本文整理汇总了PHP中permissions_sql函数的典型用法代码示例。如果您正苦于以下问题:PHP permissions_sql函数的具体用法?PHP permissions_sql怎么用?PHP permissions_sql使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了permissions_sql函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: attach_init
function attach_init(&$a)
{
if ($a->argc != 2) {
notice(t('Item not available.') . EOL);
return;
}
$item_id = intval($a->argv[1]);
// Check for existence, which will also provide us the owner uid
$r = q("SELECT * FROM `attach` WHERE `id` = %d LIMIT 1", intval($item_id));
if (!count($r)) {
notice(t('Item was not found.') . EOL);
return;
}
$sql_extra = permissions_sql($r[0]['uid']);
// Now we'll see if we can access the attachment
$r = q("SELECT * FROM `attach` WHERE `id` = '%d' {$sql_extra} LIMIT 1", dbesc($item_id));
if (!count($r)) {
notice(t('Permission denied.') . EOL);
return;
}
// Use quotes around the filename to prevent a "multiple Content-Disposition"
// error in Chrome for filenames with commas in them
header('Content-type: ' . $r[0]['filetype']);
header('Content-length: ' . $r[0]['filesize']);
if (isset($_GET['attachment']) && $_GET['attachment'] === '0') {
header('Content-disposition: filename="' . $r[0]['filename'] . '"');
} else {
header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"');
}
echo $r[0]['data'];
killme();
// NOTREACHED
}示例2: attach_init
function attach_init(&$a)
{
if ($a->argc != 2) {
notice(t('Item not available.') . EOL);
return;
}
$item_id = intval($a->argv[1]);
// Check for existence, which will also provide us the owner uid
$r = q("SELECT * FROM `attach` WHERE `id` = %d LIMIT 1", intval($item_id));
if (!count($r)) {
notice(t('Item was not found.') . EOL);
return;
}
$sql_extra = permissions_sql($r[0]['uid']);
// Now we'll see if we can access the attachment
$r = q("SELECT * FROM `attach` WHERE `id` = '%d' {$sql_extra} LIMIT 1", dbesc($item_id));
if (!count($r)) {
notice(t('Permission denied.') . EOL);
return;
}
header('Content-type: ' . $r[0]['filetype']);
header('Content-disposition: attachment; filename=' . $r[0]['filename']);
echo $r[0]['data'];
killme();
// NOTREACHED
}示例3: embedphotos_widget_album
/**
* Copied from include/widgets.php::widget_album() with a modification to get the profile_uid from
* the input array as in widget_item()
* @param type $name
* @return string
*/
function embedphotos_widget_album($args)
{
$channel_id = 0;
if (array_key_exists('channel', $args)) {
$channel = $args['channel'];
}
$channel_id = intval($channel['channel_id']);
if (!$channel_id) {
$channel_id = \App::$profile_uid;
}
if (!$channel_id) {
return '';
}
$owner_uid = $channel_id;
require_once 'include/security.php';
$sql_extra = permissions_sql($channel_id);
if (!perm_is_allowed($channel_id, get_observer_hash(), 'view_storage')) {
return '';
}
if ($args['album']) {
$album = $args['album'];
}
if ($args['title']) {
$title = $args['title'];
}
/**
* This may return incorrect permissions if you have multiple directories of the same name.
* It is a limitation of the photo table using a name for a photo album instead of a folder hash
*/
if ($album) {
$x = q("select hash from attach where filename = '%s' and uid = %d limit 1", dbesc($album), intval($owner_uid));
if ($x) {
$y = attach_can_view_folder($owner_uid, get_observer_hash(), $x[0]['hash']);
if (!$y) {
return '';
}
}
}
$order = 'DESC';
$r = q("SELECT p.resource_id, p.id, p.filename, p.mimetype, p.imgscale, p.description, p.created FROM photo p INNER JOIN\n\t\t\t\t(SELECT resource_id, max(imgscale) imgscale FROM photo WHERE uid = %d AND album = '%s' AND imgscale <= 4 AND photo_usage IN ( %d, %d ) {$sql_extra} GROUP BY resource_id) ph \n\t\t\t\tON (p.resource_id = ph.resource_id AND p.imgscale = ph.imgscale)\n\t\t\tORDER BY created {$order}", intval($owner_uid), dbesc($album), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE));
$photos = array();
if (count($r)) {
$twist = 'rotright';
foreach ($r as $rr) {
if ($twist == 'rotright') {
$twist = 'rotleft';
} else {
$twist = 'rotright';
}
$ext = $phototypes[$rr['mimetype']];
$imgalt_e = $rr['filename'];
$desc_e = $rr['description'];
$imagelink = z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $rr['resource_id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : '');
$photos[] = array('id' => $rr['id'], 'twist' => ' ' . $twist . rand(2, 4), 'link' => $imagelink, 'title' => t('View Photo'), 'src' => z_root() . '/photo/' . $rr['resource_id'] . '-' . $rr['imgscale'] . '.' . $ext, 'alt' => $imgalt_e, 'desc' => $desc_e, 'ext' => $ext, 'hash' => $rr['resource_id'], 'unknown' => t('Unknown'));
}
}
$tpl = get_markup_template('photo_album.tpl');
$o .= replace_macros($tpl, array('$photos' => $photos, '$album' => $title ? $title : $album, '$album_id' => rand(), '$album_edit' => array(t('Edit Album'), $album_edit), '$can_post' => false, '$upload' => array(t('Upload'), z_root() . '/photos/' . \App::$profile['channel_address'] . '/upload/' . bin2hex($album)), '$order' => false, '$upload_form' => $upload_form, '$no_fullscreen_btn' => true));
return $o;
}示例4: menu_fetch
function menu_fetch($name, $uid, $observer_xchan)
{
$sql_options = permissions_sql($uid);
$r = q("select * from menu where menu_channel_id = %d and menu_name = '%s' limit 1", intval($uid), dbesc($name));
if ($r) {
$x = q("select * from menu_item where mitem_menu_id = %d and mitem_channel_id = %d\n\t\t\t{$sql_options} \n\t\t\torder by mitem_order asc, mitem_desc asc", intval($r[0]['menu_id']), intval($uid));
return array('menu' => $r[0], 'items' => $x);
}
return null;
}示例5: get
function get()
{
$status = strip_tags($_REQUEST['status']);
$room_id = intval(\App::$data['chat']['room_id']);
$stopped = x($_REQUEST, 'stopped') && intval($_REQUEST['stopped']) ? true : false;
if ($status && $room_id) {
$x = q("select channel_address from channel where channel_id = %d limit 1", intval(\App::$data['chat']['uid']));
$r = q("update chatpresence set cp_status = '%s', cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s'", dbesc($status), dbesc(datetime_convert()), intval($room_id), dbesc(get_observer_hash()), dbesc($_SERVER['REMOTE_ADDR']));
goaway(z_root() . '/chat/' . $x[0]['channel_address'] . '/' . $room_id);
}
if (!$stopped) {
$lastseen = intval($_REQUEST['last']);
$ret = array('success' => false);
$sql_extra = permissions_sql(\App::$data['chat']['uid']);
$r = q("select * from chatroom where cr_uid = %d and cr_id = %d {$sql_extra}", intval(\App::$data['chat']['uid']), intval(\App::$data['chat']['room_id']));
if (!$r) {
json_return_and_die($ret);
}
$inroom = array();
$r = q("select * from chatpresence left join xchan on xchan_hash = cp_xchan where cp_room = %d order by xchan_name", intval(\App::$data['chat']['room_id']));
if ($r) {
foreach ($r as $rr) {
switch ($rr['cp_status']) {
case 'away':
$status = t('Away');
$status_class = 'away';
break;
case 'online':
default:
$status = t('Online');
$status_class = 'online';
break;
}
$inroom[] = array('img' => zid($rr['xchan_photo_m']), 'img_type' => $rr['xchan_photo_mimetype'], 'name' => $rr['xchan_name'], 'status' => $status, 'status_class' => $status_class);
}
}
$chats = array();
$r = q("select * from chat left join xchan on chat_xchan = xchan_hash where chat_room = %d and chat_id > %d order by created", intval(\App::$data['chat']['room_id']), intval($lastseen));
if ($r) {
foreach ($r as $rr) {
$chats[] = array('id' => $rr['chat_id'], 'img' => zid($rr['xchan_photo_m']), 'img_type' => $rr['xchan_photo_mimetype'], 'name' => $rr['xchan_name'], 'isotime' => datetime_convert('UTC', date_default_timezone_get(), $rr['created'], 'c'), 'localtime' => datetime_convert('UTC', date_default_timezone_get(), $rr['created'], 'r'), 'text' => smilies(bbcode($rr['chat_text'])), 'self' => get_observer_hash() == $rr['chat_xchan'] ? 'self' : '');
}
}
}
$r = q("update chatpresence set cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s'", dbesc(datetime_convert()), intval(\App::$data['chat']['room_id']), dbesc(get_observer_hash()), dbesc($_SERVER['REMOTE_ADDR']));
$ret['success'] = true;
if (!$stopped) {
$ret['inroom'] = $inroom;
$ret['chats'] = $chats;
}
json_return_and_die($ret);
}示例6: init
//.........这里部分代码省略.........
Project link: https://github.com/Retina-Images/Retina-Images
License link: http://creativecommons.org/licenses/by/3.0/
*/
$cookie_value = false;
if (isset($_COOKIE['devicePixelRatio'])) {
$cookie_value = intval($_COOKIE['devicePixelRatio']);
} else {
// Force revalidation of cache on next request
$cache_directive = 'no-cache';
$status = 'no cookie';
}
$resolution = 0;
if (strpos($photo, '.') !== false) {
$photo = substr($photo, 0, strpos($photo, '.'));
}
if (substr($photo, -2, 1) == '-') {
$resolution = intval(substr($photo, -1, 1));
$photo = substr($photo, 0, -2);
// If viewing on a high-res screen, attempt to serve a higher resolution image:
if ($resolution == 2 && $cookie_value > 1) {
$resolution = 1;
}
}
// If using resolution 1, make sure it exists before proceeding:
if ($resolution == 1) {
$r = q("SELECT uid FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", dbesc($photo), intval($resolution));
if (!$r) {
$resolution = 2;
}
}
$r = q("SELECT uid FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", dbesc($photo), intval($resolution));
if ($r) {
$allowed = $r[0]['uid'] ? perm_is_allowed($r[0]['uid'], $observer_xchan, 'view_storage') : true;
$sql_extra = permissions_sql($r[0]['uid']);
if (!$sql_extra) {
$sql_extra = ' and true ';
}
// Only check permissions on normal photos. Those photos we don't check includes
// profile photos, xchan photos (which are also profile photos), 'thing' photos,
// and cover photos
$sql_extra = " and (( photo_usage = 0 {$sql_extra} ) or photo_usage != 0 )";
$channel = channelx_by_n($r[0]['uid']);
// Now we'll see if we can access the photo
$r = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d {$sql_extra} LIMIT 1", dbesc($photo), intval($resolution));
if ($r && $allowed) {
$data = dbunescbin($r[0]['content']);
$mimetype = $r[0]['mimetype'];
if (intval($r[0]['os_storage'])) {
$streaming = $data;
}
} else {
// Does the picture exist? It may be a remote person with no credentials,
// but who should otherwise be able to view it. Show a default image to let
// them know permissions was denied. It may be possible to view the image
// through an authenticated profile visit.
// There won't be many completely unauthorised people seeing this because
// they won't have the photo link, so there's a reasonable chance that the person
// might be able to obtain permission to view it.
$r = q("SELECT * FROM `photo` WHERE `resource_id` = '%s' AND `imgscale` = %d LIMIT 1", dbesc($photo), intval($resolution));
if ($r) {
logger('mod_photo: forbidden. ' . \App::$query_string);
$observer = \App::get_observer();
logger('mod_photo: observer = ' . ($observer ? $observer['xchan_addr'] : '(not authenticated)'));
$data = file_get_contents('images/nosign.png');
$mimetype = 'image/png';
$prvcachecontrol = true;示例7: chat_content
function chat_content(&$a)
{
if (local_channel()) {
$channel = $a->get_channel();
}
$ob = $a->get_observer();
$observer = get_observer_hash();
if (!$observer) {
notice(t('Permission denied.') . EOL);
return;
}
if (!perm_is_allowed($a->profile['profile_uid'], $observer, 'chat')) {
notice(t('Permission denied.') . EOL);
return;
}
if (argc() > 3 && intval(argv(2)) && argv(3) === 'leave') {
chatroom_leave($observer, argv(2), $_SERVER['REMOTE_ADDR']);
goaway(z_root() . '/channel/' . argv(1));
}
if (argc() > 3 && intval(argv(2)) && argv(3) === 'status') {
$ret = array('success' => false);
$room_id = intval(argv(2));
if (!$room_id || !$observer) {
return;
}
$r = q("select * from chatroom where cr_id = %d limit 1", intval($room_id));
if (!$r) {
json_return_and_die($ret);
}
require_once 'include/security.php';
$sql_extra = permissions_sql($r[0]['cr_uid']);
$x = q("select * from chatroom where cr_id = %d and cr_uid = %d {$sql_extra} limit 1", intval($room_id), intval($r[0]['cr_uid']));
if (!$x) {
json_return_and_die($ret);
}
$y = q("select count(*) as total from chatpresence where cp_room = %d", intval($room_id));
if ($y) {
$ret['success'] = true;
$ret['chatroom'] = $r[0]['cr_name'];
$ret['inroom'] = $y[0]['total'];
}
// figure out how to present a timestamp of the last activity, since we don't know the observer's timezone.
$z = q("select created from chat where chat_room = %d order by created desc limit 1", intval($room_id));
if ($z) {
$ret['last'] = $z[0]['created'];
}
json_return_and_die($ret);
}
if (argc() > 2 && intval(argv(2))) {
$room_id = intval(argv(2));
$bookmark_link = get_bookmark_link($ob);
$x = chatroom_enter($observer, $room_id, 'online', $_SERVER['REMOTE_ADDR']);
if (!$x) {
return;
}
$x = q("select * from chatroom where cr_id = %d and cr_uid = %d {$sql_extra} limit 1", intval($room_id), intval($a->profile['profile_uid']));
if ($x) {
$acl = new AccessList(false);
$acl->set($x[0]);
$private = $acl->is_private();
$room_name = $x[0]['cr_name'];
if ($bookmark_link) {
$bookmark_link .= '&url=' . z_root() . '/chat/' . argv(1) . '/' . argv(2) . '&title=' . urlencode($x[0]['cr_name']) . ($private ? '&private=1' : '') . '&ischat=1';
}
} else {
notice(t('Room not found') . EOL);
return;
}
$o = replace_macros(get_markup_template('chat.tpl'), array('$is_owner' => local_channel() && local_channel() == $x[0]['cr_uid'] ? true : false, '$room_name' => $room_name, '$room_id' => $room_id, '$baseurl' => z_root(), '$nickname' => argv(1), '$submit' => t('Submit'), '$leave' => t('Leave Room'), '$drop' => t('Delete This Room'), '$away' => t('I am away right now'), '$online' => t('I am online'), '$bookmark_link' => $bookmark_link, '$bookmark' => t('Bookmark this room')));
return $o;
}
if (local_channel() && argc() > 2 && argv(2) === 'new') {
$acl = new AccessList($channel);
$channel_acl = $acl->get();
require_once 'include/acl_selectors.php';
$o = replace_macros(get_markup_template('chatroom_new.tpl'), array('$header' => t('New Chatroom'), '$name' => array('room_name', t('Chatroom Name'), '', ''), '$chat_expire' => array('chat_expire', t('Expiration of chats (minutes)'), 120, ''), '$permissions' => t('Permissions'), '$acl' => populate_acl($channel_acl, false), '$submit' => t('Submit')));
return $o;
}
require_once 'include/conversation.php';
$o = profile_tabs($a, local_channel() && local_channel() == $a->profile['profile_uid'] ? true : false, $a->profile['channel_address']);
require_once 'include/widgets.php';
$o .= replace_macros(get_markup_template('chatrooms.tpl'), array('$header' => sprintf(t('%1$s\'s Chatrooms'), $a->profile['name']), '$baseurl' => z_root(), '$nickname' => $channel['channel_address'], '$rooms' => widget_chatroom_list(array()), '$newroom' => t('New Chatroom'), '$is_owner' => local_channel() && local_channel() == $a->profile['profile_uid'] ? 1 : 0));
return $o;
}示例8: photo_init
function photo_init(&$a)
{
global $_SERVER;
$prvcachecontrol = false;
$file = "";
switch ($a->argc) {
case 4:
$person = $a->argv[3];
$customres = intval($a->argv[2]);
$type = $a->argv[1];
break;
case 3:
$person = $a->argv[2];
$type = $a->argv[1];
break;
case 2:
$photo = $a->argv[1];
$file = $photo;
break;
case 1:
default:
killme();
// NOTREACHED
}
// strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= filemtime($localFileName)) {
if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
header('HTTP/1.1 304 Not Modified');
header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
header('Etag: ' . $_SERVER['HTTP_IF_NONE_MATCH']);
header("Expires: " . gmdate("D, d M Y H:i:s", time() + 31536000) . " GMT");
header("Cache-Control: max-age=31536000");
if (function_exists('header_remove')) {
header_remove('Last-Modified');
header_remove('Expires');
header_remove('Cache-Control');
}
exit;
}
$default = 'images/person-175.jpg';
if (isset($type)) {
/**
* Profile photos
*/
switch ($type) {
case 'profile':
case 'custom':
$resolution = 4;
break;
case 'micro':
$resolution = 6;
$default = 'images/person-48.jpg';
break;
case 'avatar':
default:
$resolution = 5;
$default = 'images/person-80.jpg';
break;
}
$uid = str_replace(array('.jpg', '.png'), array('', ''), $person);
$r = q("SELECT * FROM `photo` WHERE `scale` = %d AND `uid` = %d AND `profile` = 1 LIMIT 1", intval($resolution), intval($uid));
if (count($r)) {
$data = $r[0]['data'];
$mimetype = $r[0]['type'];
}
if (!isset($data)) {
$data = file_get_contents($default);
$mimetype = 'image/jpeg';
}
} else {
/**
* Other photos
*/
$resolution = 0;
foreach (Photo::supportedTypes() as $m => $e) {
$photo = str_replace(".{$e}", '', $photo);
}
if (substr($photo, -2, 1) == '-') {
$resolution = intval(substr($photo, -1, 1));
$photo = substr($photo, 0, -2);
}
$r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", dbesc($photo), intval($resolution));
if (count($r)) {
$sql_extra = permissions_sql($r[0]['uid']);
// Now we'll see if we can access the photo
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d {$sql_extra} LIMIT 1", dbesc($photo), intval($resolution));
$public = $r[0]['allow_cid'] == '' and $r[0]['allow_gid'] == '' and $r[0]['deny_cid'] == '' and $r[0]['deny_gid'] == '';
if (count($r)) {
$data = $r[0]['data'];
$mimetype = $r[0]['type'];
} else {
// Does the picture exist? It may be a remote person with no credentials,
// but who should otherwise be able to view it. Show a default image to let
// them know permissions was denied. It may be possible to view the image
// through an authenticated profile visit.
// There won't be many completely unauthorised people seeing this because
// they won't have the photo link, so there's a reasonable chance that the person
// might be able to obtain permission to view it.
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", dbesc($photo), intval($resolution));
if (count($r)) {
$data = file_get_contents('images/nosign.jpg');
//.........这里部分代码省略.........
示例9: display_content
function display_content(&$a)
{
if (get_config('system', 'block_public') && !local_user() && !remote_user()) {
notice(t('Public access denied.') . EOL);
return;
}
require_once "include/bbcode.php";
require_once 'include/security.php';
require_once 'include/conversation.php';
$o = '<div id="live-display"></div>' . "\r\n";
$a->page['htmlhead'] .= '<script>$(document).ready(function() { $(".comment-edit-wrapper textarea").contact_autocomplete(baseurl+"/acl"); });</script>';
$nick = $a->argc > 1 ? $a->argv[1] : '';
profile_load($a, $nick);
$item_id = $a->argc > 2 ? intval($a->argv[2]) : 0;
if (!$item_id) {
$a->error = 404;
notice(t('Item not found.') . EOL);
return;
}
$groups = array();
$contact = null;
$remote_contact = false;
if (remote_user()) {
$contact_id = $_SESSION['visitor_id'];
$groups = init_groups_visitor($contact_id);
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($a->profile['uid']));
if (count($r)) {
$contact = $r[0];
$remote_contact = true;
}
}
if (!$remote_contact) {
if (local_user()) {
$contact_id = $_SESSION['cid'];
$contact = $a->contact;
}
}
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", intval($a->profile['uid']));
if (count($r)) {
$a->page_contact = $r[0];
}
$is_owner = local_user() && local_user() == $a->profile['profile_uid'] ? true : false;
if ($a->profile['hidewall'] && !$is_owner && !$remote_contact) {
notice(t('Access to this profile has been restricted.') . EOL);
return;
}
$sql_extra = permissions_sql($a->profile['uid'], $remote_contact, $groups);
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, \n\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,\n\t\t`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, \n\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`\n\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\tWHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0\n\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\tAND `item`.`parent` = ( SELECT `parent` FROM `item` WHERE ( `id` = '%s' OR `uri` = '%s' ))\n\t\t{$sql_extra}\n\t\tORDER BY `parent` DESC, `gravity` ASC, `id` ASC ", intval($a->profile['uid']), dbesc($item_id), dbesc($item_id));
if (count($r)) {
if (local_user() && local_user() == $a->profile['uid']) {
q("UPDATE `item` SET `unseen` = 0 \n\t\t\t\tWHERE `parent` = %d AND `unseen` = 1", intval($r[0]['parent']));
}
$o .= conversation($a, $r, 'display', false);
} else {
$r = q("SELECT `id` FROM `item` WHERE `id` = '%s' OR `uri` = '%s' LIMIT 1", dbesc($item_id), dbesc($item_id));
if (count($r)) {
if ($r[0]['deleted']) {
notice(t('Item has been removed.') . EOL);
} else {
notice(t('Permission denied.') . EOL);
}
} else {
notice(t('Item not found.') . EOL);
}
}
return $o;
}示例10: photos_content
function photos_content(&$a)
{
// URLs:
// photos/name
// photos/name/upload
// photos/name/upload/xxxxx (xxxxx is album name)
// photos/name/album/xxxxx
// photos/name/album/xxxxx/edit
// photos/name/image/xxxxx
// photos/name/image/xxxxx/edit
if (get_config('system', 'block_public') && !local_user() && !remote_user()) {
notice(t('Public access denied.') . EOL);
return;
}
require_once 'include/bbcode.php';
require_once 'include/security.php';
require_once 'include/conversation.php';
if (!x($a->data, 'user')) {
notice(t('No photos selected') . EOL);
return;
}
$_SESSION['photo_return'] = $a->cmd;
//
// Parse arguments
//
if ($a->argc > 3) {
$datatype = $a->argv[2];
$datum = $a->argv[3];
} elseif ($a->argc > 2 && $a->argv[2] === 'upload') {
$datatype = 'upload';
} else {
$datatype = 'summary';
}
if ($a->argc > 4) {
$cmd = $a->argv[4];
} else {
$cmd = 'view';
}
//
// Setup permissions structures
//
$can_post = false;
$visitor = 0;
$contact = null;
$remote_contact = false;
$owner_uid = $a->data['user']['uid'];
$community_page = $a->data['user']['page-flags'] == PAGE_COMMUNITY ? true : false;
if (local_user() && local_user() == $owner_uid) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval(remote_user()), intval($owner_uid));
if (count($r)) {
$can_post = true;
$contact = $r[0];
$remote_contact = true;
$visitor = remote_user();
}
}
}
// perhaps they're visiting - but not a community page, so they wouldn't have write access
if (remote_user() && !$visitor) {
$contact_id = $_SESSION['visitor_id'];
$groups = init_groups_visitor($contact_id);
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval(remote_user()), intval($owner_uid));
if (count($r)) {
$contact = $r[0];
$remote_contact = true;
}
}
if (!$remote_contact) {
if (local_user()) {
$contact_id = $_SESSION['cid'];
$contact = $a->contact;
}
}
if ($a->data['user']['hidewall'] && local_user() != $owner_uid && !$remote_contact) {
notice(t('Access to this item is restricted.') . EOL);
return;
}
$sql_extra = permissions_sql($owner_uid, $remote_contact, $groups);
$o = "";
// tabs
$_is_owner = local_user() && local_user() == $owner_uid;
$o .= profile_tabs($a, $_is_owner, $a->data['user']['nickname']);
//
// dispatch request
//
if ($datatype === 'upload') {
if (!$can_post) {
notice(t('Permission denied.'));
return;
}
$selname = $datum ? hex2bin($datum) : '';
$albumselect = '<select id="photos-upload-album-select" name="album" size="4">';
$albumselect .= '<option value="" ' . (!$selname ? ' selected="selected" ' : '') . '> </option>';
if (count($a->data['albums'])) {
foreach ($a->data['albums'] as $album) {
if ($album['album'] === '' || $album['album'] === 'Contact Photos' || $album['album'] === t('Contact Photos')) {
continue;
//.........这里部分代码省略.........
示例11: chat_message
/**
* create a chat message via API.
* It is the caller's responsibility to enter the room.
*/
function chat_message($uid, $room_id, $xchan, $text)
{
$ret = array('success' => false);
if (!$text) {
return;
}
$sql_extra = permissions_sql($uid);
$r = q("select * from chatroom where cr_uid = %d and cr_id = %d {$sql_extra}", intval($uid), intval($room_id));
if (!$r) {
return $ret;
}
$arr = array('chat_room' => $room_id, 'chat_xchan' => $xchan, 'chat_text' => $text);
call_hooks('chat_message', $arr);
$x = q("insert into chat ( chat_room, chat_xchan, created, chat_text )\n\t\tvalues( %d, '%s', '%s', '%s' )", intval($room_id), dbesc($xchan), dbesc(datetime_convert()), dbesc($arr['chat_text']));
$ret['success'] = true;
return $ret;
}示例12: photos_list_photos
/**
* @brief
*
* @param array $channel
* @param array $observer
* @param string $album default empty
* @return boolean|array
*/
function photos_list_photos($channel, $observer, $album = '')
{
$channel_id = $channel['channel_id'];
$observer_xchan = $observer ? $observer['xchan_hash'] : '';
if (!perm_is_allowed($channel_id, $observer_xchan, 'view_storage')) {
return false;
}
$sql_extra = permissions_sql($channel_id);
if ($album) {
$sql_extra .= " and album = '" . protect_sprintf(dbesc($album)) . "' ";
}
$ret = array('success' => false);
$r = q("select resource_id, created, edited, title, description, album, filename, mimetype, height, width, filesize, imgscale, photo_usage, allow_cid, allow_gid, deny_cid, deny_gid from photo where uid = %d and photo_usage in ( %d, %d ) {$sql_extra} ", intval($channel_id), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE));
if ($r) {
for ($x = 0; $x < count($r); $x++) {
$r[$x]['src'] = z_root() . '/photo/' . $r[$x]['resource_id'] . '-' . $r[$x]['imgscale'];
}
$ret['success'] = true;
$ret['photos'] = $r;
}
return $ret;
}示例13: photos_content
function photos_content(&$a)
{
// URLs:
// photos/name
// photos/name/upload
// photos/name/upload/xxxxx (xxxxx is album name)
// photos/name/album/xxxxx
// photos/name/album/xxxxx/edit
// photos/name/image/xxxxx
// photos/name/image/xxxxx/edit
if (get_config('system', 'block_public') && !local_user() && !remote_user()) {
notice(t('Public access denied.') . EOL);
return;
}
require_once 'include/bbcode.php';
require_once 'include/security.php';
require_once 'include/conversation.php';
if (!x($a->data, 'channel')) {
notice(t('No photos selected') . EOL);
return;
}
$ph = photo_factory('');
$phototypes = $ph->supportedTypes();
$_SESSION['photo_return'] = $a->cmd;
//
// Parse arguments
//
$can_comment = perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'post_comments');
if (argc() > 3) {
$datatype = argv(2);
$datum = argv(3);
} elseif (argc() > 2 && argv(2) === 'upload') {
$datatype = 'upload';
} else {
$datatype = 'summary';
}
if (argc() > 4) {
$cmd = argv(4);
} else {
$cmd = 'view';
}
//
// Setup permissions structures
//
$can_post = false;
$visitor = 0;
$owner_uid = $a->data['channel']['channel_id'];
$owner_aid = $a->data['channel']['channel_account_id'];
$observer = $a->get_observer();
$can_post = perm_is_allowed($owner_uid, $observer['xchan_hash'], 'post_photos');
$can_view = perm_is_allowed($owner_uid, $observer['xchan_hash'], 'view_photos');
if (!$can_view) {
notice(t('Access to this item is restricted.') . EOL);
return;
}
$sql_extra = permissions_sql($owner_uid);
$o = "";
$o .= "<script> var profile_uid = " . $a->profile['profile_uid'] . "; var netargs = '?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n";
// tabs
$_is_owner = local_user() && local_user() == $owner_uid;
$o .= profile_tabs($a, $_is_owner, $a->data['channel']['channel_address']);
//
// dispatch request
//
/**
* Display upload form
*/
if ($datatype === 'upload') {
if (!$can_post) {
notice(t('Permission denied.'));
return;
}
if (array_key_exists('albums', $a->data)) {
$albums = get_app()->data['albums'];
} else {
$albums = photos_albums_list($a->data['channel'], $a->data['observer']);
}
$selname = $datum ? hex2bin($datum) : '';
$albumselect = '<select id="photos-upload-album-select" name="album" size="4">';
$albumselect .= '<option value="" ' . (!$selname ? ' selected="selected" ' : '') . '> </option>';
if (count($albums['albums'])) {
foreach ($albums['albums'] as $album) {
if (!$album['text']) {
continue;
}
$selected = $selname === $album['text'] ? ' selected="selected" ' : '';
$albumselect .= '<option value="' . $album['text'] . '"' . $selected . '>' . $album['text'] . '</option>';
}
}
$albumselect .= '</select>';
$uploader = '';
$ret = array('post_url' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'], 'addon_text' => $uploader, 'default_upload' => true);
call_hooks('photo_upload_form', $ret);
$default_upload = '<input id="photos-upload-choose" type="file" name="userfile" /> <div class="photos-upload-submit-wrapper" >
<input type="submit" name="submit" value="' . t('Submit') . '" id="photos-upload-submit" /> </div>';
/* Show space usage */
$r = q("select sum(size) as total from photo where aid = %d and scale = 0 ", intval($a->data['channel']['channel_account_id']));
$limit = service_class_fetch($a->data['channel']['channel_id'], 'photo_upload_limit');
if ($limit !== false) {
$usage_message = sprintf(t("You have used %1\$.2f Mbytes of %2\$.2f Mbytes photo storage."), $r[0]['total'] / 1024000, $limit / 1024000);
//.........这里部分代码省略.........
示例14: photo_init
function photo_init(&$a)
{
switch ($a->argc) {
case 4:
$person = $a->argv[3];
$customres = intval($a->argv[2]);
$type = $a->argv[1];
break;
case 3:
$person = $a->argv[2];
$type = $a->argv[1];
break;
case 2:
$photo = $a->argv[1];
break;
case 1:
default:
killme();
// NOTREACHED
}
$default = 'images/default-profile.jpg';
if (isset($type)) {
/**
* Profile photos
*/
switch ($type) {
case 'profile':
case 'custom':
$resolution = 4;
break;
case 'micro':
$resolution = 6;
$default = 'images/default-profile-mm.jpg';
break;
case 'avatar':
default:
$resolution = 5;
$default = 'images/default-profile-sm.jpg';
break;
}
$uid = str_replace('.jpg', '', $person);
$r = q("SELECT * FROM `photo` WHERE `scale` = %d AND `uid` = %d AND `profile` = 1 LIMIT 1", intval($resolution), intval($uid));
if (count($r)) {
$data = $r[0]['data'];
}
if (!isset($data)) {
$data = file_get_contents($default);
}
} else {
/**
* Other photos
*/
$resolution = 0;
$photo = str_replace('.jpg', '', $photo);
if (substr($photo, -2, 1) == '-') {
$resolution = intval(substr($photo, -1, 1));
$photo = substr($photo, 0, -2);
}
$r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", dbesc($photo), intval($resolution));
if (count($r)) {
$sql_extra = permissions_sql($r[0]['uid']);
// Now we'll see if we can access the photo
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d {$sql_extra} LIMIT 1", dbesc($photo), intval($resolution));
if (count($r)) {
$data = $r[0]['data'];
} else {
// Does the picture exist? It may be a remote person with no credentials,
// but who should otherwise be able to view it. Show a default image to let
// them know permissions was denied. It may be possible to view the image
// through an authenticated profile visit.
// There won't be many completely unauthorised people seeing this because
// they won't have the photo link, so there's a reasonable chance that the person
// might be able to obtain permission to view it.
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1", dbesc($photo), intval($resolution));
if (count($r)) {
$data = file_get_contents('images/nosign.jpg');
}
}
}
}
if (!isset($data)) {
killme();
// NOTREACHED
}
if (intval($customres) && $customres > 0 && $customres < 500) {
require_once 'include/Photo.php';
$ph = new Photo($data);
if ($ph->is_valid()) {
$ph->scaleImageSquare($customres);
$data = $ph->imageString();
}
}
if (function_exists('header_remove')) {
header_remove('Pragma');
header_remove('pragma');
}
header("Content-type: image/jpeg");
header("Expires: " . gmdate("D, d M Y H:i:s", time() + 3600 * 24) . " GMT");
header("Cache-Control: max-age=" . 3600 * 24);
echo $data;
//.........这里部分代码省略.........
示例15: photo_init
function photo_init(&$a)
{
$prvcachecontrol = false;
switch (argc()) {
case 4:
$person = argv(3);
$res = argv(2);
$type = argv(1);
break;
case 2:
$photo = argv(1);
break;
case 1:
default:
killme();
// NOTREACHED
}
if ($photo === 'qr') {
$t = $_GET['qr'];
require_once 'library/phpqrcode/phpqrcode.php';
header("Content-type: image/png");
QRcode::png($t ? $t : '.');
killme();
}
$observer_xchan = get_observer_hash();
$default = get_default_profile_photo();
if (isset($type)) {
/**
* Profile photos - Access controls on default profile photos are not honoured since they need to be exchanged with remote sites.
*
*/
if ($type === 'profile') {
switch ($res) {
case 'm':
$resolution = 5;
$default = get_default_profile_photo(80);
break;
case 's':
$resolution = 6;
$default = get_default_profile_photo(48);
break;
case 'l':
default:
$resolution = 4;
break;
}
}
$uid = $person;
$r = q("SELECT * FROM photo WHERE scale = %d AND uid = %d AND profile = 1 LIMIT 1", intval($resolution), intval($uid));
if (count($r)) {
$data = $r[0]['data'];
$mimetype = $r[0]['type'];
}
if (!isset($data)) {
$data = file_get_contents($default);
$mimetype = 'image/jpeg';
}
} else {
/**
* Other photos
*/
/* Check for a cookie to indicate display pixel density, in order to detect high-resolution
displays. This procedure was derived from the "Retina Images" by Jeremey Worboys,
used in accordance with the Creative Commons Attribution 3.0 Unported License.
Project link: https://github.com/Retina-Images/Retina-Images
License link: http://creativecommons.org/licenses/by/3.0/
*/
$cookie_value = false;
if (isset($_COOKIE['devicePixelRatio'])) {
$cookie_value = intval($_COOKIE['devicePixelRatio']);
} else {
// Force revalidation of cache on next request
$cache_directive = 'no-cache';
$status = 'no cookie';
}
$resolution = 0;
if (strpos($photo, '.') !== false) {
$photo = substr($photo, 0, strpos($photo, '.'));
}
if (substr($photo, -2, 1) == '-') {
$resolution = intval(substr($photo, -1, 1));
$photo = substr($photo, 0, -2);
// If viewing on a high-res screen, attempt to serve a higher resolution image:
if ($resolution == 2 && $cookie_value > 1) {
$resolution = 1;
}
}
// If using resolution 1, make sure it exists before proceeding:
if ($resolution == 1) {
$r = q("SELECT uid FROM photo WHERE resource_id = '%s' AND scale = %d LIMIT 1", dbesc($photo), intval($resolution));
if (!$r) {
$resolution = 2;
}
}
$r = q("SELECT uid FROM photo WHERE resource_id = '%s' AND scale = %d LIMIT 1", dbesc($photo), intval($resolution));
if ($r) {
$allowed = $r[0]['uid'] ? perm_is_allowed($r[0]['uid'], $observer_xchan, 'view_photos') : true;
$sql_extra = permissions_sql($r[0]['uid']);
// Now we'll see if we can access the photo
$r = q("SELECT * FROM photo WHERE resource_id = '%s' AND scale = %d {$sql_extra} LIMIT 1", dbesc($photo), intval($resolution));
//.........这里部分代码省略.........