X-Git-Url: http://git.roojs.org/?p=Pman.Core;a=blobdiff_plain;f=Images.php;h=bfda2826ca553b7843eda775815488e85a9443ac;hp=99763468260bd62d7df3dee314a37d7f679680d5;hb=refs%2Fheads%2Fwip_alan_T6343_generic_progress_bar_delete;hpb=b981801b1876fa9d9c65a9f8bb2fe12f15b17191 diff --git a/Images.php b/Images.php index 99763468..bfda2826 100644 --- a/Images.php +++ b/Images.php @@ -2,6 +2,9 @@ /** * Deal with image delivery and HTML replacement of image links in body text. * + * + * NOTE THIS WAS NEVER INTENDED FOR PUBLIC IMAGE DISTRIBUTION - we need to create a seperate file for that... + * * $str = Pman_Core_Images::replaceImg($str); // < use with HTML * * or @@ -37,6 +40,24 @@ require_once 'Pman.php'; class Pman_Core_Images extends Pman { + + // tables that do not need authentication checks before serving. + var $public_image_tables = array( + 'crm_mailing_list_message' // we know these are ok... + ); + + var $sizes = array( + '100', + '100x100', + '150', + '150x150', + '200', + '200x0', + '200x200', + '400x0', + '300x100', + '500' + ); function getAuth() { parent::getAuth(); // load company! @@ -44,7 +65,8 @@ class Pman_Core_Images extends Pman $au = $this->getAuthUser(); if (!$au) { - die("Access denied"); + $this->authUser = false; + return true;//die("Access denied"); } $this->authUser = $au; @@ -54,16 +76,22 @@ class Pman_Core_Images extends Pman var $thumb = false; var $as_mimetype = false; var $method = 'inline'; + var $page = false; + var $is_local = false; - function get($s) // determin what to serve!!!! + function get($s, $opts=array()) // determin what to serve!!!! { // for testing only. //if (!empty($_GET['_post'])) { // return $this->post(); //} + $this->is_local = (!empty($_SERVER['HTTP_HOST']) && $_SERVER['HTTP_HOST'] == 'localhost') ? true : false; + $this->as_mimetype = empty($_REQUEST['as']) ? '' : $_REQUEST['as']; + $this->page = empty($_REQUEST['page']) ? false : (int) $_REQUEST['page']; + $bits= explode('/', $s); $id = 0; // var_dump($bits);die('in'); @@ -85,10 +113,12 @@ class Pman_Core_Images extends Pman $id = empty($bits[3]) ? 0 : $bits[3]; } else if (!empty($bits[0]) && $bits[0] == 'events') { - + if (!$this->authUser) { + $this->imgErr("no-authentication-events",$s); + } $this->downloadEvent($bits); + $this->imgErr("unknown file",$s); - die ("unknown file?"); } else { @@ -96,9 +126,16 @@ class Pman_Core_Images extends Pman } if (strpos($id,':') > 0) { // id format tablename:id:-imgtype + + if (!$this->authUser) { + $this->imgErr("not-authenticated-using-colon-format",$s); + + } + $onbits = explode(':', $id); if ((count($onbits) < 2) || empty($onbits[1]) || !is_numeric($onbits[1]) || !strlen($onbits[0])) { - die("Bad url"); + $this->imgErr("bad-url",$s); + } //DB_DataObject::debugLevel(1); $img = DB_DataObject::factory('Images'); @@ -113,8 +150,8 @@ class Pman_Core_Images extends Pman } $img->limit(1); if (!$img->find(true)) { - header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' . - urlencode("no images for that item: " . htmlspecialchars($id))); + $this->imgErr("no images for that item: " . htmlspecialchars($id),$s); + } $id = $img->id; @@ -125,52 +162,76 @@ class Pman_Core_Images extends Pman // depreciated - should use ontable:onid:type here... if (!empty($_REQUEST['ontable'])) { - + + if (!$this->authUser) { + die("authentication required"); + } + //DB_DataObjecT::debugLevel(1); - $img = DB_DataObjecT::factory('Images'); + $img = DB_DataObject::factory('Images'); $img->setFrom($_REQUEST); - // use imgtype now... - // if (!empty($_REQUEST['query']['filename'])){ - // $img->whereAdd("filename LIKE '". $img->escape($_REQUEST['query']['filename']).".%'"); - // } + $img->limit(1); if (!$img->find(true)) { - header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason='. - urlencode("No file exists")); + $this->imgErr("No file exists",$s); } $id = $img->id; } - - $img = DB_DataObjecT::factory('Images'); if (!$id || !$img->get($id)) { - - header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' . - urlencode("image has been removed or deleted.")); + $this->imgErr("image has been removed or deleted.",$s); + } + + if($this->is_local) { + return $this->serve($img); + } + + if (!$this->authUser && !in_array($img->ontable,$this->public_image_tables)) { + + if ($img->ontable != 'core_company') { + $this->imgErr("not-authenticated {$img->ontable}",$s); + } + if ($img->imgtype != 'LOGO') { + $this->imgErr("not-logo",$s); + } + $comp = $img->object(); + if ($comp->comptype != 'OWNER') { + $this->imgErr("not-owner-company",$s); + } + + return $this->serve($img); } if(!$this->hasPermission($img)){ - header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' . - urlencode("access to this image/file has been denied.")); + $this->imgErr("access to this image/file has been denied.",$s); } $this->serve($img); exit; } + function imgErr($reason,$path) { + header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' . + urlencode($reason) .'&path='.urlencode($path)); + exit; + } + function hasPermission($img) { return true; } - function post() + function post($v) { + if (!empty($_REQUEST['_get'])) { + return $this->get($v); + } if (!$this->authUser) { $this->jerr("image conversion only allowed by registered users"); @@ -263,7 +324,12 @@ class Pman_Core_Images extends Pman $this->validateSize(); } - $x->convert( $this->as_mimetype, $this->size); + if(!empty($this->page) && !is_nan($this->page * 1)){ + $x->convert( $this->as_mimetype, $this->size, 0, $this->page); + } else { + $x->convert( $this->as_mimetype, $this->size); + } + $x->serve(); exit; @@ -273,6 +339,10 @@ class Pman_Core_Images extends Pman } function validateSize() { + if($this->is_local) { + return true; + } + if (($this->authUser && !empty($this->authUser->company_id) && $this->authUser->company()->comptype=='OWNER') || $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR']) { return true; @@ -281,18 +351,7 @@ class Pman_Core_Images extends Pman $ff = HTML_FlexyFramework::get(); - $sizes = array( - '100', - '100x100', - '150', - '150x150', - '200', - '200x0', - '200x200', - '400x0', - '300x100', - '500' - ); + $sizes= $this->sizes; $cfg = isset($ff->Pman_Images) ? $ff->Pman_Images : (isset($ff->Pman_Core_Images) ? $ff->Pman_Core_Images : array()); @@ -306,10 +365,12 @@ class Pman_Core_Images extends Pman require_once $ff->project . '.php'; $project = str_replace('/', '_', $project); - - - if(isset($project::$Pman_Core_Images_Size)){ - $sizes = $project::$Pman_Core_Images_Size; + + $pr_obj = new $project; + + // var_dump($pr_obj->Pman_Core_Images_Size); + if(isset($pr_obj->Pman_Core_Images_Size)){ + $sizes = $pr_obj->Pman_Core_Images_Size; } @@ -416,7 +477,8 @@ class Pman_Core_Images extends Pman $id = $umatch[2]; $hash = ''; if (!empty($umatch[3]) && strpos($umatch[3],'#')) { - $hash = '#'. array_pop(explode('#',$umatch[3])); + $hh = explode('#',$umatch[3]); + $hash = '#'. array_pop($hh); } @@ -476,7 +538,6 @@ class Pman_Core_Images extends Pman function downloadEvent($bits) { - $popts = PEAR::getStaticProperty('Pman','options'); $ev = DB_DAtaObject::Factory('events'); if (!$ev->get($bits[1])) { die("could not find event id"); @@ -489,18 +550,23 @@ class Pman_Core_Images extends Pman $user = getenv('USERNAME'); // windows. } $ff = HTML_FlexyFramework::get(); - $file = $ff->Pman['event_log_dir']. '/'. $user. date('/Y/m/d/',strtotime($ev->event_when)). $ev->id . ".json"; + + $file = $ev->logDir() . date('/Y/m/d/',strtotime($ev->event_when)). $ev->id . ".json"; + + if(!$file || !file_exists($file)){ + die("file was not saved"); + } + $filesJ = json_decode(file_get_contents($file)); - //print_r($filesJ); - foreach($filesJ->FILES as $k=>$f){ if ($f->tmp_name != $bits[2]) { continue; } - $src = $ff->Pman['event_log_dir']. '/'. $user. date('/Y/m/d/', strtotime($ev->event_when)). $f->tmp_name ; - if (!file_exists($src)) { + $src = $file = $ev->logDir() . date('/Y/m/d/', strtotime($ev->event_when)). $f->tmp_name ; + + if (!$src || !file_exists($src)) { die("file was not saved"); } header ('Content-Type: ' . $f->type);