename' => $base_image [ 'filename' ], 'album' => t ( 'Profile Photos' ));
$p [ 'scale' ] = 4 ;
$p [ 'photo_flags' ] = (( $is_default_profile ) ? PHOTO_PROFILE : PHOTO_NORMAL );
$r1 = $im -> save ( $p );
2010-07-20 02:09:58 +00:00
2010-10-04 23:04:52 +00:00
$im -> scaleImage ( 80 );
2013-08-07 08:42:45 +00:00
$p [ 'scale' ] = 5 ;
2010-07-20 02:09:58 +00:00
2013-08-07 08:42:45 +00:00
$r2 = $im -> save ( $p );
2010-07-20 02:09:58 +00:00
2010-11-05 06:50:32 +00:00
$im -> scaleImage ( 48 );
2013-08-07 08:42:45 +00:00
$p [ 'scale' ] = 6 ;
2010-11-05 06:50:32 +00:00
2013-08-07 08:42:45 +00:00
$r3 = $im -> save ( $p );
2010-11-05 06:50:32 +00:00
2013-02-06 04:14:19 +00:00
if ( $r1 === false || $r2 === false || $r3 === false ) {
// if one failed, delete them all so we can start over.
notice ( t ( 'Image resize failed.' ) . EOL );
$x = q ( " delete from photo where resource_id = '%s' and uid = %d and scale >= 4 " ,
dbesc ( $base_image [ 'resource_id' ]),
2015-01-29 04:56:04 +00:00
local_channel ()
2013-02-06 04:14:19 +00:00
);
return ;
}
2010-11-05 06:50:32 +00:00
2012-07-17 23:02:16 +00:00
// If setting for the default profile, unset the profile photo flag from any other photos I own
if ( $is_default_profile ) {
2013-02-12 10:02:35 +00:00
$r = q ( " UPDATE photo SET profile = 0 WHERE profile = 1 AND resource_id != '%s' AND `uid` = %d " ,
2012-10-02 01:02:11 +00:00
dbesc ( $base_image [ 'resource_id' ]),
2015-01-29 04:56:04 +00:00
intval ( local_channel ())
2012-07-17 23:02:16 +00:00
);
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
$r = q ( " UPDATE photo SET photo_flags = ( photo_flags & ~%d ) WHERE ( photo_flags & %d )>0
2013-08-07 08:42:45 +00:00
AND resource_id != '%s' AND `uid` = % d " ,
intval ( PHOTO_PROFILE ),
intval ( PHOTO_PROFILE ),
dbesc ( $base_image [ 'resource_id' ]),
2015-01-29 04:56:04 +00:00
intval ( local_channel ())
2013-08-07 08:42:45 +00:00
);
2012-07-17 23:02:16 +00:00
}
else {
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
$r = q ( " update profile set photo = '%s', thumb = '%s' where id = %d and uid = %d " ,
2012-10-02 01:02:11 +00:00
dbesc ( $a -> get_baseurl () . '/photo/' . $base_image [ 'resource_id' ] . '-4' ),
dbesc ( $a -> get_baseurl () . '/photo/' . $base_image [ 'resource_id' ] . '-5' ),
2012-07-17 23:02:16 +00:00
intval ( $_REQUEST [ 'profile' ]),
2015-01-29 04:56:04 +00:00
intval ( local_channel ())
2012-07-17 23:02:16 +00:00
);
}
2012-10-24 06:37:15 +00:00
// We'll set the updated profile-photo timestamp even if it isn't the default profile,
2012-07-17 23:02:16 +00:00
// so that browsers will do a cache update unconditionally
2010-10-04 23:04:52 +00:00
2012-10-24 06:37:15 +00:00
$channel = $a -> get_channel ();
$r = q ( " UPDATE xchan set xchan_photo_mimetype = '%s', xchan_photo_date = '%s'
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
where xchan_hash = '%s' " ,
2012-10-24 06:37:15 +00:00
dbesc ( $im -> getType ()),
2010-10-04 23:04:52 +00:00
dbesc ( datetime_convert ()),
2012-10-24 06:37:15 +00:00
dbesc ( $channel [ 'xchan_hash' ])
2010-10-04 23:04:52 +00:00
);
2011-11-12 21:47:51 +00:00
info ( t ( 'Shift-reload the page or clear browser cache if the new photo does not display immediately.' ) . EOL );
2011-10-20 12:43:33 +00:00
2013-02-12 10:02:35 +00:00
// Update directory in background
proc_run ( 'php' , " include/directory.php " , $channel [ 'channel_id' ]);
2014-04-13 22:45:24 +00:00
// Now copy profile-permissions to pictures, to prevent privacyleaks by automatically created folder 'Profile Pictures'
profile_photo_set_profile_perms ( $_REQUEST [ 'profile' ]);
2010-10-04 23:04:52 +00:00
}
else
notice ( t ( 'Unable to process image' ) . EOL );
2010-07-01 23:48:07 +00:00
}
2010-11-10 02:24:35 +00:00
2010-07-01 23:48:07 +00:00
goaway ( $a -> get_baseurl () . '/profiles' );
2010-07-20 02:09:58 +00:00
return ; // NOTREACHED
2010-07-01 23:48:07 +00:00
}
$src = $_FILES [ 'userfile' ][ 'tmp_name' ];
$filename = basename ( $_FILES [ 'userfile' ][ 'name' ]);
$filesize = intval ( $_FILES [ 'userfile' ][ 'size' ]);
2012-06-07 15:42:13 +00:00
$filetype = $_FILES [ 'userfile' ][ 'type' ];
2012-06-07 18:17:31 +00:00
if ( $filetype == " " ) $filetype = guess_image_type ( $filename );
2010-11-10 02:24:35 +00:00
$maximagesize = get_config ( 'system' , 'maximagesize' );
if (( $maximagesize ) && ( $filesize > $maximagesize )) {
2011-03-10 23:22:21 +00:00
notice ( sprintf ( t ( 'Image exceeds size limit of %d' ), $maximagesize ) . EOL );
2010-11-10 02:24:35 +00:00
@ unlink ( $src );
return ;
}
2010-07-01 23:48:07 +00:00
$imagedata = @ file_get_contents ( $src );
2013-04-26 03:01:24 +00:00
$ph = photo_factory ( $imagedata , $filetype );
2010-07-01 23:48:07 +00:00
2010-10-04 23:04:52 +00:00
if ( ! $ph -> is_valid ()) {
2010-08-03 03:21:21 +00:00
notice ( t ( 'Unable to process image.' ) . EOL );
2010-07-01 23:48:07 +00:00
@ unlink ( $src );
return ;
}
2012-07-10 13:28:02 +00:00
$ph -> orient ( $src );
2010-07-01 23:48:07 +00:00
@ unlink ( $src );
2011-02-04 09:18:28 +00:00
return profile_photo_crop_ui_head ( $a , $ph );
2010-07-01 23:48:07 +00:00
}
2014-04-19 22:58:26 +00:00
/* @ brief Generate content of profile - photo view
*
* @ param $a Current application
* @ return void
*
*/
2010-07-01 23:48:07 +00:00
if ( ! function_exists ( 'profile_photo_content' )) {
function profile_photo_content ( & $a ) {
2015-01-29 04:56:04 +00:00
if ( ! local_channel ()) {
2010-08-03 03:21:21 +00:00
notice ( t ( 'Permission denied.' ) . EOL );
2010-07-20 02:09:58 +00:00
return ;
}
2012-09-05 02:49:29 +00:00
2013-02-06 04:14:19 +00:00
$channel = $a -> get_channel ();
2011-04-24 00:31:23 +00:00
$newuser = false ;
2012-10-24 06:37:15 +00:00
if ( argc () == 2 && argv ( 1 ) === 'new' )
2011-04-24 00:31:23 +00:00
$newuser = true ;
2012-10-24 06:37:15 +00:00
if ( argv ( 1 ) === 'use' ) {
if ( argc () < 3 ) {
2011-02-04 09:18:28 +00:00
notice ( t ( 'Permission denied.' ) . EOL );
return ;
};
2012-03-12 20:17:37 +00:00
2012-03-27 11:51:20 +00:00
// check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
2012-03-12 20:17:37 +00:00
2012-10-24 06:37:15 +00:00
$resource_id = argv ( 2 );
2013-02-06 04:14:19 +00:00
$r = q ( " SELECT id, album, scale FROM photo WHERE uid = %d AND resource_id = '%s' ORDER BY scale ASC " ,
2015-01-29 04:56:04 +00:00
intval ( local_channel ()),
2011-02-04 09:18:28 +00:00
dbesc ( $resource_id )
2013-02-06 04:14:19 +00:00
);
if ( ! $r ) {
notice ( t ( 'Photo not available.' ) . EOL );
2011-02-04 09:18:28 +00:00
return ;
}
2011-09-15 10:06:43 +00:00
$havescale = false ;
foreach ( $r as $rr ) {
if ( $rr [ 'scale' ] == 5 )
$havescale = true ;
}
2013-02-06 04:14:19 +00:00
// set an already loaded photo as profile photo
if (( $r [ 0 ][ 'album' ] == t ( 'Profile Photos' )) && ( $havescale )) {
// unset any existing profile photos
$r = q ( " UPDATE photo SET profile = 0 WHERE profile = 1 AND uid = %d " ,
2015-01-29 04:56:04 +00:00
intval ( local_channel ()));
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
$r = q ( " UPDATE photo SET photo_flags = (photo_flags & ~%d ) WHERE (photo_flags & %d )>0 AND uid = %d " ,
2013-08-07 08:42:45 +00:00
intval ( PHOTO_PROFILE ),
intval ( PHOTO_PROFILE ),
2015-01-29 04:56:04 +00:00
intval ( local_channel ()));
2014-04-19 22:31:18 +00:00
2013-02-06 04:14:19 +00:00
// set all sizes of this one as profile photos
$r = q ( " UPDATE photo SET profile = 1 WHERE uid = %d AND resource_id = '%s' " ,
2015-01-29 04:56:04 +00:00
intval ( local_channel ()),
2011-02-04 09:18:28 +00:00
dbesc ( $resource_id )
);
2013-02-06 04:14:19 +00:00
2013-08-07 08:42:45 +00:00
$r = q ( " UPDATE photo SET photo_flags = ( photo_flags | %d ) WHERE uid = %d AND resource_id = '%s' " ,
intval ( PHOTO_PROFILE ),
2015-01-29 04:56:04 +00:00
intval ( local_channel ()),
2013-08-07 08:42:45 +00:00
dbesc ( $resource_id )
);
2013-02-06 04:14:19 +00:00
$r = q ( " UPDATE xchan set xchan_photo_date = '%s'
PostgreSQL support initial commit
There were 11 main types of changes:
- UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but
it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just
copied from Friendica. All of these instances, the LIMIT 1 was simply removed.
- Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit
integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice
to boot). Proper explicit boolean conversions were added. New queries should use proper conventions.
- MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_
func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There
were no true toggles (XOR). New queries should refrain from using XOR when not necessary.
- There are several fields which the schema has marked as NOT NULL, but the inserts don't specify
them. The reason this works is because mysql totally ignores the constraint and adds an empty text
default automatically. Again, non-compliant, obviously. In these cases a default of empty text was
added.
- Several statements rely on a non-standard MySQL feature
(http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten
to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run
a zillion times faster, even on MySQL.
- A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG,
UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_
- INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes
around the value -- assist functions added in the dba_
- NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such
thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are
handled in Zot/item packets automagically by quoting all dates with dbescdate().
- char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the
code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works
better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype
for all text fields in the postgres schema. varchar was used in a couple of places where it actually
seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code
actually validates data, new bugs might come out from under the rug.
- postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted.
bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function
was added to handle this transparently.
- postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax.
Statements were updated to be standard.
These changes require corresponding changes in the coding standards. Please review those before
adding any code going forward.
Still on my TODO list:
- remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting
- Rewrite search queries for better results (both MySQL and Postgres)
2014-11-13 20:21:58 +00:00
where xchan_hash = '%s' " ,
2011-02-04 09:18:28 +00:00
dbesc ( datetime_convert ()),
2013-02-06 04:14:19 +00:00
dbesc ( $channel [ 'xchan_hash' ])
2011-02-04 09:18:28 +00:00
);
2013-02-06 04:14:19 +00:00
2014-04-19 22:31:18 +00:00
profile_photo_set_profile_perms (); //Reset default photo permissions to public
2015-01-29 04:56:04 +00:00
proc_run ( 'php' , 'include/directory.php' , local_channel ());
2011-02-04 09:18:28 +00:00
goaway ( $a -> get_baseurl () . '/profiles' );
}
2013-02-06 04:14:19 +00:00
2013-08-07 08:42:45 +00:00
$r = q ( " SELECT `data`, `type` FROM photo WHERE id = %d and uid = %d limit 1 " ,
2013-02-06 04:14:19 +00:00
intval ( $r [ 0 ][ 'id' ]),
2015-01-29 04:56:04 +00:00
intval ( local_channel ())
2013-02-06 04:14:19 +00:00
);
if ( ! $r ) {
notice ( t ( 'Photo not available.' ) . EOL );
return ;
}
2013-04-26 03:01:24 +00:00
$ph = photo_factory ( $r [ 0 ][ 'data' ], $r [ 0 ][ 'type' ]);
2013-02-06 04:14:19 +00:00
// go ahead as if we have just uploaded a new photo to crop
2011-02-04 09:18:28 +00:00
profile_photo_crop_ui_head ( $a , $ph );
}
2013-02-12 10:02:35 +00:00
2013-02-16 01:23:02 +00:00
$profiles = q ( " select id, profile_name as name, is_default from profile where uid = %d " ,
2015-01-29 04:56:04 +00:00
intval ( local_channel ())
2012-07-18 00:08:14 +00:00
);
2013-02-12 10:02:35 +00:00
2013-02-06 04:14:19 +00:00
if ( ! x ( $a -> data , 'imagecrop' )) {
2014-04-19 22:31:18 +00:00
2011-05-11 11:37:13 +00:00
$tpl = get_markup_template ( 'profile_photo.tpl' );
2010-07-01 23:48:07 +00:00
2010-07-20 02:09:58 +00:00
$o .= replace_macros ( $tpl , array (
2013-02-06 04:14:19 +00:00
'$user' => $a -> channel [ 'channel_address' ],
2011-04-08 06:10:43 +00:00
'$lbl_upfile' => t ( 'Upload File:' ),
2012-07-18 00:08:14 +00:00
'$lbl_profiles' => t ( 'Select a profile:' ),
2011-04-08 06:10:43 +00:00
'$title' => t ( 'Upload Profile Photo' ),
'$submit' => t ( 'Upload' ),
2012-07-18 00:08:14 +00:00
'$profiles' => $profiles ,
2012-03-12 20:17:37 +00:00
'$form_security_token' => get_form_security_token ( " profile_photo " ),
2013-02-06 04:14:19 +00:00
// FIXME - yuk
'$select' => sprintf ( '%s %s' , t ( 'or' ), ( $newuser ) ? '<a href="' . $a -> get_baseurl () . '">' . t ( 'skip this step' ) . '</a>' : '<a href="' . $a -> get_baseurl () . '/photos/' . $a -> channel [ 'channel_address' ] . '">' . t ( 'select a photo from your photo albums' ) . '</a>' )
2010-07-20 02:09:58 +00:00
));
2014-09-29 02:33:37 +00:00
call_hooks ( 'profile_photo_content_end' , $o );
2010-07-01 23:48:07 +00:00
return $o ;
}
else {
2013-02-06 04:14:19 +00:00
$filename = $a -> data [ 'imagecrop' ] . '-' . $a -> data [ 'imagecrop_resolution' ] . '.' . $a -> data [ 'imagecrop_ext' ];
$resolution = $a -> data [ 'imagecrop_resolution' ];
2011-05-11 11:37:13 +00:00
$tpl = get_markup_template ( " cropbody.tpl " );
2010-07-20 02:09:58 +00:00
$o .= replace_macros ( $tpl , array (
2010-07-01 23:48:07 +00:00
'$filename' => $filename ,
2012-07-18 00:08:14 +00:00
'$profile' => intval ( $_REQUEST [ 'profile' ]),
2013-02-06 04:14:19 +00:00
'$resource' => $a -> data [ 'imagecrop' ] . '-' . $a -> data [ 'imagecrop_resolution' ],
2011-03-30 00:19:12 +00:00
'$image_url' => $a -> get_baseurl () . '/photo/' . $filename ,
'$title' => t ( 'Crop Image' ),
'$desc' => t ( 'Please adjust the image cropping for optimum viewing.' ),
2012-03-12 20:17:37 +00:00
'$form_security_token' => get_form_security_token ( " profile_photo " ),
2011-03-30 00:19:12 +00:00
'$done' => t ( 'Done Editing' )
));
2010-07-01 23:48:07 +00:00
return $o ;
}
2010-07-20 02:09:58 +00:00
return ; // NOTREACHED
2011-02-04 09:18:28 +00:00
}}
2014-04-19 22:58:26 +00:00
/* @ brief Generate the UI for photo - cropping
*
* @ param $a Current application
* @ param $ph Photo - Factory
* @ return void
*
*/
2011-02-04 09:18:28 +00:00
2012-07-18 00:08:14 +00:00
if ( ! function_exists ( 'profile_photo_crop_ui_head' )) {
2011-02-04 09:18:28 +00:00
function profile_photo_crop_ui_head ( & $a , $ph ){
2013-02-06 04:14:19 +00:00
2012-07-10 13:28:02 +00:00
$max_length = get_config ( 'system' , 'max_image_length' );
if ( ! $max_length )
$max_length = MAX_IMAGE_LENGTH ;
if ( $max_length > 0 )
$ph -> scaleImage ( $max_length );
2013-02-06 04:14:19 +00:00
$width = $ph -> getWidth ();
2011-02-04 09:18:28 +00:00
$height = $ph -> getHeight ();
if ( $width < 175 || $height < 175 ) {
$ph -> scaleImageUp ( 200 );
2013-02-06 04:14:19 +00:00
$width = $ph -> getWidth ();
2011-02-04 09:18:28 +00:00
$height = $ph -> getHeight ();
}
$hash = photo_new_resource ();
$smallest = 0 ;
2015-01-29 04:56:04 +00:00
$p = array ( 'aid' => get_account_id (), 'uid' => local_channel (), 'resource_id' => $hash ,
2013-08-07 08:42:45 +00:00
'filename' => $filename , 'album' => t ( 'Profile Photos' ), 'scale' => 0 );
$r = $ph -> save ( $p );
2011-02-04 09:18:28 +00:00
if ( $r )
2011-05-23 09:39:57 +00:00
info ( t ( 'Image uploaded successfully.' ) . EOL );
2011-02-04 09:18:28 +00:00
else
notice ( t ( 'Image upload failed.' ) . EOL );
if ( $width > 640 || $height > 640 ) {
$ph -> scaleImage ( 640 );
2013-08-07 08:42:45 +00:00
$p [ 'scale' ] = 1 ;
$r = $ph -> save ( $p );
2014-04-19 22:31:18 +00:00
2011-02-04 09:18:28 +00:00
if ( $r === false )
2011-03-10 23:22:21 +00:00
notice ( sprintf ( t ( 'Image size reduction [%s] failed.' ), " 640 " ) . EOL );
2011-02-04 09:18:28 +00:00
else
$smallest = 1 ;
}
2013-02-06 04:14:19 +00:00
$a -> data [ 'imagecrop' ] = $hash ;
$a -> data [ 'imagecrop_resolution' ] = $smallest ;
$a -> data [ 'imagecrop_ext' ] = $ph -> getExt ();
2013-01-06 21:42:51 +00:00
$a -> page [ 'htmlhead' ] .= replace_macros ( get_markup_template ( " crophead.tpl " ), array ());
2011-02-04 09:18:28 +00:00
return ;
}}
