photos cont.

2013-01-26 03:42:05 -08:00 · 2013-01-26 03:42:05 -08:00 · 3e0040d7c3
commit 3e0040d7c3
parent 91126d8dd3
2 changed files with 103 additions and 106 deletions
--- a/include/photos.php
+++ b/include/photos.php
@ -275,3 +275,47 @@ function photos_album_widget($channelx,$observer,$albums = null) {
 	}
 	return $o;
 }
 function photos_album_exists($channel_id,$album) {
 	$r = q("SELECT id from photo where album = '%s' and uid = %d limit 1",
 		dbesc($album),
 		intval($channel_id)
 	);
 	return (($r) ? true : false);
 }
 function photos_album_rename($channel_id,$oldname,$newname) {
 	return q("UPDATE photo SET album = '%s' WHERE album = '%s' AND uid = %d",
 		dbesc($newname),
 		dbesc($oldname),
 		intval($channel_id)
 	);
 }
 function photos_album_get_db_idstr($channel_id,$album,$remote_xchan = '') {
 	if($remote_xchan) {
 		$r = q("SELECT distinct resource_id as from photo where xchan = '%s' and uid = %d and album = '%s' ",
 			dbesc($remote_xchan),
 			intval($channel_id),
 			dbesc($album)
 		);
 	}
 	else {
 		$r = q("SELECT distinct resource_id  from photo where uid = %d and album = '%s' ",
 			intval($channel_id),
 			dbesc($album)
 		);
 	}
 	if($r) {
 		$arr = array();
 		foreach($r as $rr) {
 			$arr[] = "'" . dbesc($rr['resource_id']) . "'" ;
 		}
 		$str = implode(',',$arr);
 		return $str;
 	}
 	return false;
 }
--- a/mod/photos.php
+++ b/mod/photos.php
@ -14,6 +14,7 @@ function photos_init(&$a) {
 	if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
 		return;
 	}
 	$o = '';
 	if(argc() > 1) {
@ -32,14 +33,13 @@ function photos_init(&$a) {
 		$a->data['perms'] = get_all_perms($channelx[0]['channel_id'],$observer_xchan);
 		$a->set_widget('vcard',vcard_from_xchan($a->data['channel'],$observer));
 		if($a->data['perms']['view_photos']) {
 			$a->data['albums'] = photos_albums_list($a->data['channel'],$observer);
 			$a->set_widget('photo_albums',photos_album_widget($a->data['channel'],$observer,$a->data['albums']));
 		}
 		$a->page['htmlhead'] .= "<script> var ispublic = '" . t('everybody') . "';</script>" ;
@ -62,153 +62,106 @@ function photos_post(&$a) {
 	$phototypes = Photo::supportedTypes();
 	$can_post  = false;
 	$visitor   = 0;
 	$page_owner_uid = $a->data['channel']['channel_id'];
 	$community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false);
-	if((local_user()) && (local_user() == $page_owner_uid))
+	if($a->perms['post_photos'])
 		$can_post = true;
 	else {
 		if($community_page && remote_user()) {
 			$cid = 0;
 			if(is_array($_SESSION['remote'])) {
 				foreach($_SESSION['remote'] as $v) {
 					if($v['uid'] == $page_owner_uid) {
 						$cid = $v['cid'];
 						break;
 					}
 				}
 			}
 			if($cid) {
 				$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
 					intval($cid),
 					intval($page_owner_uid)
 				);
 				if(count($r)) {
 					$can_post = true;
 					$visitor = $cid;
 				}
 			}
 		}
 	}
 	if(! $can_post) {
 		notice( t('Permission denied.') . EOL );
 		if(is_ajax())
 			killme();
 		return;
 	}
-	$r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` 
+	$s = abook_self($page_owner_uid);
 		WHERE `user`.`uid` = %d AND `self` = 1 LIMIT 1",
 		intval($page_owner_uid)
 	);
-	if(! count($r)) {
+	if(! $s) {
-		notice( t('Contact information unavailable') . EOL);
+		notice( t('Page owner information could not be retrieved.') . EOL);
-		logger('photos_post: unable to locate contact record for page owner. uid=' . $page_owner_uid);
+		logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid);
 		if(is_ajax())
 			killme();
 		return;
 	}
-	$owner_record = $r[0];	
+	$owner_record = $s[0];	
-	if(($a->argc > 3) && ($a->argv[2] === 'album')) {
+	if((argc() > 3) && (argv(2) === 'album')) {
 		$album = hex2bin($a->argv[3]);
-		if($album === t('Profile Photos') || $album === 'Contact Photos' || $album === t('Contact Photos')) {
+		$album = hex2bin(argv(3));
 		if($album === t('Profile Photos')) {
 			// not allowed
 			goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
 			return; // NOTREACHED
 		}
-		$r = q("SELECT count(*) FROM `photo` WHERE `album` = '%s' AND `uid` = %d",
+		if(! photos_album_exists($page_owner_uid,$album)) {
 			dbesc($album),
 			intval($page_owner_uid)
 		);
 		if(! count($r)) {
 			notice( t('Album not found.') . EOL);
 			goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
 			return; // NOTREACHED
 		}
-		$newalbum = notags(trim($_POST['albumname']));
+
 		/*
 		 * RENAME photo album
 		 */
 		$newalbum = notags(trim($_REQUEST['albumname']));
 		if($newalbum != $album) {
-			q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d",
+			$x = photos_album_rename($page_owner_uid,$album,$newalbum);
-				dbesc($newalbum),
+			if($x) {
 				dbesc($album),
 				intval($page_owner_uid)
 			);
 				$newurl = str_replace(bin2hex($album),bin2hex($newalbum),$_SESSION['photo_return']);
 				goaway($a->get_baseurl() . '/' . $newurl);
-			return; // NOTREACHED
+			}
 		}
 		/*
 		 * DELETE photo album and all its photos
 		 */
-		if($_POST['dropalbum'] == t('Delete Album')) {
+		if($_REQUEST['dropalbum'] == t('Delete Album')) {
 			$res = array();
 			// get the list of photos we are about to delete
-			if($visitor) {
+			if(remote_user() && (! local_user())) {
-				$r = q("SELECT distinct(`resource_id`) as `rid` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `album` = '%s'",
+				$str = photos_album_get_db_idstr($page_owner_uid,$album,remote_user());
-					intval($visitor),
+			}
-					intval($page_owner_uid),
+			elseif(local_user()) {
-					dbesc($album)
+				$str = photos_album_get_db_idstr(local_user(),$album);
 				);
 			}
 			else {
-				$r = q("SELECT distinct(`resource_id`) as `rid` FROM `photo` WHERE `uid` = %d AND `album` = '%s'",
+				$str = null;
 					intval(local_user()),
 					dbesc($album)
 				);
 			}
-			if(count($r)) {
+			if(! $str) {
 				foreach($r as $rr) {
 					$res[] = "'" . dbesc($rr['rid']) . "'" ;
 				}
 			}
 			else {
 				goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
 				return; // NOTREACHED
 			}
-			$str_res = implode(',', $res);
+			$r = q("select id, item_restrict from item where resource_id in ( $str ) and resource_type = 'photo' and uid = %d",
 			// remove the associated photos
 			q("DELETE FROM `photo` WHERE `resource_id` IN ( $str_res ) AND `uid` = %d",
 				intval($page_owner_uid)
 			);
 			if($r) {
 				foreach($r as $i) {
 					drop_item($i['id'],false);
 					if(! $item_restrict)
 						proc_run('php','include/notifier.php','drop',$i['id']);
 				}
 			}
-			// find and delete the corresponding item with all the comments and likes/dislikes
+			// remove the associated photos in case they weren't attached to an item
-			$r = q("SELECT `parent_uri` FROM `item` WHERE `resource_id` IN ( $str_res ) AND `uid` = %d",
+			q("delete from photo where resource_id in ( $str ) and uid = %d",
 				intval($page_owner_uid)
 			);
 			if(count($r)) {
 				foreach($r as $rr) {
 					q("UPDATE `item` SET `deleted` = 1, `changed` = '%s' WHERE `parent_uri` = '%s' AND `uid` = %d",
 						dbesc(datetime_convert()),
 						dbesc($rr['parent_uri']),
 						intval($page_owner_uid)
 					);
 					$drop_id = intval($rr['id']);
 					// send the notification upstream/downstream as the case may be
 					if($rr['visible'])
 						proc_run('php',"include/notifier.php","drop","$drop_id");
 				}
 			}
 		}
 		goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address']);
 		return; // NOTREACHED
 	}
-	if(($a->argc > 2) && (x($_POST,'delete')) && ($_POST['delete'] == t('Delete Photo'))) {
+	if((argc() > 2) && (x($_REQUEST,'delete')) && ($_REQUEST['delete'] === t('Delete Photo'))) {
-
+// FIXME
 		// same as above but remove single photo
 		if($visitor) {