clean up the photo storage backend, revamp mod/wall_upload

2013-01-22 17:48:42 -08:00 · 2013-01-22 17:48:42 -08:00 · cf2488e999
commit cf2488e999
parent beb3301d43
12 changed files with 135 additions and 422 deletions
--- a/boot.php
+++ b/boot.php
@ -16,7 +16,7 @@ require_once('include/features.php');
 define ( 'FRIENDICA_PLATFORM',     'Friendica Red');
 define ( 'FRIENDICA_VERSION',      trim(file_get_contents('version.inc')) . 'R');
 define ( 'ZOT_REVISION',               1     ); 
-define ( 'DB_UPDATE_VERSION',       1020     );
+define ( 'DB_UPDATE_VERSION',       1021     );
 define ( 'EOL',                    '<br />' . "\r\n"     );
 define ( 'ATOM_TIME',              'Y-m-d\TH:i:s\Z' );
--- a/include/Photo.php
+++ b/include/Photo.php
@ -523,7 +523,7 @@ class Photo {
-    public function store($uid, $xchan, $rid, $filename, $album, $scale, $profile = 0, $allow_cid = '', $allow_gid = '', $deny_cid = '', $deny_gid = '') {
+    public function store($aid, $uid, $xchan, $rid, $filename, $album, $scale, $profile = 0, $allow_cid = '', $allow_gid = '', $deny_cid = '', $deny_gid = '') {
        $x = q("select id from photo where `resource_id` = '%s' and uid = %d and `xchan` = '%s' and `scale` = %d limit 1",
                dbesc($rid),
@ -533,6 +533,7 @@ class Photo {
        );
        if(count($x)) {
            $r = q("UPDATE `photo`
 				set `aid` = %d,
                set `uid` = %d,
                `xchan` = '%s',
                `resource_id` = '%s',
@ -544,6 +545,7 @@ class Photo {
                `height` = %d,
                `width` = %d,
                `data` = '%s',
 				`size` = %d,
                `scale` = %d,
                `profile` = %d,
                `allow_cid` = '%s',
@ -552,6 +554,7 @@ class Photo {
                `deny_gid` = '%s'
                where id = %d limit 1",
 				intval($aid),
                intval($uid),
                dbesc($xchan),
                dbesc($rid),
@ -563,6 +566,7 @@ class Photo {
                intval($this->getHeight()),
                intval($this->getWidth()),
                dbesc($this->imageString()),
 				intval(strlen($this->imageString())),
                intval($scale),
                intval($profile),
                dbesc($allow_cid),
@ -574,8 +578,9 @@ class Photo {
        }
        else {
            $r = q("INSERT INTO `photo`
-                ( `uid`, `xchan`, `resource_id`, `created`, `edited`, `filename`, type, `album`, `height`, `width`, `data`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` )
+                ( `aid`, `uid`, `xchan`, `resource_id`, `created`, `edited`, `filename`, type, `album`, `height`, `width`, `data`, `size`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` )
-                VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d, '%s', '%s', '%s', '%s' )",
+                VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s' )",
 				intval($aid),
                intval($uid),
                dbesc($xchan),
                dbesc($rid),
@ -587,6 +592,7 @@ class Photo {
                intval($this->getHeight()),
                intval($this->getWidth()),
                dbesc($this->imageString()),
 				intval(strlen($this->imageString())),
                intval($scale),
                intval($profile),
                dbesc($allow_cid),
@ -669,21 +675,21 @@ function import_profile_photo($photo,$xchan) {
        $img->scaleImageSquare(175);
-        $r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 4 );
+        $r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 4 );
        if($r === false)
            $photo_failure = true;
        $img->scaleImage(80);
-        $r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 5 );
+        $r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 5 );
        if($r === false)
            $photo_failure = true;
        $img->scaleImage(48);
-        $r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 6 );
+        $r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 6 );
        if($r === false)
            $photo_failure = true;
--- a/include/items.php
+++ b/include/items.php
@ -2080,13 +2080,13 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
 			$img->scaleImageSquare(175);
 			$hash = $resource_id;
-			$r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 4);
+			$r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 4);
 			$img->scaleImage(80);
-			$r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 5);
+			$r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 5);
 			$img->scaleImage(48);
-			$r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 6);
+			$r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 6);
 			$a = get_app();
--- a/include/user.php
+++ b/include/user.php
@ -1,320 +0,0 @@
 <?php
 require_once('include/config.php');
 require_once('include/network.php');
 require_once('include/plugin.php');
 require_once('include/text.php');
 require_once('include/language.php');
 require_once('include/datetime.php');
 function create_user($arr) {
 	// Required: { username, nickname, email } or { openid_url }
 	$a = get_app();
 	$result = array('success' => false, 'user' => null, 'password' => '', 'message' => '');
 	$using_invites = get_config('system','invitation_only');
 	$num_invites   = get_config('system','number_invites');
 	$invite_id  = ((x($arr,'invite_id'))  ? notags(trim($arr['invite_id']))  : '');
 	$username   = ((x($arr,'username'))   ? notags(trim($arr['username']))   : '');
 	$nickname   = ((x($arr,'nickname'))   ? notags(trim($arr['nickname']))   : '');
 	$email      = ((x($arr,'email'))      ? notags(trim($arr['email']))      : '');
 	$openid_url = ((x($arr,'openid_url')) ? notags(trim($arr['openid_url'])) : '');
 	$photo      = ((x($arr,'photo'))      ? notags(trim($arr['photo']))      : '');
 	$password   = ((x($arr,'password'))   ? trim($arr['password'])           : '');
 	$blocked    = ((x($arr,'blocked'))    ? intval($arr['blocked'])  : 0);
 	$verified   = ((x($arr,'verified'))   ? intval($arr['verified']) : 0);
 	$publish    = ((x($arr,'profile_publish_reg') && intval($arr['profile_publish_reg'])) ? 1 : 0);
 	$netpublish = ((strlen(get_config('system','directory_submit_url'))) ? $publish : 0);
 	$tmp_str = $openid_url;
 	if($using_invites) {
 		if(! $invite_id) {
 			$result['message'] .= t('An invitation is required.') . EOL;
 			return $result;
 		}
 		$r = q("select * from register where `hash` = '%s' limit 1", dbesc($invite_id));
 		if(! results($r)) {
 			$result['message'] .= t('Invitation could not be verified.') . EOL;
 			return $result;
 		}
 	} 
 	if((! x($username)) || (! x($email)) || (! x($nickname))) {
 		if($openid_url) {
 			if(! validate_url($tmp_str)) {
 				$result['message'] .= t('Invalid OpenID url') . EOL;
 				return $result;
 			}
 			$_SESSION['register'] = 1;
 			$_SESSION['openid'] = $openid_url;
 			require_once('library/openid.php');
 			$openid = new LightOpenID;
 			$openid->identity = $openid_url;
 			$openid->returnUrl = $a->get_baseurl() . '/openid'; 
 			$openid->required = array('namePerson/friendly', 'contact/email', 'namePerson');
 			$openid->optional = array('namePerson/first','media/image/aspect11','media/image/default');
 			goaway($openid->authUrl());
 			// NOTREACHED	
 		}
 		notice( t('Please enter the required information.') . EOL );
 		return;
 	}
 	if(! validate_url($tmp_str))
 		$openid_url = '';
 	$err = '';
 	// collapse multiple spaces in name
 	$username = preg_replace('/ +/',' ',$username);
 	if(mb_strlen($username) > 48)
 		$result['message'] .= t('Please use a shorter name.') . EOL;
 	if(mb_strlen($username) < 3)
 		$result['message'] .= t('Name too short.') . EOL;
 	// I don't really like having this rule, but it cuts down
 	// on the number of auto-registrations by Russian spammers
 	//  Using preg_match was completely unreliable, due to mixed UTF-8 regex support
 	//	$no_utf = get_config('system','no_utf');
 	//	$pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' ); 
 	// So now we are just looking for a space in the full name. 
 	$loose_reg = get_config('system','no_regfullname');
 	if(! $loose_reg) {
 		$username = mb_convert_case($username,MB_CASE_TITLE,'UTF-8');
 		if(! strpos($username,' '))
 			$result['message'] .= t("That doesn't appear to be your full \x28First Last\x29 name.") . EOL;
 	}
 	if(! allowed_email($email))
 		$result['message'] .= t('Your email domain is not among those allowed on this site.') . EOL;
 	if((! valid_email($email)) || (! validate_email($email)))
 		$result['message'] .= t('Not a valid email address.') . EOL;
 	// Disallow somebody creating an account using openid that uses the admin email address,
 	// since openid bypasses email verification. We'll allow it if there is not yet an admin account.
 	if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) {
 		$r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
 			dbesc($email)
 		);
 		if(count($r))
 			$result['message'] .= t('Cannot use that email.') . EOL;
 	}
 	$nickname = $arr['nickname'] = strtolower($nickname);
 	if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname))
 		$result['message'] .= t('Your "nickname" can only contain "a-z", "0-9", "-", and "_", and must also begin with a letter.') . EOL;
 	$r = q("SELECT `uid` FROM `user`
               	WHERE `nickname` = '%s' LIMIT 1",
               	dbesc($nickname)
 	);
 	if(count($r))
 		$result['message'] .= t('Nickname is already registered. Please choose another.') . EOL;
 	// Check deleted accounts that had this nickname. Doesn't matter to us,
 	// but could be a security issue for federated platforms.
 	$r = q("SELECT * FROM `userd`
               	WHERE `username` = '%s' LIMIT 1",
               	dbesc($nickname)
 	);
 	if(count($r))
 		$result['message'] .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL;
 	if(strlen($result['message'])) {
 		return $result;
 	}
 	$new_password = ((strlen($password)) ? $password : autoname(6) . mt_rand(100,9999));
 	$new_password_encoded = hash('whirlpool',$new_password);
 	$result['password'] = $new_password;
 	require_once('include/crypto.php');
 	$keys = new_keypair(4096);
 	if($keys === false) {
 		$result['message'] .= t('SERIOUS ERROR: Generation of security keys failed.') . EOL;
 		return $result;
 	}
 	$default_service_class = get_config('system','default_service_class');
 	if(! $default_service_class)
 		$default_service_class = '';
 	$prvkey = $keys['prvkey'];
 	$pubkey = $keys['pubkey'];
 	$r = q("INSERT INTO `user` ( `guid`, `username`, `password`, `email`, `openid`, `nickname`,
 		`pubkey`, `prvkey`, `register_date`, `verified`, `blocked`, `timezone`, `service_class` )
 		VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, 'UTC', '%s' )",
 		dbesc(generate_user_guid()),
 		dbesc($username),
 		dbesc($new_password_encoded),
 		dbesc($email),
 		dbesc($openid_url),
 		dbesc($nickname),
 		dbesc($pubkey),
 		dbesc($prvkey),
 		dbesc(datetime_convert()),
 		intval($verified),
 		intval($blocked),
 		dbesc($default_service_class)
 	);
 	if($r) {
 		$r = q("SELECT * FROM `user` 
 			WHERE `username` = '%s' AND `password` = '%s' LIMIT 1",
 			dbesc($username),
 			dbesc($new_password_encoded)
 		);
 		if($r !== false && count($r)) {
 			$u = $r[0];
 			$newuid = intval($r[0]['uid']);
 		}
 	}
 	else {
 		$result['message'] .=  t('An error occurred during registration. Please try again.') . EOL ;
 		return $result;
 	} 		
 	/**
 	 * if somebody clicked submit twice very quickly, they could end up with two accounts 
 	 * due to race condition. Remove this one.
 	 */
 	$r = q("SELECT `uid` FROM `user`
               	WHERE `nickname` = '%s' ",
               	dbesc($nickname)
 	);
 	if((count($r) > 1) && $newuid) {
 		$result['message'] .= t('Nickname is already registered. Please choose another.') . EOL;
 		q("DELETE FROM `user` WHERE `uid` = %d LIMIT 1",
 			intval($newuid)
 		);
 		return $result;
 	}
 	if(x($newuid) !== false) {
 		$r = q("INSERT INTO `profile` ( `uid`, `profile_name`, `is_default`, `name`, `photo`, `thumb`, `publish`, `net-publish` )
 			VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, %d ) ",
 			intval($newuid),
 			t('default'),
 			1,
 			dbesc($username),
 			dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"),
 			dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}"),
 			intval($publish),
 			intval($netpublish)
 		);
 		if($r === false) {
 			$result['message'] .=  t('An error occurred creating your default profile. Please try again.') . EOL;
 			// Start fresh next time.
 			$r = q("DELETE FROM `user` WHERE `uid` = %d",
 				intval($newuid));
 			return $result;
 		}
 		$r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`, `nurl`,
 			`request`, `notify`, `poll`, `confirm`, `poco`, `name_date`, `uri_date`, `avatar_date`, `closeness` )
 			VALUES ( %d, '%s', 1, '%s', '%s', '%s', '%s', '%s', 0, 0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 0 ) ",
 			intval($newuid),
 			datetime_convert(),
 			dbesc($username),
 			dbesc($nickname),
 			dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"),
 			dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}"),
 			dbesc($a->get_baseurl() . "/photo/micro/{$newuid}"),
 			dbesc($a->get_baseurl() . "/channel/$nickname"),
 			dbesc(normalise_link($a->get_baseurl() . "/channel/$nickname")),
 			dbesc($a->get_baseurl() . "/dfrn_request/$nickname"),
 			dbesc($a->get_baseurl() . "/dfrn_notify/$nickname"),
 			dbesc($a->get_baseurl() . "/dfrn_poll/$nickname"),
 			dbesc($a->get_baseurl() . "/dfrn_confirm/$nickname"),
 			dbesc($a->get_baseurl() . "/poco/$nickname"),
 			dbesc(datetime_convert()),
 			dbesc(datetime_convert()),
 			dbesc(datetime_convert())
 		);
 		// Create a group with no members. This allows somebody to use it 
 		// right away as a default group for new contacts. 
 		require_once('include/group.php');
 		group_add($newuid, t('Friends'));
 	}
 	// if we have no OpenID photo try to look up an avatar
 	if(! strlen($photo))
 		$photo = avatar_img($email);
 	// unless there is no avatar-plugin loaded
 	if(strlen($photo)) {
 		require_once('include/Photo.php');
 		$photo_failure = false;
 		$filename = basename($photo);
 		$img_str = fetch_url($photo,true);
 		// guess mimetype from headers or filename
 		$type = guess_image_type($photo,true);
 		$img = new Photo($img_str, $type);
 		if($img->is_valid()) {
 			$img->scaleImageSquare(175);
 			$hash = photo_new_resource();
 			$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 4 );
 			if($r === false)
 				$photo_failure = true;
 			$img->scaleImage(80);
 			$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 5 );
 			if($r === false)
 				$photo_failure = true;
 			$img->scaleImage(48);
 			$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 6 );
 			if($r === false)
 				$photo_failure = true;
 			if(! $photo_failure) {
 				q("UPDATE `photo` SET `profile` = 1 WHERE `resource_id` = '%s' ",
 					dbesc($hash)
 				);
 			}
 		}
 	}
 	call_hooks('register_account', $newuid);
 	$result['success'] = true;
 	$result['user'] = $u;
 	return $result;
 }
--- a/install/database.sql
+++ b/install/database.sql
@ -630,8 +630,6 @@ CREATE TABLE IF NOT EXISTS `photo` (
  `aid` int(10) unsigned NOT NULL DEFAULT '0',
  `uid` int(10) unsigned NOT NULL,
  `xchan` char(255) NOT NULL DEFAULT '',
  `contact-id` int(10) unsigned NOT NULL DEFAULT '0',
  `guid` char(64) NOT NULL,
  `resource_id` char(255) NOT NULL,
  `created` datetime NOT NULL,
  `edited` datetime NOT NULL,
@ -652,7 +650,7 @@ CREATE TABLE IF NOT EXISTS `photo` (
  `deny_gid` mediumtext NOT NULL,
  PRIMARY KEY (`id`),
  KEY `uid` (`uid`),
-  KEY `resource-id` (`resource_id`),
+  KEY `resource_id` (`resource_id`),
  KEY `album` (`album`),
  KEY `scale` (`scale`),
  KEY `profile` (`profile`),
--- a/install/update.php
+++ b/install/update.php
@ -1,6 +1,6 @@
 <?php
-define( 'UPDATE_VERSION' , 1020 );
+define( 'UPDATE_VERSION' , 1021 );
 /**
 *
@ -285,3 +285,10 @@ function update_r1019() {
 		return UPDATE_SUCCESS;
 	return UPDATE_FAILED;
 }
 function update_r1020() {
 	$r = q("alter table photo drop `contact-id`, drop guid, drop index `resource-id`, add index ( `resource_id` )");
 	if($r)
 		return UPDATE_SUCCESS;
 	return UPDATE_FAILED;
 }
--- a/mod/intro.php
+++ b/mod/intro.php
@ -6,9 +6,10 @@ function intro_post(&$a) {
 	if(! intval($_REQUEST['contact_id']))
 		return;
 	$approved = false;
 	$flags = 0;
 	if($_REQUEST['submit'] == t('Approve')) {
-		;
+		$approved = true;
 	}
 	elseif($_REQUEST['submit'] == t('Block')) {
 		$flags = ABOOK_FLAG_BLOCKED;
@ -29,6 +30,10 @@ function intro_post(&$a) {
 	else
 		notice( t('Connection update failed.') . EOL);
 	if($approved)
 		goaway(z_root() . '/connections/' . $_REQUEST['contact_id']);
 }
 function intro_aside(&$a) {
--- a/mod/photos.php
+++ b/mod/photos.php
@ -30,7 +30,7 @@ function photos_init(&$a) {
 		$o .= '<div class="vcard">';
 		$o .= '<div class="fn">' . $a->data['channel']['channel_name'] . '</div>';
-		$o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->get_cached_avatar_image($a->get_baseurl() . '/photo/profile/l/' . $a->data['channel']['channel_id']) . '" alt="' . $a->data['channel']['channel_name'] . '" /></div>';
+		$o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->get_baseurl() . '/photo/profile/l/' . $a->data['channel']['channel_id'] . '" alt="' . $a->data['channel']['channel_name'] . '" /></div>';
 		$o .= '</div>';
@ -790,7 +790,9 @@ function photos_post(&$a) {
 	$photo_hash = photo_new_resource();
-	$r = $ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
+	$page_owner_aid = $a->data['channel']['channel_account_id'];
 	$r = $ph->store($page_owner_aid, $page_owner_uid, $visitor, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
 	if(! $r) {
 		logger('mod/photos.php: photos_post(): image store failed' , LOGGER_DEBUG);
@ -800,13 +802,13 @@ function photos_post(&$a) {
 	if($width > 640 || $height > 640) {
 		$ph->scaleImage(640);
-		$ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
+		$ph->store($page_owner_aid, $page_owner_uid, $visitor, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
 		$smallest = 1;
 	}
 	if($width > 320 || $height > 320) {
 		$ph->scaleImage(320);
-		$ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
+		$ph->store($page_owner_aid, $page_owner_uid, $visitor, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
 		$smallest = 2;
 	}
@ -928,6 +930,7 @@ function photos_content(&$a) {
 	$contact_id     = 0;
 	$owner_uid = $a->data['channel']['channel_id'];
 	$owner_aid = $a->data['channel']['channel_account_id'];
 	$community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false);
--- a/mod/profile_photo.php
+++ b/mod/profile_photo.php
@ -81,8 +81,9 @@ function profile_photo_post(&$a) {
 			$im = new Photo($base_image['data'], $base_image['type']);
 			if($im->is_valid()) {
 				$im->cropImage(175,$srcX,$srcY,$srcW,$srcH);
 				$aid = get_account_id();
-				$r = $im->store(local_user(), 0, $base_image['resource_id'],$base_image['filename'], 
+				$r = $im->store($aid, local_user(), '', $base_image['resource_id'],$base_image['filename'], 
 					t('Profile Photos'), 4, $is_default_profile);
 				if($r === false)
@ -90,7 +91,7 @@ function profile_photo_post(&$a) {
 				$im->scaleImage(80);
-				$r = $im->store(local_user(), 0, $base_image['resource_id'],$base_image['filename'], 
+				$r = $im->store($aid, local_user(), '', $base_image['resource_id'],$base_image['filename'], 
 					t('Profile Photos'), 5, $is_default_profile);
 				if($r === false)
@ -98,7 +99,7 @@ function profile_photo_post(&$a) {
 				$im->scaleImage(48);
-				$r = $im->store(local_user(), 0, $base_image['resource_id'],$base_image['filename'], 
+				$r = $im->store($aid, local_user(), '', $base_image['resource_id'],$base_image['filename'], 
 					t('Profile Photos'), 6, $is_default_profile);
 				if($r === false)
@ -308,7 +309,7 @@ function profile_photo_crop_ui_head(&$a, $ph){
 	$smallest = 0;
-	$r = $ph->store(local_user(), 0 , $hash, $filename, t('Profile Photos'), 0 );	
+	$r = $ph->store(get_account_id(), local_user(), '', $hash, $filename, t('Profile Photos'), 0 );	
 	if($r)
 		info( t('Image uploaded successfully.') . EOL );
@ -317,7 +318,7 @@ function profile_photo_crop_ui_head(&$a, $ph){
 	if($width > 640 || $height > 640) {
 		$ph->scaleImage(640);
-		$r = $ph->store(local_user(), 0 , $hash, $filename, t('Profile Photos'), 1 );	
+		$r = $ph->store(get_account_id(), local_user(), '' , $hash, $filename, t('Profile Photos'), 1 );	
 		if($r === false)
 			notice( sprintf(t('Image size reduction [%s] failed.'),"640") . EOL );
--- a/mod/wall_upload.php
+++ b/mod/wall_upload.php
@ -2,73 +2,59 @@
 require_once('Photo.php');
 function wall_upload_post(&$a) {
-	if(argc() > 1) {
+	$using_api = ((x($_FILES,'media')) ? true : false); 
-		if(! x($_FILES,'media')) {
+
 	if($using_api) {
 		require_once('include/api.php');
 		$user_info = api_get_user($a);
 		$nick = $user_info['screen_name'];
 	}
 	else {
 		if(argc() > 1)
 			$nick = argv(1);
-		}
+	}
-		else {
+
-			$user_info = api_get_user($a);
+	$channel = null;
-			$nick = $user_info['screen_name'];
+
-		}
+	if($nick) {		
 		$r = q("SELECT channel.* from channel where channel_address = '%s' limit 1",
 			dbesc($nick)
 		);
-		if(! ($r && count($r)))
+		if($r)
-			return;
+			$channel = $r[0];
 		$channel = $r[0];
 	}
 	else
 		return;
 	if(! $channel) {
 		if($using_api)
 			return;
 		else {
 			notice( t('Channel not found.') . EOL);
 			killme();
 		}
 	}
 	$can_post  = false;
 	$visitor   = 0;
 	$page_owner_uid   = $r[0]['channel_id'];
 //	$default_cid      = $r[0]['id'];
-	$page_owner_nick  = $r[0]['channel_address'];
+	$observer = $a->get_observer();
-//	$community_page   = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
+	if(! perm_is_allowed($page_owner_uid,$observer['xchan_hash'],'post_photos')) {
-
+		if($using_api)
-	if((local_user()) && (local_user() == $page_owner_uid))
+			return;
-		$can_post = true;
+		else {
-
+			notice( t('Permission denied.') . EOL);
-//	else {
+			killme();
-//		if($community_page && remote_user()) {
+		}
 //			$cid = 0;
 //			if(is_array($_SESSION['remote'])) {
 //				foreach($_SESSION['remote'] as $v) {
 //					if($v['uid'] == $page_owner_uid) {
 //						$cid = $v['cid'];
 //						break;
 //					}
 //				}
 //			}
 //			if($cid) {
 //				$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
 //					intval($cid),
 //					intval($page_owner_uid)
 //				);
 //				if(count($r)) {
 //					$can_post = true;
 //					$visitor = $cid;
 //				}
 //			}
 //		}
 //	}
 	if(! $can_post) {
 		notice( t('Permission denied.') . EOL );
 		killme();
 	}
 	if(! x($_FILES,'userfile') && ! x($_FILES,'media'))
 		killme();
 	if(x($_FILES,'userfile')) {
 		$src      = $_FILES['userfile']['tmp_name'];
 		$filename = basename($_FILES['userfile']['name']);
@ -81,36 +67,58 @@ function wall_upload_post(&$a) {
 		$filesize = intval($_FILES['media']['size']);
 		$filetype = $_FILES['media']['type'];
 	}
 	else {
 		if($using_api)
 			return;
 		else {
 			notice( t('Empty upload.') . EOL);
 			killme();
 		}
 	}
-    if ($filetype=="") $filetype=guess_image_type($filename);
+    if($filetype == "") 
 		$filetype=guess_image_type($filename);
 	$maximagesize = get_config('system','maximagesize');
 	if(($maximagesize) && ($filesize > $maximagesize)) {
 		echo  sprintf( t('Image exceeds size limit of %d'), $maximagesize) . EOL;
 		@unlink($src);
-		killme();
+		if($using_api)
 			return;
 		else {
 			echo  sprintf( t('Image exceeds size limit of %d'), $maximagesize) . EOL;
 			killme();
 		}
 	}
 	$r = q("select sum(octet_length(data)) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ",
 		intval($page_owner_uid)
 	);
 	$limit = service_class_fetch($page_owner_uid,'photo_upload_limit');
-
+	if($limit !== false) {
-	if(($limit !== false) && (($r[0]['total'] + strlen($imagedata)) > $limit)) {
+		$r = q("select sum(size) as total from photo where uid = %d and scale = 0 ",
-		echo upgrade_message(true) . EOL ;
+			intval($page_owner_uid)
-		@unlink($src);
+		);
-		killme();
+		if(($r) && (($r[0]['total'] + strlen($imagedata)) > $limit)) {
 			@unlink($src);
 			if($using_api)
 				return;
 			else {
 				echo upgrade_message(true) . EOL ;
 				killme();
 			}
 		}
 	}
 	$imagedata = @file_get_contents($src);
 	$ph = new Photo($imagedata, $filetype);
 	if(! $ph->is_valid()) {
 		echo ( t('Unable to process image.') . EOL);
 		@unlink($src);
-		killme();
+		if($using_api)
 			return;
 		else {
 			echo ( t('Unable to process image.') . EOL);
 			killme();
 		}
 	}
 	$ph->orient($src);
@ -130,31 +138,36 @@ function wall_upload_post(&$a) {
 	$smallest = 0;
 	$defperm = '<' . $channel['channel_hash'] . '>';
 	$aid = $channel['channel_account_id'];
 	$visitor = ((remote_user()) ? remote_user() : '');
-	$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, $defperm);
+	$r = $ph->store($aid, $page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, $defperm);
 	if(! $r) {
-		echo ( t('Image upload failed.') . EOL);
+		if($using_api)
-		killme();
+			return;
 		else {
 			echo ( t('Image upload failed.') . EOL);
 			killme();
 		}
 	}
 	if($width > 640 || $height > 640) {
 		$ph->scaleImage(640);
-		$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, $defperm);
+		$r = $ph->store($aid, $page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, $defperm);
 		if($r) 
 			$smallest = 1;
 	}
 	if($width > 320 || $height > 320) {
 		$ph->scaleImage(320);
-		$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, $defperm);
+		$r = $ph->store($aid, $page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, $defperm);
 		if($r)
 			$smallest = 2;
 	}
 	$basename = basename($filename);
 	if($_REQUEST['silent']) {
 		$m = '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}.".$ph->getExt()."[/img][/url]";
 		return($m);
--- a/version.inc
+++ b/version.inc
@ -1 +1 @@
-2013-01-21.207
+2013-01-22.208
--- a/view/tpl/jot-header.tpl
+++ b/view/tpl/jot-header.tpl
@ -134,7 +134,7 @@ function enableOnUser(){
 		var uploader = new window.AjaxUpload(
 			'wall-image-upload',
-			{ action: 'wall_upload/$nickname',
+			{ action: '$baseurl/wall_upload/$nickname',
 				name: 'userfile',
 				onSubmit: function(file,ext) { $('#profile-rotator').show(); },
 				onComplete: function(file,response) {
@ -145,7 +145,7 @@ function enableOnUser(){
 		);
 		var file_uploader = new window.AjaxUpload(
 			'wall-file-upload',
-			{ action: 'wall_attach/$nickname',
+			{ action: '$baseurl/wall_attach/$nickname',
 				name: 'userfile',
 				onSubmit: function(file,ext) { $('#profile-rotator').show(); },
 				onComplete: function(file,response) {
@ -181,7 +181,7 @@ function enableOnUser(){
 		if(reply && reply.length) {
 			reply = bin2hex(reply);
 			$('#profile-rotator').show();
-			$.get('parse_url?binurl=' + reply, function(data) {
+			$.get('$baseurl/parse_url?binurl=' + reply, function(data) {
 				addeditortext(data);
 				$('#profile-rotator').hide();
 			});
@ -214,7 +214,7 @@ function enableOnUser(){
 		if ($('#jot-popup').length != 0) $('#jot-popup').show();
 		$('#like-rotator-' + id).show();
-		$.get('share/' + id, function(data) {
+		$.get('$baseurl/share/' + id, function(data) {
 			if (!editor) $("#profile-jot-text").val("");
 			initEditor(function(){
 				addeditortext(data);
@ -238,7 +238,7 @@ function enableOnUser(){
 		if(reply && reply.length) {
 			reply = bin2hex(reply);
 			$('#profile-rotator').show();
-			$.get('parse_url?binurl=' + reply, function(data) {
+			$.get('$baseurl/parse_url?binurl=' + reply, function(data) {
 				if (!editor) $("#profile-jot-text").val("");
 				initEditor(function(){
 					addeditortext(data);
@ -257,7 +257,7 @@ function enableOnUser(){
 				commentBusy = true;
 				$('body').css('cursor', 'wait');
-				$.get('tagger/' + id + '?term=' + reply);
+				$.get('$baseurl/tagger/' + id + '?term=' + reply);
 				if(timer) clearTimeout(timer);
 				timer = setTimeout(NavUpdate,3000);
 				liking = 1;
@ -284,7 +284,7 @@ function enableOnUser(){
 				if(reply && reply.length) {
 					commentBusy = true;
 					$('body').css('cursor', 'wait');
-					$.get('filer/' + id + '?term=' + reply, NavUpdate);
+					$.get('$baseurl/filer/' + id + '?term=' + reply, NavUpdate);
 //					if(timer) clearTimeout(timer);
 //					timer = setTimeout(NavUpdate,3000);
 					liking = 1;