2011-05-25 05:40:52 +00:00
< ? php
require_once ( 'include/attach.php' );
require_once ( 'include/datetime.php' );
function wall_attach_post ( & $a ) {
2015-08-24 11:54:41 +00:00
$r_json = ( x ( $_GET , 'response' ) && $_GET [ 'response' ] == 'json' );
2011-05-25 05:40:52 +00:00
if ( $a -> argc > 1 ) {
$nick = $a -> argv [ 1 ];
2012-04-08 23:19:45 +00:00
$r = q ( " SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1 " ,
2011-05-25 05:40:52 +00:00
dbesc ( $nick )
);
2015-08-24 11:54:41 +00:00
if ( ! count ( $r )){
if ( $r_json ) { echo json_encode ([ 'error' => t ( 'Invalid request.' )]); killme (); }
2011-05-25 05:40:52 +00:00
return ;
2015-08-24 11:54:41 +00:00
}
2011-05-25 05:40:52 +00:00
2015-08-24 11:54:41 +00:00
} else {
if ( $r_json ) { echo json_encode ([ 'error' => t ( 'Invalid request.' )]); killme (); }
2011-05-25 05:40:52 +00:00
return ;
2015-08-24 11:54:41 +00:00
}
2011-05-25 05:40:52 +00:00
$can_post = false ;
$visitor = 0 ;
$page_owner_uid = $r [ 0 ][ 'uid' ];
2012-04-08 23:19:45 +00:00
$page_owner_cid = $r [ 0 ][ 'id' ];
2011-05-25 05:40:52 +00:00
$page_owner_nick = $r [ 0 ][ 'nickname' ];
$community_page = (( $r [ 0 ][ 'page-flags' ] == PAGE_COMMUNITY ) ? true : false );
if (( local_user ()) && ( local_user () == $page_owner_uid ))
$can_post = true ;
else {
if ( $community_page && remote_user ()) {
2012-09-05 05:50:28 +00:00
$cid = 0 ;
if ( is_array ( $_SESSION [ 'remote' ])) {
foreach ( $_SESSION [ 'remote' ] as $v ) {
if ( $v [ 'uid' ] == $page_owner_uid ) {
$cid = $v [ 'cid' ];
break ;
}
}
}
if ( $cid ) {
$r = q ( " SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1 " ,
intval ( $cid ),
intval ( $page_owner_uid )
);
if ( count ( $r )) {
$can_post = true ;
$visitor = $cid ;
}
2011-05-25 05:40:52 +00:00
}
}
}
if ( ! $can_post ) {
2015-08-24 11:54:41 +00:00
if ( $r_json ) { echo json_encode ([ 'error' => t ( 'Permission denied.' )]); killme (); }
2011-05-25 05:40:52 +00:00
notice ( t ( 'Permission denied.' ) . EOL );
killme ();
}
2015-08-24 11:54:41 +00:00
if ( ! x ( $_FILES , 'userfile' )) {
if ( $r_json ) { echo json_encode ([ 'error' => t ( 'Invalid request.' )]); killme (); }
2011-05-25 05:40:52 +00:00
killme ();
2015-08-24 11:54:41 +00:00
}
2011-05-25 05:40:52 +00:00
$src = $_FILES [ 'userfile' ][ 'tmp_name' ];
$filename = basename ( $_FILES [ 'userfile' ][ 'name' ]);
$filesize = intval ( $_FILES [ 'userfile' ][ 'size' ]);
$maxfilesize = get_config ( 'system' , 'maxfilesize' );
2014-04-23 18:22:53 +00:00
/* Found html code written in text field of form ,
* when trying to upload a file with filesize
* greater than upload_max_filesize . Cause is unknown .
* Then Filesize gets <= 0.
*/
if ( $filesize <= 0 ) {
2015-08-24 11:54:41 +00:00
$msg = t ( 'Sorry, maybe your upload is bigger than the PHP configuration allows' ) . EOL . ( t ( 'Or - did you try to upload an empty file?' ));
if ( $r_json ) {
echo json_encode ([ 'error' => $msg ]);
} else {
notice ( $msg . EOL );
}
2014-04-23 18:22:53 +00:00
@ unlink ( $src );
killme ();
}
2011-05-25 05:40:52 +00:00
if (( $maxfilesize ) && ( $filesize > $maxfilesize )) {
2015-08-24 11:54:41 +00:00
$msg = sprintf ( t ( 'File exceeds size limit of %s' ), formatBytes ( $maxfilesize ));
if ( $r_json ) {
echo json_encode ([ 'error' => $msg ]);
} else {
echo $msg . EOL ;
}
2011-05-25 05:40:52 +00:00
@ unlink ( $src );
2015-06-29 00:39:08 +00:00
killme ();
2011-05-25 05:40:52 +00:00
}
2012-06-25 23:03:46 +00:00
$r = q ( " select sum(octet_length(data)) as total from attach where uid = %d " ,
intval ( $page_owner_uid )
);
$limit = service_class_fetch ( $page_owner_uid , 'attach_upload_limit' );
if (( $limit !== false ) && (( $r [ 0 ][ 'total' ] + strlen ( $imagedata )) > $limit )) {
2015-08-24 11:54:41 +00:00
$msg = upgrade_message ( true );
if ( $r_json ) {
echo json_encode ([ 'error' => $msg ]);
} else {
echo $msg . EOL ;
}
2012-06-25 23:03:46 +00:00
@ unlink ( $src );
killme ();
}
2011-05-25 05:40:52 +00:00
$filedata = @ file_get_contents ( $src );
2011-08-04 02:18:58 +00:00
$mimetype = z_mime_content_type ( $filename );
2015-08-14 05:48:28 +00:00
$hash = get_guid ( 64 );
2011-05-25 05:40:52 +00:00
$created = datetime_convert ();
2011-05-25 09:08:15 +00:00
$r = q ( " INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
VALUES ( % d , '%s' , '%s' , '%s' , % d , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' ) " ,
2011-05-25 05:40:52 +00:00
intval ( $page_owner_uid ),
dbesc ( $hash ),
2011-05-25 09:08:15 +00:00
dbesc ( $filename ),
2011-05-25 05:40:52 +00:00
dbesc ( $mimetype ),
intval ( $filesize ),
dbesc ( $filedata ),
dbesc ( $created ),
dbesc ( $created ),
2012-04-08 23:19:45 +00:00
dbesc ( '<' . $page_owner_cid . '>' ),
2011-05-25 05:40:52 +00:00
dbesc ( '' ),
dbesc ( '' ),
dbesc ( '' )
2015-08-14 05:48:28 +00:00
);
2011-05-25 05:40:52 +00:00
@ unlink ( $src );
if ( ! $r ) {
2015-08-24 11:54:41 +00:00
$msg = t ( 'File upload failed.' );
if ( $r_json ) {
echo json_encode ([ 'error' => $msg ]);
} else {
echo $msg . EOL ;
}
2011-05-25 05:40:52 +00:00
killme ();
}
$r = q ( " SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1 " ,
intval ( $page_owner_uid ),
dbesc ( $created ),
dbesc ( $hash )
);
if ( ! count ( $r )) {
2015-08-24 11:54:41 +00:00
$msg = t ( 'File upload failed.' );
if ( $r_json ) {
echo json_encode ([ 'error' => $msg ]);
} else {
echo $msg . EOL ;
}
2011-05-25 05:40:52 +00:00
killme ();
}
2015-08-24 11:54:41 +00:00
if ( $r_json ) { echo json_encode ([ 'ok' => true ]); killme (); }
2012-12-03 09:05:10 +00:00
$lf = " \n " ;
2012-04-17 13:11:41 +00:00
echo $lf . $lf . '[attachment]' . $r [ 0 ][ 'id' ] . '[/attachment]' . $lf ;
2015-08-24 11:54:41 +00:00
2011-05-25 05:40:52 +00:00
killme ();
// NOTREACHED
}