straup · straup · Sep 30, 2012 · Sep 29, 2012 · Sep 29, 2012 · Sep 29, 2012
diff --git a/schema/alters/20120929.db_main.schema b/schema/alters/20120929.db_main.schema
@@ -0,0 +1,14 @@
+DROP TABLE IF EXISTS `InviteCodes`;
+
+CREATE TABLE `InviteCodes` (
+  `code` char(12) CHARACTER SET latin1 NOT NULL,
+  `email` varchar(255) CHARACTER SET latin1 NOT NULL,
+  `created` int(10) unsigned NOT NULL,
+  `redeemed` int(10) unsigned NOT NULL,
+  `user_id` int(11) unsigned NOT NULL,
+  `sent` int(10) unsigned NOT NULL,
+  `invited_by` int(11) unsigned NOT NULL,
+  UNIQUE KEY `by_code` (`code`),
+  KEY `by_email` (`email`),
+  KEY `by_created` (`created`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
diff --git a/schema/db_main.schema b/schema/db_main.schema
@@ -111,3 +111,18 @@ CREATE TABLE `AuthTokens` (
   PRIMARY KEY (`id`),
   KEY `by_app` (`app_id`, `user_id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+DROP TABLE IF EXISTS `InviteCodes`;
+
+CREATE TABLE `InviteCodes` (
+  `code` char(12) CHARACTER SET latin1 NOT NULL,
+  `email` varchar(255) CHARACTER SET latin1 NOT NULL,
+  `created` int(10) unsigned NOT NULL,
+  `redeemed` int(10) unsigned NOT NULL,
+  `user_id` int(11) unsigned NOT NULL,
+  `sent` int(10) unsigned NOT NULL,
+  `invited_by` int(11) unsigned NOT NULL,
+  UNIQUE KEY `by_code` (`code`),
+  KEY `by_email` (`email`),
+  KEY `by_created` (`created`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
diff --git a/www/.htaccess b/www/.htaccess
@@ -91,6 +91,10 @@ RewriteRule  ^api/methods/?$		api_methods.php	[L]
 RewriteRule  ^api/methods/(.*)/?$	api_method.php?method=$1&%{QUERY_STRING}		[L]
 RewriteRule  ^api/rest/(.*)/?$		api_rest.php?method=$1&%{QUERY_STRING}		[L]
 
+# Misc
+
+RewriteRule ^photos/upload/oauthecho/?$			flickr_photos_upload_oauth_echo.php [L]
+
 # Flickr stuff
 
 RewriteRule ^photos/upload/?$			flickr_photos_upload.php?%{QUERY_STRING} [L] 

diff --git a/www/flickr_photos_upload_oauth_echo.php b/www/flickr_photos_upload_oauth_echo.php
@@ -0,0 +1,74 @@
+<?php
+
+	require('include/init.php');
+	loadlib('http');
+	loadlib("flickr_users");
+	loadlib("flickr_backups");
+	loadlib('flickr_photos_upload');
+
+	if (! $GLOBALS['cfg']['enable_feature_oauth_upload']) {
+		error_disabled();
+	}
+
+	if (! $GLOBALS['cfg']['enable_feature_uploads']){
+		error_disabled();
+	}
+
+	$auth_url = $_SERVER['HTTP_X_AUTH_SERVICE_PROVIDER'];
+
+	// Unless we validated which service is the auth provider, anyone
+	// could send a valid user ID and post on behalf of known p-flickr
+	// and twitter users. Also, there may be more providers but Twitter
+	// is the big one.
+	if (! preg_match("#^https://api.twitter.com/#", $auth_url)) {
+		exit;
+	}
+
+	$headers = array('Authorization' => $_SERVER['HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION']);
+	$res = http_get($auth_url, $headers);
+
+	if (! $res['ok']) {
+		exit;
+	}
+
+	$body = json_decode($res['body'], true);
+	$twitter_id = $body['id'];
+
+	// TODO: this should really be a page that user's can access through settings
+	if (! isset($GLOBALS['cfg']['oauth_upload_user_mapping'][$twitter_id])) {
+		exit;
+	}
+
+	$user = users_get_by_id($GLOBALS['cfg']['oauth_upload_user_mapping'][$twitter_id]);
+
+	$is_registered = flickr_backups_is_registered_user($user);
+	$can_upload = $is_registered;
+
+	if ($can_upload){
+		$flickr_user = flickr_users_get_by_user_id($user['id']);
+		$can_upload = flickr_users_has_token_perms($flickr_user, "write");
+	}
+
+	if (! $can_upload) {
+		exit;
+	}
+
+	$filepath = $_FILES['media']['tmp_name'];
+
+	if (! $filepath) {
+		exit;
+	}
+
+	// See that blank space? If a Twitter message starts with an '@' symbol,
+	// that gets interpreted by curl as a *filepath*. Flickr strips that 
+	// blank space on save so this hack gets around that (nolan-20120929)
+	$args = array(
+		'title' => ' ' . $_POST['message'],
+	);
+
+	$res = flickr_photos_upload($user, $filepath, $args);
+
+	if ($res['ok']) {
+		print "<mediaurl>http://www.flickr.com/photos/{$flickr_user['nsid']}/{$res['photo_id']}/</mediaurl>";
+	}
+
diff --git a/www/god/invites.php b/www/god/invites.php
@@ -13,9 +13,11 @@
 
 	$rsp = invite_codes_get_all($args);
 
+	$rows = $rsp['rows'] ? $rsp['rows'] : array();
+
 	$invites = array();
 
-	foreach ($rsp['rows'] as $row){
+	foreach ($rows as $row){
 
 		if ($row['user_id']){
 			$row['user'] = users_get_by_id($row['user_id']);

diff --git a/www/include/config.php.example b/www/include/config.php.example
@@ -68,6 +68,15 @@
 
 	$GLOBALS['cfg']['enable_feature_uploads'] = 0;
 
+	# OAuth Echo Upload (think custom image backend for Twitter clients like tweetbot)
+	# This URL is handy to get the twitter user_id: http://www.idfromuser.com/
+	# Also, some day this should be a user settings page. Some day.
+
+	$GLOBALS['cfg']['enable_feature_oauth_upload'] = 0;
+	$GLOBALS['cfg']['oauth_upload_user_mapping'] = array(
+		// twitter user_id => p-flickr user_id
+	);
+
 	# store files locally (and in the database) as they are uploaded
 	# to flickr; note that you will need to ensure that Apache has
 	# write permissions on 	$GLOBALS['cfg']['flickr_static_path']

diff --git a/www/templates/inc_god_head.txt b/www/templates/inc_god_head.txt
@@ -1,7 +1,7 @@
 {utf8_headers}
 <html>
 	<head>
-		<title>thisicantt.at | god{if $page_title} | {$page_title|escape}{/if}</title>
+		<title>{$cfg.site_name} | god{if $page_title} | {$page_title|escape}{/if}</title>
 
 		<meta content='width=device-width,maximum-scale=1.0,initial-scale=1.0,user-scalable=0' name='viewport'>
 		<meta name="apple-mobile-web-app-capable" content="yes" />