X-Git-Url: http://git.roojs.org/?a=blobdiff_plain;f=Images.php;h=4d2fd145b07c6d5a7364a0ed0260c19a9847d879;hb=refs%2Fheads%2Fwip_alan_T5884_add_photo_to_report;hp=04638bfd769f2c833c035bedaf0d44d27af84125;hpb=95a030d6de8d834a468bbb4bbd672c5318de4709;p=Pman.Core diff --git a/Images.php b/Images.php index 04638bfd..4d2fd145 100644 --- a/Images.php +++ b/Images.php @@ -2,6 +2,9 @@ /** * Deal with image delivery and HTML replacement of image links in body text. * + * + * NOTE THIS WAS NEVER INTENDED FOR PUBLIC IMAGE DISTRIBUTION - we need to create a seperate file for that... + * * $str = Pman_Core_Images::replaceImg($str); // < use with HTML * * or @@ -37,14 +40,33 @@ require_once 'Pman.php'; class Pman_Core_Images extends Pman { + + // tables that do not need authentication checks before serving. + var $public_image_tables = array(); + + var $sizes = array( + '100', + '100x100', + '150', + '150x150', + '200', + '200x0', + '200x200', + '400x0', + '300x100', + '500' + ); function getAuth() { parent::getAuth(); // load company! //return true; $au = $this->getAuthUser(); - //if (!$au) { - // die("Access denied"); - // } + + if (!$au) { + $this->authUser = false; + return true;//die("Access denied"); + } + $this->authUser = $au; return true; @@ -52,11 +74,22 @@ class Pman_Core_Images extends Pman var $thumb = false; var $as_mimetype = false; var $method = 'inline'; + var $page = false; + var $is_local = false; - function get($s) // determin what to serve!!!! + function get($s, $opts=array()) // determin what to serve!!!! { + // for testing only. + //if (!empty($_GET['_post'])) { + // return $this->post(); + //} + + $this->is_local = (!empty($_SERVER['HTTP_HOST']) && $_SERVER['HTTP_HOST'] == 'localhost') ? true : false; + $this->as_mimetype = empty($_REQUEST['as']) ? '' : $_REQUEST['as']; + $this->page = empty($_REQUEST['page']) ? false : (int) $_REQUEST['page']; + $bits= explode('/', $s); $id = 0; // var_dump($bits);die('in'); @@ -78,10 +111,12 @@ class Pman_Core_Images extends Pman $id = empty($bits[3]) ? 0 : $bits[3]; } else if (!empty($bits[0]) && $bits[0] == 'events') { - + if (!$this->authUser) { + $this->imgErr("no-authentication-events",$s); + } $this->downloadEvent($bits); + $this->imgErr("unknown file",$s); - die ("unknown file?"); } else { @@ -89,9 +124,16 @@ class Pman_Core_Images extends Pman } if (strpos($id,':') > 0) { // id format tablename:id:-imgtype + + if (!$this->authUser) { + $this->imgErr("not-authenticated-using-colon-format",$s); + + } + $onbits = explode(':', $id); if ((count($onbits) < 2) || empty($onbits[1]) || !is_numeric($onbits[1]) || !strlen($onbits[0])) { - die("Bad url"); + $this->imgErr("bad-url",$s); + } //DB_DataObject::debugLevel(1); $img = DB_DataObject::factory('Images'); @@ -100,14 +142,14 @@ class Pman_Core_Images extends Pman if (empty($_REQUEST['anytype'])) { $img->whereAdd("mimetype like 'image/%'"); } - + $img->orderBy('title ASC'); /// spurious ordering... (curretnly used by shipping project) if (isset($onbits[2])) { $img->imgtype = $onbits[2]; } $img->limit(1); if (!$img->find(true)) { - header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' . - urlencode("no images for that item: " . htmlspecialchars($id))); + $this->imgErr("no images for that item: " . htmlspecialchars($id),$s); + } $id = $img->id; @@ -118,41 +160,72 @@ class Pman_Core_Images extends Pman // depreciated - should use ontable:onid:type here... if (!empty($_REQUEST['ontable'])) { - + + if (!$this->authUser) { + die("authentication required"); + } + //DB_DataObjecT::debugLevel(1); - $img = DB_DataObjecT::factory('Images'); + $img = DB_DataObject::factory('Images'); $img->setFrom($_REQUEST); - // use imgtype now... - // if (!empty($_REQUEST['query']['filename'])){ - // $img->whereAdd("filename LIKE '". $img->escape($_REQUEST['query']['filename']).".%'"); - // } + $img->limit(1); if (!$img->find(true)) { - header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason='. - urlencode("No file exists")); + $this->imgErr("No file exists",$s); } $id = $img->id; } - - $img = DB_DataObjecT::factory('Images'); if (!$id || !$img->get($id)) { - - header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' . - urlencode("image has been removed or deleted.")); + $this->imgErr("image has been removed or deleted.",$s); + } + + if($this->is_local) { + return $this->serve($img); + } + + if (!$this->authUser && !in_array($img->ontable,$this->public_image_tables)) { + if ($img->ontable != 'core_company') { + $this->imgErr("not-authenticated {$img->ontable}",$s); + } + if ($img->imgtype != 'LOGO') { + $this->imgErr("not-logo",$s); + } + $comp = $img->object(); + if ($comp->comptype != 'OWNER') { + $this->imgErr("not-owner-company",$s); + } + + return $this->serve($img); + + } + + if(!$this->hasPermission($img)){ + $this->imgErr("access to this image/file has been denied.",$s); } + $this->serve($img); exit; } + function imgErr($reason,$path) { + header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' . + urlencode($reason) .'&path='.urlencode($path)); + exit; + } + + function hasPermission($img) + { + return true; + } - function post() + function post($v) { if (!$this->authUser) { @@ -215,7 +288,7 @@ class Pman_Core_Images extends Pman } // print_r($img);exit; $x = $img->toFileConvert(); - if (empty($this->as_mimetype)) { + if (empty($this->as_mimetype) || $img->mimetype == 'image/gif') { $this->as_mimetype = $img->mimetype; } if (!$this->thumb) { @@ -226,12 +299,14 @@ class Pman_Core_Images extends Pman //echo "SKALING? $this->size"; // acutally if we generated the image, then we do not need to validate the size.. - - // if the mimetype is not converted.. // then the filename should be original.{size}.jpeg $fn = $img->getStoreName() . '.'. $this->size . '.jpeg'; // thumbs are currenly all jpeg.!??? + if($img->mimetype == 'image/gif'){ + $fn = $img->getStoreName() . '.'. $this->size . '.gif'; + } + if (!file_exists($fn)) { $fn = $img->getStoreName() . '.'. $this->size . '.'. $img->fileExt(); // if it's an image, convert into the same type for thumbnail.. @@ -240,12 +315,16 @@ class Pman_Core_Images extends Pman } } - if (!file_exists($fn)) { - + if (!file_exists($fn)) { $this->validateSize(); } - $x->convert( $this->as_mimetype, $this->size); + if(!empty($this->page) && !is_nan($this->page * 1)){ + $x->convert( $this->as_mimetype, $this->size, 0, $this->page); + } else { + $x->convert( $this->as_mimetype, $this->size); + } + $x->serve(); exit; @@ -255,37 +334,41 @@ class Pman_Core_Images extends Pman } function validateSize() { - - if ($this->authUser && $this->authUser->company_id && $this->authUser->company()->comptype=='OWNER') { + if($this->is_local) { return true; } - // DEFAULT allowed - override with $cfg['sizes']; + if (($this->authUser && !empty($this->authUser->company_id) && $this->authUser->company()->comptype=='OWNER') + || $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR']) { + return true; + } - $sizes = array( - '100', - '100x100', - '150', - '150x150', - '200', - '200x0', - '200x200', - '400x0', - '300x100', // logo on login. - '500', - ); - // this should be configurable... $ff = HTML_FlexyFramework::get(); - $cfg = isset($ff->Pman_Images) ? $ff->Pman_Images : - (isset($ff->Pman_Core_Images) ? $ff->Pman_Core_Images : array()); + $sizes= $this->sizes; + $cfg = isset($ff->Pman_Images) ? $ff->Pman_Images : + (isset($ff->Pman_Core_Images) ? $ff->Pman_Core_Images : array()); if (!empty($cfg['sizes'])) { $sizes = array_merge($sizes , $cfg['sizes']); } + $project = $ff->project; + + require_once $ff->project . '.php'; + + $project = str_replace('/', '_', $project); + + $pr_obj = new $project; + + // var_dump($pr_obj->Pman_Core_Images_Size); + if(isset($pr_obj->Pman_Core_Images_Size)){ + $sizes = $pr_obj->Pman_Core_Images_Size; + + + } if (!in_array($this->size, $sizes)) { die("invalid scale - ".$this->size); @@ -328,12 +411,28 @@ class Pman_Core_Images extends Pman foreach($imatch[1] as $i=>$key) { $attr[$key] = $imatch[2][$i]; } - if (!isset($attr['src']) || 0 !== strpos($attr['src'], $baseURL)) { + // does it contain baseURL??? --- well what about relative paths... + //print_R($attr); + + if (empty($attr['src'])) { + continue; + } + if (0 !== strpos($attr['src'], $baseURL)) { + // it starts with our 'new' baseURL? + $html = self::replaceImgUrl($html, $baseURL, $img, $attr, 'src' ); continue; } + if (false !== strpos($attr['src'], '//') && false === strpos($attr['src'], $baseURL)) { + // contains an absolute path.. that is probably not us... + continue; + } + // what about mailto or data... - just ignore?? for images... + $html = self::replaceImgUrl($html, $baseURL, $img, $attr, 'src' ); + } + $result = array(); preg_match_all('/]+>/i',$html, $result); @@ -369,7 +468,15 @@ class Pman_Core_Images extends Pman if(!preg_match('#/(Images|Images/Thumb/[a-z0-9]+|Images/Download)/([0-9]+)/(.*)$#', $attr_url, $umatch)) { return $html; } + $id = $umatch[2]; + $hash = ''; + if (!empty($umatch[3]) && strpos($umatch[3],'#')) { + $hh = explode('#',$umatch[3]); + $hash = '#'. array_pop($hh); + } + + $img = DB_DataObject::factory('Images'); if (!$img->get($id)) { return $html; @@ -415,7 +522,7 @@ class Pman_Core_Images extends Pman $new_tag = str_replace( $attr_name. '="'. $attr_url . '"', - $attr_name .'="'. htmlspecialchars($img->URL($thumbsize, $provider, $baseURL)) . '"', + $attr_name .'="'. htmlspecialchars($img->URL($thumbsize, $provider, $baseURL)) . $hash .'"', $tag ); @@ -426,7 +533,6 @@ class Pman_Core_Images extends Pman function downloadEvent($bits) { - $popts = PEAR::getStaticProperty('Pman','options'); $ev = DB_DAtaObject::Factory('events'); if (!$ev->get($bits[1])) { die("could not find event id"); @@ -439,18 +545,23 @@ class Pman_Core_Images extends Pman $user = getenv('USERNAME'); // windows. } $ff = HTML_FlexyFramework::get(); - $file = $ff->Pman['event_log_dir']. '/'. $user. date('/Y/m/d/',strtotime($ev->event_when)). $ev->id . ".json"; + + $file = $ev->logDir() . date('/Y/m/d/',strtotime($ev->event_when)). $ev->id . ".json"; + + if(!$file || !file_exists($file)){ + die("file was not saved"); + } + $filesJ = json_decode(file_get_contents($file)); - //print_r($filesJ); - foreach($filesJ->FILES as $k=>$f){ if ($f->tmp_name != $bits[2]) { continue; } - $src = $ff->Pman['event_log_dir']. '/'. $user. date('/Y/m/d/', strtotime($ev->event_when)). $f->tmp_name ; - if (!file_exists($src)) { + $src = $file = $ev->logDir() . date('/Y/m/d/', strtotime($ev->event_when)). $f->tmp_name ; + + if (!$src || !file_exists($src)) { die("file was not saved"); } header ('Content-Type: ' . $f->type);