chevereto-free/app/lib/classes/class.album.php

<?php

/* --------------------------------------------------------------------

  Chevereto
  http://chevereto.com/

  @author	Rodolfo Berrios A. <http://rodolfoberrios.com/>
			<inbox@rodolfoberrios.com>

  Copyright (C) Rodolfo Berrios A. All rights reserved.

  BY USING THIS SOFTWARE YOU DECLARE TO ACCEPT THE CHEVERETO EULA
  http://chevereto.com/license

  --------------------------------------------------------------------- */

namespace CHV;
use G, Exception;

class Album {

	public static function getSingle($id, $sumview=FALSE, $pretty=TRUE, $requester=NULL) {
		$tables = DB::getTables();
		$query = 'SELECT * FROM '.$tables['albums']."\n";
		$joins = [
			'LEFT JOIN '.$tables['users'].' ON '.$tables['albums'].'.album_user_id = '.$tables['users'].'.user_id'
		];

		if($requester) {
			if(!is_array($requester)) {
				$requester = User::getSingle($requester, 'id');
			}
			if(version_compare(Settings::get('chevereto_version_installed'), '3.9.0', '>=')) {
				$joins[] = 'LEFT JOIN '.$tables['likes'].' ON '.$tables['likes'].'.like_content_type = "album" AND '.$tables['albums'].'.album_id = '.$tables['likes'].'.like_content_id AND '.$tables['likes'].'.like_user_id = ' . $requester['id'];
			}
		}

		$query .=  implode("\n", $joins) . "\n";
		$query .= 'WHERE album_id=:album_id;'."\n";

		if($sumview) {
			$query .= 'UPDATE '.$tables['albums'].' SET album_views = album_views + 1 WHERE album_id=:album_id';
		}

		try {
			$db = DB::getInstance();
			$db->query($query);
			$db->bind(':album_id', $id);
			$album_db = $db->fetchSingle();
			if(!$album_db) return $album_db;

			if($sumview) {
				$album_db['album_views'] += 1;
				// Track stats
				Stat::track([
					'action'	=> 'update',
					'table'		=> 'albums',
					'value'		=> '+1',
					'user_id'	=> $album_db['album_user_id'],
				]);
			}
			$return = $album_db;
			$return = $pretty ? self::formatArray($return) : $return;
			return $return;
		} catch(Exception $e) {
			throw new AlbumException($e->getMessage(), 400);
		}
	}

	public static function getMultiple($ids, $pretty=false) {
		if(!is_array($ids)) {
			$ids = func_get_args();
			$aux = array();
			foreach($ids as $k => $v) {
				$aux[] = $v;
			}
			$ids = $aux;
		}

		if(count($ids) == 0) {
			throw new AlbumException('Null ids provided in ' . __METHOD__, 100);
		}

		$tables = DB::getTables();
		$query = 'SELECT * FROM ' . $tables['albums'] . "\n";
		$joins = array(
			'LEFT JOIN '.$tables['users'].' ON '.$tables['albums'].'.album_user_id = '.$tables['users'].'.user_id'
		);

		$query .=  implode("\n", $joins) . "\n";
		$query .= 'WHERE album_id IN ('. join(',', $ids). ')' . "\n";

		try {
			$db = DB::getInstance();
			$db->query($query);
			$db_rows = $db->fetchAll();
			if($pretty) {
				$return = [];
				foreach($db_rows as $k => $v) {
					$return[$k] = self::formatArray($v);
				}
				return $return;
			}
			return $db_rows;
		} catch(Exception $e) {
			throw new AlbumException($e->getMessage(), 400);
		}

	}

	public static function sumView($id, $album=[]) {
		try {
			if(!G\is_integer($id)) {
				throw new Exception('Invalid $id in ' . __METHOD__);
			}
			if($album['id'] !== $id) {
				$album = self::getSingle($id, FALSE);
				if(!$album) {
					throw new Exception(sprintf('Invalid album %s in ' . __METHOD__, $id));
				}
			}
			$increment = '+1';
			DB::increment('albums', ['views' => $increment], ['id' => $id]);
			Stat::track([
				'action'	=> 'update',
				'table'		=> 'albums',
				'value'		=> $increment,
				'user_id'	=> $album['album_user_id'],
			]);
			$_SESSION['album_view_stock'][] = $id;
		} catch(Exception $e) {
			throw new AlbumException($e->getMessage(), 400);
		}

	}

	public static function getUrl($album_id) {
		return G\get_base_url(getSetting('route_album') . '/' . $album_id);
	}

	public static function insert($name, $user_id, $privacy='public', $description='', $password=NULL) {
		if(!$user_id) {
			throw new AlbumException('Missing $user_id', 100);
		}
		if($privacy == 'password' && !G\check_value($password)) {
			throw new AlbumException('Missing album $password', 101);
		}

        // Handle flood
		$flood = self::handleFlood();
		if($flood) {
			throw new AlbumException(strtr('Flood detected. You can only create %limit% albums per %time%', ['%limit%' => $flood['limit'], '%time%' => $flood['by']]), 130);
		}

		if(!$name) {
			$name = _s('Untitled') . ' ' . G\datetime();
		}

		if(!in_array($privacy, array('public', 'private', 'password', 'private_but_link'))) {
			$privacy = 'public';
		}

		G\nullify_string($description);

		$album_array = [
			'name'			=> $name,
			'user_id'		=> $user_id,
			'date'			=> G\datetime(),
			'date_gmt'		=> G\datetimegmt(),
			'privacy'		=> $privacy,
			'password'		=> $privacy == 'password' ? $password : NULL,
			'description'	=> $description,
			'creation_ip'	=> G\get_client_ip()
		];

		try {
			$insert = DB::insert('albums', $album_array);
			// +1 on user
			DB::increment('users', ['album_count' => '+1'], ['id' => $user_id]);
			// Track stats
			Stat::track([
				'action'	=> 'insert',
				'table'		=> 'albums',
				'value'		=> '+1',
				'date_gmt'	=> $album_array['date_gmt']
			]);
			return $insert;
		} catch(Exception $e) {
			throw new AlbumException($e->getMessage(), 400);
		}
	}

	// Move contents $from albums to another album
	public static function moveContents($from, $to) {

		if(!$from) { // Could be int or array (multiple)
			throw new AlbumException('Expecting first parameter, '.gettype($from).' given in ' . __METHOD__, 100);
		}

		if(!$to) {
			$to = NULL;
		}

		$ids = is_array($from) ? $from : array($from);

		try {
			$db = DB::getInstance();
			$db->query('UPDATE '.DB::getTable('images').' SET image_album_id=:image_album_id WHERE image_album_id IN ('.implode(',', $ids).')');
			$db->bind(':image_album_id', $to);
			$images = $db->exec();
			if($images) {
				$images_affected = $db->rowCount();
				// Update the old and new albums to +ids
				$db->query(
					'UPDATE '.DB::getTable('albums').' SET album_image_count = 0 WHERE album_id IN ('.implode(',', $ids).');' .
					'UPDATE '.DB::getTable('albums').' SET album_image_count = album_image_count + '.$images_affected.' WHERE album_id=:album_id;'
				);
				$db->bind(':album_id', $to);
				$db->exec();
			} else {
				return false;
			}
			return true;
		} catch(Exception $e) {
			throw new AlbumException($e->getMessage(), 400);
		}
	}

	public static function addImage($album_id, $id) {
		return self::addImages($album_id, array($id));
	}

	public static function addImages($album_id, $ids) {

		// $album_id can be null.. Remember the user stream

		if(!is_array($ids) or count($ids) == 0) {
			throw new AlbumException('Expecting array values, '.gettype($values).' given in ' . __METHOD__, 100);
		}

		try {

			// Get the images
			$images = Image::getMultiple($ids, true);

			// Get the albums
			$albums = [];

			foreach($images as $k => $v) {
				if($v['album']['id'] and $v['album']['id'] !== $album_id) {
					$album_k = $v['album']['id'];
					if(!array_key_exists($album_k, $albums)) {
						$albums[$album_k] = [];
					}
					$albums[$album_k][] = $v['id'];
				}
			}

			$db = DB::getInstance();
			$db->query('UPDATE `'.DB::getTable('images').'` SET `image_album_id`=:image_album_id WHERE `image_id` IN ('.implode(',', $ids).')');
			$db->bind(':image_album_id', $album_id);
			$exec = $db->exec();
			if($exec and $db->rowCount() > 0) {
				// Update the new album
				if(!is_null($album_id)) {
					self::updateImageCount($album_id, $db->rowCount());
				}
				// Update the old albums
				if(count($albums) > 0) {
					$album_query = '';
					$album_query_tpl = 'UPDATE `'.DB::getTable('albums').'` SET `album_image_count` = GREATEST(`album_image_count` - :counter, 0) WHERE `album_id` = :album_id;';
					foreach($albums as $k => $v) {
						$album_query .= strtr($album_query_tpl, [':counter' => count($v), ':album_id' => $k]);
					}
					$db = DB::getInstance();
					$db->query($album_query);
					$db->exec();
				}
			}
			return $exec;
		} catch(Exception $e) {
			throw new AlbumException($e->getMessage(), 400);
		}

	}

	public static function update($id, $values) {
		if(array_key_exists('description', $values)) {
			G\nullify_string($values['description']);
		}
		try {
			return DB::update('albums', $values, array('id'=>$id));
		} catch(Exception $e) {
			throw new AlbumException($e->getMessage(), 400);
		}
	}

	// Delete album, return the number of deleted images
	public static function delete($id) {
		try {

			// Get the user id
			$user_id = DB::get('albums', ['id' => $id])[0]['album_user_id'];

			// Get album
			$album = self::getSingle($id);
			if(!$album) return false;

			// Delete album, the easy part
			$delete = DB::delete('albums', ['id' => $id]);

			if(!$delete) return false;

			// Delete album images
			$db = DB::getInstance();
			$db->query('SELECT image_id FROM ' . DB::getTable('images') . ' WHERE image_album_id=:image_album_id');
			$db->bind(':image_album_id', $id);
			$album_image_ids = $db->fetchAll();

			// Delete the files
			$images_deleted = 0;
			foreach($album_image_ids as $k => $v) {
				if(Image::delete($v['image_id'], false)) { // We will update the user counts (image + album) at once
					$images_deleted++;
				}
			}

			// Update user
			$user = User::getSingle($user_id, 'id');
			$user_updated_counts = [
				'album_count' => '-1',
				'image_count' => '-' . $images_deleted
			];
			DB::increment('users', $user_updated_counts, ['id' => $user_id]);

			// Track stats
			Stat::track([
				'action'	=> 'delete',
				'table'		=> 'albums',
				'value'		=> '-1',
				'date_gmt'	=> $album['date_gmt']
			]);

			return $images_deleted;

		} catch(Exception $e) {
			throw new AlbumException($e->getMessage(), 400);
		}
	}

	public static function deleteMultiple($ids) {
		if(!is_array($ids)) {
			throw new AlbumException('Expecting array argument, ' . gettype($ids) . ' given in ' . __METHOD__, 100);
		}
		$affected = 0;
		foreach($ids as $id) {
			$affected += self::delete($id);
		}
		return $affected;
	}

	public static function updateImageCount($id, $counter=1, $operator='+') {
		try {
			$query = 'UPDATE `'.DB::getTable('albums').'` SET `album_image_count` = ';
			if(in_array($operator, ['+', '-'])) {
				$query .= 'GREATEST(`album_image_count` ' . $operator . ' ' . $counter . ', 0)';
			} else {
				$query .= $counter;
			}
			$query .= ' WHERE `album_id` = :album_id';
			$db = DB::getInstance();
			$db->query($query);
			$db->bind(':album_id', $id);
			$exec = $db->exec();
			return $exec;
		} catch(Exception $e) {
			throw new AlbumException($e->getMessage(), 400);
		}
	}

	public static function fill(&$album, &$user=[]) {
		$album['id_encoded'] = $album['id'] ? encodeID($album['id']) : NULL;
		if($user['id'] !== NULL) {
			if($album['name'] == NULL) {
				$album['name'] = _s("%s's images", $user['name_short']);
			}
			$album['url'] = $album['id'] == NULL ? User::getUrl($user['username']) : self::getUrl($album['id_encoded']);
		}
		$album['name_html'] = G\safe_html($album['name']);
		if($album['privacy'] == NULL) {
			$album['privacy'] = "public";
		}
		switch($album['privacy']) {
			case 'private_but_link':
				$album['privacy_notes'] = _s('Note: This content is private but anyone with the link will be able to see this.');
			break;
			case 'password':
				$album['privacy_notes'] = _s('Note: This content is password protected. Remember to pass the content password to share.');
			break;
			case 'private':
				$album['privacy_notes'] = _s('Note: This content is private. Change privacy to "public" to share.');
			break;
			default:
				$album['privacy_notes'] = NULL;
			break;
		}

		$private_str = _s('Private');
		$privacy_to_label = [
			'public'			=> _s('Public'),
			'private'			=> $private_str . '/' . _s('Me'),
			'private_but_link'	=> $private_str . '/' . _s('Link'),
			'password'			=> $private_str . '/' . _s('Password'),
		];

		$album['privacy_readable'] = $privacy_to_label[$album['privacy']];
		$album['name_with_privacy_readable'] = $album['name'] . ' (' . $album['privacy_readable'] . ')';
		$album['name_with_privacy_readable_html'] = G\safe_html($album['name_with_privacy_readable']);
		$album['name_truncated'] = G\truncate($album['name'], 28);
		$album['name_truncated_html'] = G\safe_html($album['name_truncated']);

		if(!empty($user)) {
			User::fill($user);
		}
	}

	public static function formatArray($dbrow, $safe=FALSE) {
		try {
			$output = DB::formatRow($dbrow);
			self::fill($output, $output['user']);
			$output['views_label'] = _n('view', 'views', $output['views']);
			$output['how_long_ago'] = time_elapsed_string($output['date_gmt']);

			if($output['images_slice']) {
				foreach($output['images_slice'] as $k => $v) {
					$output['images_slice'][$k] = Image::formatArray($output['images_slice'][$k]);
					$output['images_slice'][$k]['flag'] = $output['images_slice'][$k]['nsfw'] ? 'unsafe' : 'safe';
				}
			}

			if($safe) {
				unset($output['id'], $output['privacy_extra']);
				unset($output['user']['id']);
			}

			return $output;
		} catch(Excepton $e) {
			throw new ImageException($e->getMessage(), 400);
		}
	}

	public static function checkPassword($password, $user_password) {
		return G\timing_safe_compare($password, $user_password);
	}

	public static function storeUserPasswordHash($album_id, $user_password) {
		$_SESSION['password']['album'][$album_id] = password_hash($user_password, PASSWORD_BCRYPT);
	}

	public static function checkSessionPassword($album=[]) {
		$user_password_hash = $_SESSION['password']['album'][$album['id']];
		if(!isset($user_password_hash) || !password_verify($album['password'], $user_password_hash)) {
			unset($_SESSION['password']['album'][$album['id']]);
			return FALSE;
		}
		return TRUE;
	}

    // Handle album creation flood
    protected static function handleFlood() {
		$logged_user = Login::getUser();
		if(!$logged_user or $logged_user['is_admin']) {
			return FALSE;
		}
		$flood_limit = [
		    'minute'    => 20,
		    'hour'      => 200,
		    'day'       => 400,
		    'week'      => 2000,
		    'month'     => 10000
		];
		try {
			$db = DB::getInstance();
			$flood_db = $db->queryFetchSingle(
			"SELECT
			COUNT(IF(album_date_gmt >= DATE_SUB(UTC_TIMESTAMP(), INTERVAL 1 MINUTE), 1, NULL)) AS minute,
			COUNT(IF(album_date_gmt >= DATE_SUB(UTC_TIMESTAMP(), INTERVAL 1 HOUR), 1, NULL)) AS hour,
			COUNT(IF(album_date_gmt >= DATE_SUB(UTC_TIMESTAMP(), INTERVAL 1 DAY), 1, NULL)) AS day,
			COUNT(IF(album_date_gmt >= DATE_SUB(UTC_TIMESTAMP(), INTERVAL 1 WEEK), 1, NULL)) AS week,
			COUNT(IF(album_date_gmt >= DATE_SUB(UTC_TIMESTAMP(), INTERVAL 1 MONTH), 1, NULL)) AS month
			FROM ".DB::getTable('albums')." WHERE album_user_id='" . $logged_user['id'] . "' AND album_date_gmt >= DATE_SUB(UTC_TIMESTAMP(), INTERVAL 1 MONTH)");
		} catch(Exception $e) {} // Silence

		$is_flood = FALSE;
		$flood_by = '';
		foreach(['minute', 'hour', 'day', 'week', 'month'] as $v) {
			if($flood_limit[$v] > 0 and $flood_db[$v] >= $flood_limit[$v]) {
				$flood_by = $v;
				$is_flood = TRUE;
				break;
			}
		}
        if($is_flood) {
            if(!$_SESSION['flood_albums_notify'][$flood_by]) {
                try {
                    $message_report = '<html><body>' . "\n";
                    $message_report .= strtr('Flooding IP <a href="'.G\get_base_url('search/images/?q=ip:%ip').'">%ip</a>', ['%ip' => G\get_client_ip()]) . '<br>';
                    $message_report .= 'User <a href="'.$logged_user['url'].'">'.$logged_user['name'].'</a><br>';
                    $message_report .= '<br>';
                    $message_report .= '<b>Albums per time period</b>'."<br>";
                    $message_report .= 'Minute: '.$flood_db['minute']."<br>";
                    $message_report .= 'Hour: '.$flood_db['hour']."<br>";
                    $message_report .= 'Week: '.$flood_db['day']."<br>";
                    $message_report .= 'Month: '.$flood_db['week']."<br>";
                    $message_report .= '</body></html>';
                    send_mail(getSetting('email_incoming_email'), 'Flood report user ID ' . $logged_user['id'], $message_report);
                    $_SESSION['flood_albums_notify'][$flood_by] = TRUE;
                } catch(Exception $e) {} // Silence
            }
            return ['flood' => TRUE, 'limit' => $flood_limit[$flood_by], 'count' => $flood_db[$flood_by], 'by' => $flood_by];
        }

		return FALSE;

    }

}

class AlbumException extends Exception {}