229 lines
6.6 KiB
PHP
229 lines
6.6 KiB
PHP
<?php
|
|
|
|
// Copyright (C) 2002-2006 Balint Kis (balint@k-i-s.net)
|
|
// Copyright (C) 2005-2013 Solomon Peachy (pizza@shaftnet.org)
|
|
|
|
// This program is free software; you can redistribute it and/or modify
|
|
// it under the terms of the GNU General Public License as published by
|
|
// the Free Software Foundation; either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU General Public License for more details.
|
|
|
|
// You should have received a copy of the GNU General Public License
|
|
// along with this program; if not, write to the Free Software
|
|
// Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
|
|
|
|
include_once "include/config.php";
|
|
include_once "include/calendar.php";
|
|
include_once "include/site.php";
|
|
|
|
$database = site_prolog();
|
|
|
|
$photo_id = pg_escape_string($database, isset($_REQUEST['image']) ? $_REQUEST['image'] : FALSE);
|
|
$image_size = pg_escape_string($database, isset($_REQUEST['size']) ? $_REQUEST['size'] : 1);
|
|
$version = pg_escape_string($database, isset($_REQUEST['ver']) ? $_REQUEST['ver'] : FALSE);
|
|
|
|
$download = isset($_REQUEST['down']);
|
|
|
|
$photo_sel = "";
|
|
|
|
/* We must have one or both of Photo ID and Photo Version */
|
|
$has_photo = $has_ver = FALSE;
|
|
if ($photo_id && is_numeric($photo_id)) {
|
|
$has_photo = TRUE;
|
|
}
|
|
if ($version && is_numeric($version)) {
|
|
$has_ver = TRUE;
|
|
}
|
|
if (!$has_photo && !$has_ver) {
|
|
header("HTTP/1.1 404 Not found");
|
|
exit();
|
|
}
|
|
|
|
/* Sanity check Image Size -- OPTIONAL argument */
|
|
if ($image_size && !is_numeric($image_size)) {
|
|
header("HTTP/1.1 404 Not found");
|
|
exit();
|
|
}
|
|
|
|
/* Translate image sizes */
|
|
switch ($image_size) {
|
|
case 0:
|
|
case 3:
|
|
$image_size = 0;
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
|
|
/* Set up page */
|
|
$compress_pages = FALSE;
|
|
ini_set('zlib.output_compression', 'Off');
|
|
|
|
$cache_ctrl = FALSE;
|
|
|
|
/* Figure out SQL based on image */
|
|
if ($has_photo) {
|
|
$photo_sel .= " photo.identifier = '$photo_id' ";
|
|
$photo_sel .= $has_ver ? " and photo_version.identifier='$version' " : " and photo_version.master='t' ";
|
|
} elseif ($has_ver) {
|
|
$photo_sel .= " photo_version.identifier='$version' ";
|
|
$photo_sel .= " and photo.identifier = photo_version.photo ";
|
|
}
|
|
$photo_sel .= " and size = '$image_size' ";
|
|
|
|
$photo_data = pg_fetch_assoc(pg_query($database, "
|
|
select users, access_rights, hide_original, original_image_name,
|
|
created, filesize, path,
|
|
can_access_photo(photo.identifier, $po_user[id], '{".$passwords."}') as ok
|
|
from photo
|
|
right join photo_version on photo.identifier = photo_version.photo
|
|
right join files on photo_version.identifier = files.version
|
|
where $photo_sel"));
|
|
if (!$photo_data) {
|
|
header("HTTP/1.1 404 Not found");
|
|
site_epilog($database);
|
|
exit();
|
|
}
|
|
|
|
/* A few defaults */
|
|
$increment_counter = TRUE;
|
|
$disposition = "inline";
|
|
$owner_user_id = $photo_data['users'];
|
|
$image_path = $photo_data['path'];
|
|
$file_name = $image_repository_path . "/" . $image_path;
|
|
$image_type = substr(strtolower(strrchr ($image_path, ".")), 1);
|
|
|
|
/* Fix up past transgressions */
|
|
if($image_type == 'jpeg') $image_type = 'jpg';
|
|
|
|
$original_image_name = "image_$photo_id.version_$version.size_$image_size.$image_type";
|
|
|
|
if ($photo_data['ok'] != 't') {
|
|
site_epilog($database);
|
|
header("HTTP/1.1 403 Permission Denied");
|
|
exit();
|
|
}
|
|
|
|
/* Special Handling */
|
|
switch ($image_size) {
|
|
case -1:
|
|
case 0: /* Originals get a name change. */
|
|
if ($photo_data['original_image_name']) {
|
|
$original_image_name = $photo_data['original_image_name'];
|
|
if ($image_size != -1) {
|
|
$image_type = substr(strtolower(strrchr ($original_image_name, ".")), 1);
|
|
} else {
|
|
$original_image_name .= ".xmp";
|
|
}
|
|
}
|
|
/* Deliberate fallthrough */
|
|
case 4: /* Full-res image */
|
|
|
|
if (($photo_data['hide_original'] == "t") &&
|
|
($po_user['id'] != $owner_user_id) &&
|
|
($po_user['type'] != PO_USER_TYPE_ADMIN)) {
|
|
site_epilog($database);
|
|
header("HTTP/1.1 403 Permission Denied");
|
|
exit();
|
|
}
|
|
break;
|
|
case 1: /* Thumbnails don't get counters incremented. */
|
|
$increment_counter = FALSE;
|
|
break;
|
|
default:
|
|
/* Do nothing */
|
|
break;
|
|
}
|
|
|
|
if ($download)
|
|
$disposition = "attachment";
|
|
|
|
/* Increment counter as needed */
|
|
if ($increment_counter &&
|
|
($po_user['id'] != $owner_user_id) &&
|
|
($po_user['type'] != PO_USER_TYPE_ADMIN)) {
|
|
pg_query($database, "update photo set views=views+1 where identifier=$photo_id");
|
|
}
|
|
|
|
site_epilog($database);
|
|
|
|
/* Figure out timestamps */
|
|
$time_of_last_modification = strtotime($photo_data['created']);
|
|
$file_length = $photo_data['filesize'];
|
|
$rfc1123 = gmdate("r", $time_of_last_modification) .' GMT';
|
|
$rfc1036 = gmdate('l, d-M-y H:i:s ', $time_of_last_modification) . ' GMT';
|
|
$ctime = gmdate('D M j H:i:s', $time_of_last_modification);
|
|
|
|
/* If we're given an If-Modified-Since header, use it */
|
|
if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
|
|
$if_modified_since = stripslashes($_SERVER['HTTP_IF_MODIFIED_SINCE']);
|
|
if ($if_modified_since !== FALSE) {
|
|
$if_modified_since = strtotime($if_modified_since);
|
|
foreach (array($rfc1123, $rfc1036, $ctime) as $d) {
|
|
if ($d == $if_modified_since) {
|
|
header("HTTP/1.1 304 Not modified");
|
|
exit(0);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
switch ($photo_data['access_rights']) {
|
|
case $access['public']:
|
|
$cache_ctrl = "public";
|
|
break;
|
|
default:
|
|
$cache_ctrl = "private";
|
|
break;
|
|
}
|
|
|
|
/* with exception of Content-Disposition, this should be the same headers */
|
|
/* like the headers of a file from the file system */
|
|
if($image_type == 'jpg')
|
|
$image_type = 'jpeg';
|
|
|
|
switch($image_type) {
|
|
case "jpeg":
|
|
case "png":
|
|
case "gif":
|
|
case "webp":
|
|
case "jxr":
|
|
$mime_type = "image/$image_type";
|
|
break;
|
|
default:
|
|
$disposition = "attachment"; // can't display non-jpg/png in browser.
|
|
$mime_type = "application/octet-stream";
|
|
}
|
|
|
|
$original_image_name=rawurlencode($original_image_name);
|
|
/* Add an expires: h eader */
|
|
$expires = gmdate("r", (time() + 604800)) .' GMT'; /* 1 week */
|
|
|
|
if (!file_exists($file_name)) {
|
|
header("HTTP/1.1 500 Internal Server Error");
|
|
exit(0);
|
|
}
|
|
|
|
/* Send out headers */
|
|
header("Content-Disposition: $disposition; filename=$original_image_name; modification-date=\"$rfc1123\"; size=$file_length");
|
|
header("Last-Modified: $rfc1123");
|
|
header("Content-Type: $mime_type");
|
|
header("Expires: $expires");
|
|
if ($cache_ctrl != FALSE) {
|
|
header("Cache-Control: $cache_ctrl");
|
|
}
|
|
header("Content-Length: $file_length");
|
|
|
|
/* Flush headers */
|
|
if (ob_get_level()) ob_end_clean();
|
|
|
|
readfile($file_name);
|
|
exit(0);
|
|
?>
|