summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--app/class/globals.php81
-rw-r--r--app/class/image.php70
-rw-r--r--app/class/object.class.php88
-rw-r--r--app/df.php102
-rw-r--r--app/dynmic/bgs/.gitignore3
-rw-r--r--app/dynmic/heads/.gitignore3
-rw-r--r--schema.sql3
7 files changed, 348 insertions, 2 deletions
diff --git a/app/class/globals.php b/app/class/globals.php
index 8bfa029..615efa6 100644
--- a/app/class/globals.php
+++ b/app/class/globals.php
@@ -20,6 +20,19 @@
define("__VERSION__", "v0.0");
/*
+ * These global variables are arrays of strings logged by Scrott business
+ * logic to report errors, warnings, or informational responses to the
+ * user in cases where an exception doesn't need to be thrown.
+ */
+define("ERROR", "errorlist");
+define("WARNING", "warninglist");
+define("NOTICE", "noticelist");
+
+$_SCROTT[ERROR] = array();
+$_SCROTT[WARNING] = array();
+$_SCROTT[NOTICE] = array();
+
+/*
* Get the application root path. This is an absolute path on the server.
*/
function ar() : string
@@ -63,4 +76,72 @@ function require_https() : void
redirect("https://" . $_SERVER['SERVER_NAME'] . ap());
}
+/*
+ * Check for errors, warnings, or notices
+ */
+function isError(string $level) : bool
+{
+ global $_SCROTT;
+ return count($_SCROTT[$level]) > 0;
+}
+
+/*
+ * Log an error, warning, or notice
+ */
+function logError(string $level, string $error) : void
+{
+ global $_SCROTT;
+ $_SCROTT[$level][] = $error;
+}
+
+/*
+ * Get an array of all errors, warnings, or notices
+ */
+function getErrors(string $level) : array
+{
+ global $_SCROTT;
+ return $_SCROTT[$level];
+}
+
+/*
+ * Save an uploaded file and impose some constraints on supplied
+ * data. Caller can optionally pass some strings by reference to
+ * be given the supplied file's original name and mime-type.
+ * Maxsize is in bytes. If this function returns false, the
+ * appropriate error will be logged.
+ */
+function saveFile(array $file, string $path, int $maxsize, ?array $allowedMime = NULL,
+ ?string &$origName = NULL, ?string &$origMime = NULL) : bool
+{
+ if ($file['error'] > 0)
+ {
+ if ($file['error'] != UPLOAD_ERR_NO_FILE)
+ logError(ERROR, "An unknown error occurred");
+
+ return false;
+ }
+
+ if ($file['size'] > $maxsize)
+ {
+ logError(ERROR, "File must be no larger than " . $maxsize . " bytes");
+ return false;
+ }
+
+ if (is_array($allowedMime) && array_search($file['type'], $allowedMime) === false)
+ {
+ logError(ERROR, "File type is not supported");
+ return false;
+ }
+
+ if (!move_uploaded_file($file['tmp_name'], $path))
+ {
+ logError(ERROR, "Error saving uploaded file");
+ return false;
+ }
+
+ $origName = $file['name'];
+ $origMime = $file['type'];
+ return true;
+}
+
?>
diff --git a/app/class/image.php b/app/class/image.php
new file mode 100644
index 0000000..6b73cae
--- /dev/null
+++ b/app/class/image.php
@@ -0,0 +1,70 @@
+<?php
+
+/*
+ * SCROTT IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+ * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * For more information, please refer to UNLICENSE
+ */
+
+/*
+ * This file defines custom image manipulation routines for Scrott. All
+ * are available in the global namespace.
+ */
+
+/*
+ * Mappings from image MIME types to PHP open/write functions
+ */
+$_IMG_OPEN_FUNCS['image/jpeg'] = "imagecreatefromjpeg";
+$_IMG_OPEN_FUNCS['image/jpg'] = "imagecreatefromjpeg";
+$_IMG_OPEN_FUNCS['image/png'] = "imagecreatefrompng";
+
+$_IMG_WRITE_FUNCS['image/jpeg'] = "imagejpeg";
+$_IMG_WRITE_FUNCS['image/jpg'] = "imagejpeg";
+$_IMG_WRITE_FUNCS['image/png'] = "imagepng";
+
+/*
+ * Open the given image and crop it, such that the result is a square
+ * image whose side length is equal to the smaller of the original
+ * dimensions and whose area is centered on the area of the original
+ * image. The resulting image is written to the same path as provided,
+ * overwriting the image.
+ */
+function imageSquareCrop(string $uri) : bool
+{
+ global $_IMG_OPEN_FUNCS;
+ global $_IMG_WRITE_FUNCS;
+
+ $mime = mime_content_type($uri);
+ $img = $_IMG_OPEN_FUNCS[$mime]($uri);
+
+ if ($img === false)
+ return false;
+
+ $wid = imagesx($img);
+ $hei = imagesy($img);
+
+ $rec = array();
+ $rec['width'] = min($wid, $hei);
+ $rec['height'] = $rec['width'];
+ $rec['y'] = ($hei / 2) - ($rec['height'] / 2);
+ $rec['x'] = ($wid / 2) - ($rec['width'] / 2);
+
+ $cropped = imagecrop($img, $rec);
+ imagedestroy($img);
+
+ if ($cropped === false)
+ return false;
+
+ $ret = $_IMG_WRITE_FUNCS[$mime]($cropped, $uri);
+ imagedestroy($cropped);
+
+ return $ret;
+}
+
+?>
diff --git a/app/class/object.class.php b/app/class/object.class.php
index 14ab891..7c80b5b 100644
--- a/app/class/object.class.php
+++ b/app/class/object.class.php
@@ -13,6 +13,7 @@
*/
require_once "class/table.class.php";
+require_once "class/image.php";
/*
* This is a generic database object. This is a supertype of all Scrott
@@ -21,6 +22,17 @@ require_once "class/table.class.php";
class object extends table
{
/*
+ * Constants used for uploading images
+ */
+ public const HEAD_MAXSIZE = 1048576; // 1Mb
+ public const BG_MAXSIZE = 1048576; // 1Mb
+ public const IMAGE_MIME = array(
+ "image/jpeg",
+ "image/jpg",
+ "image/png",
+ );
+
+ /*
* Constructor
*/
public function __construct(?string $guid = NULL)
@@ -149,6 +161,82 @@ class object extends table
database::query($query);
return true;
}
+
+ /*
+ * Get the URL to the head image resource for this object
+ */
+ public function getHeadImg() : string
+ {
+ return ar() . "/df.php?d=heads&f=" . $this->guid;
+ }
+
+ /*
+ * Set the head image for this object, overwriting any existing
+ * image. $image should be an uploaded file to PHP, still
+ * unhandled.
+ */
+ public function setHeadImg(array $image) : bool
+ {
+ $path = "dynmic/heads/" . $this->guid;
+
+ if (!saveFile($image, $path, self::HEAD_MAXSIZE, self::IMAGE_MIME))
+ return false;
+
+ if (!imageSquareCrop($path))
+ {
+ $this->rmHeadImg();
+ return false;
+ }
+
+ return true;
+ }
+
+ /*
+ * Remove the head image for this object. This deletes the image
+ * on disk.
+ */
+ public function rmHeadImg() : bool
+ {
+ if (!is_file("dynmic/heads/" . $this->guid))
+ return true;
+
+ return unlink("dynmic/heads/" . $this->guid);
+ }
+
+ /*
+ * Get the URL to the background image resource for this
+ * object. If no image is set, NULL is returned.
+ */
+ public function getBgImg() : ?string
+ {
+ if (!is_file("dynmic/bgs/" . $this->guid))
+ return NULL;
+
+ return ar() . "/df.php?d=bgs&f=" . $this->guid;
+ }
+
+ /*
+ * Set the background image for this object, overwriting any
+ * existing image. $image should be an uploaded file to PHP,
+ * still unhandled.
+ */
+ public function setBgImg(array $image) : bool
+ {
+ $path = "dynmic/bgs/" . $this->guid;
+ return saveFile($image, $path, self::BG_MAXSIZE, self::IMAGE_MIME);
+ }
+
+ /*
+ * Remove the background image for this object. This deletes
+ * the image on disk.
+ */
+ public function rmBgImg() : bool
+ {
+ if (!is_file("dynmic/bgs/" . $this->guid))
+ return true;
+
+ return unlink("dynmic/bgs/" . $this->guid);
+ }
}
?>
diff --git a/app/df.php b/app/df.php
new file mode 100644
index 0000000..a425d57
--- /dev/null
+++ b/app/df.php
@@ -0,0 +1,102 @@
+<?php
+
+/*
+ * SCROTT IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+ * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * For more information, please refer to UNLICENSE
+ */
+
+require_once "class/user.class.php";
+
+/*
+ * This file is a proxy script for fetching resources from the /dynmic
+ * directory. This script enforces access-control on HTTP objects such
+ * as images and flat files which are supplied by users.
+ *
+ * Example request:
+ * https://yourdomain.com/scrott/df.php?d=heads&f=a4bf903a
+ *
+ * In cases of error or lack of access privilege, this script will
+ * produce no output and fail silently.
+ */
+
+/*
+ * Serve the resource at the given URI in response to the current
+ * request. When finished, this function will exit PHP and terminate
+ * this script.
+ */
+function serveResource(string $uri) : void
+{
+ $f = fopen($uri, "rb");
+
+ if (!$f)
+ exit;
+
+ header("Content-type: " . mime_content_type($uri));
+ header("Content-length: " . filesize($uri));
+ fpassthru($f);
+ fclose($f);
+
+ exit;
+}
+
+/*
+ * Check the current user's permissions. User must have access
+ * rights for the file's object, unless that object is a user
+ * object and $allowHeadUser is set to true.
+ */
+function checkPermissions(string $guid, bool $allowHeadUser = false) : bool
+{
+ if (!($user = user::getCurrent()))
+ return false;
+
+ $obj = new object($guid);
+
+ if ($allowHeadUser && $obj->objtype == "user")
+ return true;
+
+ return $user->canAccess($obj);
+}
+
+/*
+ * Respond to users' requests for dynamic files
+ */
+function main(string $dir, string $guid) : void
+{
+ try
+ {
+ if (basename($guid) != $guid || $guid == "")
+ return;
+
+ if (!checkPermissions($guid, $dir == "heads"))
+ return;
+
+ switch ($dir)
+ {
+ case "heads":
+ if (file_exists("dynmic/heads/" . $guid))
+ serveResource("dynmic/heads/" . $guid);
+ else
+ serveResource("static/img/null.jpg");
+ break;
+
+ case "bgs":
+ serveResource("dynmic/bgs/" . $guid);
+ break;
+ }
+ }
+ catch (Exception $e)
+ {
+ /* fail silently */
+ }
+}
+
+main($_REQUEST['d'], $_REQUEST['f']);
+
+?>
diff --git a/app/dynmic/bgs/.gitignore b/app/dynmic/bgs/.gitignore
new file mode 100644
index 0000000..e38384e
--- /dev/null
+++ b/app/dynmic/bgs/.gitignore
@@ -0,0 +1,3 @@
+# Track empty directory
+*
+!.gitignore
diff --git a/app/dynmic/heads/.gitignore b/app/dynmic/heads/.gitignore
new file mode 100644
index 0000000..e38384e
--- /dev/null
+++ b/app/dynmic/heads/.gitignore
@@ -0,0 +1,3 @@
+# Track empty directory
+*
+!.gitignore
diff --git a/schema.sql b/schema.sql
index 9b50f7a..ef11886 100644
--- a/schema.sql
+++ b/schema.sql
@@ -196,8 +196,7 @@ CREATE TABLE mesgs (
guid varchar(8) NOT NULL,
author varchar(8) NOT NULL,
mesg text NOT NULL DEFAULT '',
- attachName varchar(64) NOT NULL DEFAULT '',
- attachMime varchar(64) NOT NULL DEFAULT '',
+ attachment varchar(64) NOT NULL,
PRIMARY KEY (guid)
);