X-Git-Url: http://git.roojs.org/?p=Pman.Core;a=blobdiff_plain;f=Images.php;h=bfda2826ca553b7843eda775815488e85a9443ac;hp=b97a933e627eaab407b7dd17f99e0fd58b36e698;hb=HEAD;hpb=752a6b27fac1c19ef8a51e0781bf2fbb18fb201f diff --git a/Images.php b/Images.php index b97a933e..bcedb003 100644 --- a/Images.php +++ b/Images.php @@ -2,6 +2,9 @@ /** * Deal with image delivery and HTML replacement of image links in body text. * + * + * NOTE THIS WAS NEVER INTENDED FOR PUBLIC IMAGE DISTRIBUTION - we need to create a seperate file for that... + * * $str = Pman_Core_Images::replaceImg($str); // < use with HTML * * or @@ -37,6 +40,24 @@ require_once 'Pman.php'; class Pman_Core_Images extends Pman { + + // tables that do not need authentication checks before serving. + var $public_image_tables = array( + 'crm_mailing_list_message' // we know these are ok... + ); + + var $sizes = array( + '100', + '100x100', + '150', + '150x150', + '200', + '200x0', + '200x200', + '400x0', + '300x100', + '500' + ); function getAuth() { parent::getAuth(); // load company! @@ -44,7 +65,8 @@ class Pman_Core_Images extends Pman $au = $this->getAuthUser(); if (!$au) { - die("Access denied"); + $this->authUser = false; + return true;//die("Access denied"); } $this->authUser = $au; @@ -54,6 +76,10 @@ class Pman_Core_Images extends Pman var $thumb = false; var $as_mimetype = false; var $method = 'inline'; + var $page = false; + var $is_local = false; + var $size; + function get($s, $opts=array()) // determin what to serve!!!! { @@ -61,9 +87,15 @@ class Pman_Core_Images extends Pman //if (!empty($_GET['_post'])) { // return $this->post(); //} + + + + $this->is_local = (!empty($_SERVER['HTTP_HOST']) && $_SERVER['HTTP_HOST'] == 'localhost') ? true : false; $this->as_mimetype = empty($_REQUEST['as']) ? '' : $_REQUEST['as']; + $this->page = empty($_REQUEST['page']) ? false : (int) $_REQUEST['page']; + $bits= explode('/', $s); $id = 0; // var_dump($bits);die('in'); @@ -85,10 +117,12 @@ class Pman_Core_Images extends Pman $id = empty($bits[3]) ? 0 : $bits[3]; } else if (!empty($bits[0]) && $bits[0] == 'events') { - + if (!$this->authUser) { + $this->imgErr("no-authentication-events",$s); + } $this->downloadEvent($bits); + $this->imgErr("unknown file",$s); - die ("unknown file?"); } else { @@ -96,9 +130,16 @@ class Pman_Core_Images extends Pman } if (strpos($id,':') > 0) { // id format tablename:id:-imgtype + //DB_DataObject::debugLevel(1); + if (!$this->authUser) { + $this->imgErr("not-authenticated-using-colon-format",$s); + + } + $onbits = explode(':', $id); if ((count($onbits) < 2) || empty($onbits[1]) || !is_numeric($onbits[1]) || !strlen($onbits[0])) { - die("Bad url"); + $this->imgErr("bad-url",$s); + } //DB_DataObject::debugLevel(1); $img = DB_DataObject::factory('Images'); @@ -113,8 +154,8 @@ class Pman_Core_Images extends Pman } $img->limit(1); if (!$img->find(true)) { - header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' . - urlencode("no images for that item: " . htmlspecialchars($id))); + $this->imgErr("no images for that item: " . htmlspecialchars($id),$s); + } $id = $img->id; @@ -125,52 +166,78 @@ class Pman_Core_Images extends Pman // depreciated - should use ontable:onid:type here... if (!empty($_REQUEST['ontable'])) { - + + if (!$this->authUser) { + die("authentication required"); + } + //DB_DataObjecT::debugLevel(1); - $img = DB_DataObjecT::factory('Images'); + $img = DB_DataObject::factory('Images'); $img->setFrom($_REQUEST); - // use imgtype now... - // if (!empty($_REQUEST['query']['filename'])){ - // $img->whereAdd("filename LIKE '". $img->escape($_REQUEST['query']['filename']).".%'"); - // } + $img->limit(1); if (!$img->find(true)) { - header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason='. - urlencode("No file exists")); + $this->imgErr("No file exists",$s); } $id = $img->id; } - - $img = DB_DataObjecT::factory('Images'); - if (!$id || !$img->get($id)) { - - header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' . - urlencode("image has been removed or deleted.")); + if (!$id || !$img->get($id) || !$img->exists()) { + //print_r($img); die("HERE"); + $this->imgErr("image has been removed or deleted.",$s); + } + + if($this->is_local) { + return $this->serve($img); + } + + if (!$this->authUser && !in_array($img->ontable,$this->public_image_tables)) { + + if ($img->ontable != 'core_company') { + $this->imgErr("not-authenticated {$img->ontable}",$s); + } + if ($img->imgtype != 'LOGO') { + $this->imgErr("not-logo",$s); + } + $comp = $img->object(); + if ($comp->comptype != 'OWNER') { + $this->imgErr("not-owner-company",$s); + } + + return $this->serve($img); } if(!$this->hasPermission($img)){ - header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' . - urlencode("access to this image/file has been denied.")); + $this->imgErr("access to this image/file has been denied.",$s); } $this->serve($img); exit; } + function imgErr($reason,$path) { + header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' . urlencode($reason) ); + header('X-Error: ' . $reason . ':' . $path); + echo $reason . ':' . $path; + exit; + } + function hasPermission($img) { return true; } - function post() + function post($v) { + if (!empty($_REQUEST['_get'])) { + return $this->get($v); + } if (!$this->authUser) { $this->jerr("image conversion only allowed by registered users"); @@ -221,23 +288,27 @@ class Pman_Core_Images extends Pman function serve($img) { - $this->sessionState(0); // turn off session... - locking... + $this->sessionState(0); // turn off session... - locking... require_once 'File/Convert.php'; - if (!file_exists($img->getStoreName())) { -// print_r($img);exit; - header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' . - urlencode("Original file was missing : " . $img->getStoreName())); - + if (!$img->exists()) { + $this->imgErr("serve = missing-image", $img->getStoreName()); + } // print_r($img);exit; $x = $img->toFileConvert(); if (empty($this->as_mimetype) || $img->mimetype == 'image/gif') { $this->as_mimetype = $img->mimetype; } + + if (!$this->thumb) { + if ($x->mimetype == $this->as_mimetype) { + $x->serveOnly($this->method, $img->filename); + exit; + } $x->convert( $this->as_mimetype); - $x->serve($this->method); + $x->serve($this->method, $img->filename); exit; } //echo "SKALING? $this->size"; @@ -262,8 +333,14 @@ class Pman_Core_Images extends Pman if (!file_exists($fn)) { $this->validateSize(); } + + + if(!empty($this->page) && !is_nan($this->page * 1)){ + $x->convert( $this->as_mimetype, $this->size, 0, $this->page); + } else { + $x->convert( $this->as_mimetype, $this->size); + } - $x->convert( $this->as_mimetype, $this->size); $x->serve(); exit; @@ -273,6 +350,10 @@ class Pman_Core_Images extends Pman } function validateSize() { + if($this->is_local) { + return true; + } + if (($this->authUser && !empty($this->authUser->company_id) && $this->authUser->company()->comptype=='OWNER') || $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR']) { return true; @@ -281,18 +362,7 @@ class Pman_Core_Images extends Pman $ff = HTML_FlexyFramework::get(); - $sizes = array( - '100', - '100x100', - '150', - '150x150', - '200', - '200x0', - '200x200', - '400x0', - '300x100', - '500' - ); + $sizes= $this->sizes; $cfg = isset($ff->Pman_Images) ? $ff->Pman_Images : (isset($ff->Pman_Core_Images) ? $ff->Pman_Core_Images : array()); @@ -335,7 +405,7 @@ class Pman_Core_Images extends Pman */ - static function replaceImageURLS($html) + static function replaceImageURLS($html, $obj = false) { $ff = HTML_FlexyFramework::get(); @@ -345,61 +415,142 @@ class Pman_Core_Images extends Pman //var_dump($ff->Pman_Images['public_baseURL']); $baseURL = $ff->Pman_Images['public_baseURL']; - preg_match_all('/]+>/i',$html, $result); - //print_r($result); - $matches = array_unique($result[0]); - foreach($matches as $img) { - $imatch = array(); - preg_match_all('/(width|height|src)="([^"]*)"/i',$img, $imatch); - // build a keymap - $attr = array(); - - foreach($imatch[1] as $i=>$key) { - $attr[$key] = $imatch[2][$i]; - } - // does it contain baseURL??? --- well what about relative paths... - //print_R($attr); - - if (empty($attr['src'])) { + libxml_use_internal_errors(true); + $dom = new DOMDocument(); + $dom->loadHTML("
{$html}
"); + $imgs = $dom->getElementsByTagName('img'); + + + foreach($imgs as $img) { + $src = $img->getAttribute('src'); + if (!$src|| !strlen(trim($src))) { continue; } - if (0 !== strpos($attr['src'], $baseURL)) { - // it starts with our 'new' baseURL? - $html = self::replaceImgUrl($html, $baseURL, $img, $attr, 'src' ); + + if (0 === strpos($src, 'data:')) { + if (!$obj) { + HTML_FlexyFramework::get()->page->jerr("no object to attach data url"); + } + + self::replaceDataUrl($baseURL, $img, $obj); continue; } - if (false !== strpos($attr['src'], '//') && false === strpos($attr['src'], $baseURL)) { - // contains an absolute path.. that is probably not us... + + + if (false !== strpos($src, '//') && false === strpos($src, $baseURL)) { + // contains an absolute path.. and not our baseURL. continue; } + + $img->setAttribute('src', self::domImgUrl($baseURL, $img)); + // what about mailto or data... - just ignore?? for images... - $html = self::replaceImgUrl($html, $baseURL, $img, $attr, 'src' ); } - + $anchors = $dom->getElementsByTagName('a'); $result = array(); preg_match_all('/]+>/i',$html, $result); $matches = array_unique($result[0]); - foreach($matches as $img) { - $imatch = array(); - preg_match_all('/(href)="([^"]*)"/i',$img, $imatch); - // build a keymap - $attr = array(); - - foreach($imatch[1] as $i=>$key) { - $attr[$key] = $imatch[2][$i]; - } - if (!isset($attr['href']) || 0 !== strpos($attr['href'], $baseURL)) { + foreach($anchors as $anc) { + $href = $anc->getAttribute('href'); + if (!empty($href) || 0 !== strpos($href, $baseURL)) { continue; } - $html = self::replaceImgUrl($html, $baseURL, $img, $attr, 'href' ); + $anc->setAttribute('href', self::domImgUrl($baseURL, $href)); } + + $inner = $dom->getElementById("tmp_dom_wrapper"); + $html = ''; + foreach ($inner->childNodes as $child) { + $html .= ($dom->saveHTML($child)); + } return $html; } + + static function domImgUrl($baseURL, $dom) + { + $url = $dom; + if (!is_string($url)) { + $url = $dom->getAttribute('src'); + } + $umatch = false; + if(!preg_match('#/(Images|Images/Thumb/[a-z0-9]+|Images/Download)/([0-9]+)/(.*)$#', $url, $umatch)) { + return $url; + } + $id = $umatch[2]; + $hash = ''; + + if (!empty($umatch[3]) && strpos($umatch[3],'#')) { + $hh = explode('#',$umatch[3]); + $hash = '#'. array_pop($hh); + } + + + $img = DB_DataObject::factory('Images'); + if (!$img->get($id)) { + return $url; + } + $type = explode('/', $umatch[1]); + $thumbsize = -1; + + if (count($type) > 2 && $type[1] == 'Thumb') { + $thumbsize = $type[2]; + $provider = '/Images/Thumb'; + } else { + $provider = '/'.$umatch[1]; + } + + $w = is_string($dom) ? false : $dom->getAttribute('width'); + $h = is_string($dom) ? false : $dom->getAttribute('height'); + + if (!is_string($dom) && (!empty($w) || !empty($h) ) && is_numeric($w) && is_numeric($h)) + { + // no support for %... + $thumbsize = + (empty($w) ? '0' : intval($w) * 1) . + 'x' . + (empty($h) ? '0' : intval($h) * 1); + $provider = '/Images/Thumb'; + + } + + if ($thumbsize !== -1) { + // change in size.. + // need to regenerate it.. + + $type = array('Images', 'Thumb', $thumbsize); + + $fc = $img->toFileConvert(); + // make sure it's available.. + $fc->convert($img->mimetype, $thumbsize); + + + } else { + $provider = $provider == 'Images/Thumb' ? 'Images' : $provider; + } + + + // finally replace the original TAG with the new version.. + + return $img->URL($thumbsize, $provider, $baseURL) . $hash ; + + + } + + static function replaceDataUrl($baseURL, $img, $obj) + { + $d = DB_DataObject::Factory('Images'); + $d->object($obj); + + + $d->createFromData($img->getAttribute('src')); + $img->setAttribute('src', $d->URL(-1, '/Images' , $baseURL)); + } + static function replaceImgUrl($html, $baseURL, $tag, $attr, $attr_name) { @@ -418,7 +569,8 @@ class Pman_Core_Images extends Pman $id = $umatch[2]; $hash = ''; if (!empty($umatch[3]) && strpos($umatch[3],'#')) { - $hash = '#'. array_pop(explode('#',$umatch[3])); + $hh = explode('#',$umatch[3]); + $hash = '#'. array_pop($hh); } @@ -478,7 +630,6 @@ class Pman_Core_Images extends Pman function downloadEvent($bits) { - $popts = PEAR::getStaticProperty('Pman','options'); $ev = DB_DAtaObject::Factory('events'); if (!$ev->get($bits[1])) { die("could not find event id"); @@ -491,18 +642,23 @@ class Pman_Core_Images extends Pman $user = getenv('USERNAME'); // windows. } $ff = HTML_FlexyFramework::get(); - $file = $ff->Pman['event_log_dir']. '/'. $user. date('/Y/m/d/',strtotime($ev->event_when)). $ev->id . ".json"; + + $file = $ev->logDir() . date('/Y/m/d/',strtotime($ev->event_when)). $ev->id . ".json"; + + if(!$file || !file_exists($file)){ + die("file was not saved"); + } + $filesJ = json_decode(file_get_contents($file)); - //print_r($filesJ); - foreach($filesJ->FILES as $k=>$f){ if ($f->tmp_name != $bits[2]) { continue; } - $src = $ff->Pman['event_log_dir']. '/'. $user. date('/Y/m/d/', strtotime($ev->event_when)). $f->tmp_name ; - if (!file_exists($src)) { + $src = $file = $ev->logDir() . date('/Y/m/d/', strtotime($ev->event_when)). $f->tmp_name ; + + if (!$src || !file_exists($src)) { die("file was not saved"); } header ('Content-Type: ' . $f->type); @@ -515,4 +671,8 @@ class Pman_Core_Images extends Pman } } + + + + }