source: trunk/action.php @ 4423

Revision 4325, 5.5 KB checked in by nikrou, 10 years ago (diff)

Feature 1244 resolved
Replace all mysql functions in core code by ones independant of database engine

Fix small php code synxtax : hash must be accessed with [ ] and not { }.

  • Property svn:eol-style set to LF
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24define('PHPWG_ROOT_PATH','./');
25include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
26
27// Check Access and exit when user status is not ok
28check_status(ACCESS_GUEST);
29
30function guess_mime_type($ext)
31{
32  switch ( strtolower($ext) )
33  {
34    case "jpe": case "jpeg":
35    case "jpg": $ctype="image/jpeg"; break;
36    case "png": $ctype="image/png"; break;
37    case "gif": $ctype="image/gif"; break;
38    case "tiff":
39    case "tif": $ctype="image/tiff"; break;
40    case "txt": $ctype="text/plain"; break;
41    case "html":
42    case "htm": $ctype="text/html"; break;
43    case "xml": $ctype="text/xml"; break;
44    case "pdf": $ctype="application/pdf"; break;
45    case "zip": $ctype="application/zip"; break;
46    case "ogg": $ctype="application/ogg"; break;
47    default: $ctype="application/octet-stream";
48  }
49  return $ctype;
50}
51
52function do_error( $code, $str )
53{
54  set_status_header( $code );
55  echo $str ;
56  exit();
57}
58
59
60if (!isset($_GET['id'])
61    or !is_numeric($_GET['id'])
62    or !isset($_GET['part'])
63    or !in_array($_GET['part'], array('t','e','i','h') ) )
64{
65  do_error(400, 'Invalid request - id/part');
66}
67
68$query = '
69SELECT * FROM '. IMAGES_TABLE.'
70  WHERE id='.$_GET['id'].'
71;';
72
73$result = pwg_query($query);
74$element_info = pwg_db_fetch_assoc($result);
75if ( empty($element_info) )
76{
77  do_error(404, 'Requested id not found');
78}
79
80// $filter['visible_categories'] and $filter['visible_images']
81// are not used because it's not necessary (filter <> restriction)
82$query='
83SELECT id
84  FROM '.CATEGORIES_TABLE.'
85    INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON category_id = id
86  WHERE image_id = '.$_GET['id'].'
87'.get_sql_condition_FandF(
88  array(
89      'forbidden_categories' => 'category_id',
90      'forbidden_images' => 'image_id',
91    ),
92  '    AND'
93  ).'
94  LIMIT 1
95;';
96if ( pwg_db_num_rows(pwg_query($query))<1 )
97{
98  do_error(401, 'Access denied');
99}
100
101include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
102$file='';
103switch ($_GET['part'])
104{
105  case 't':
106    $file = get_thumbnail_path($element_info);
107    break;
108  case 'e':
109    $file = get_element_path($element_info);
110    break;
111  case 'i':
112    $file = get_image_path($element_info);
113    break;
114  case 'h':
115    if ( $user['enabled_high']!='true' )
116    {
117      do_error(401, 'Access denied h');
118    }
119    $file = get_high_path($element_info);
120    break;
121}
122
123if ( empty($file) )
124{
125  do_error(404, 'Requested file not found');
126}
127
128if ($_GET['part'] == 'h') {
129  pwg_log($_GET['id'], 'high');
130}
131else if ($_GET['part'] == 'e')
132{
133  pwg_log($_GET['id'], 'other');
134}
135
136$http_headers = array();
137
138$ctype = null;
139if (!url_is_remote($file))
140{
141  if ( !@is_readable($file) )
142  {
143    do_error(404, "Requested file not found - $file");
144  }
145  $http_headers[] = 'Content-Length: '.@filesize($file);
146  if ( function_exists('mime_content_type') )
147  {
148    $ctype = mime_content_type($file);
149  }
150
151  $gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)).' GMT';
152  $http_headers[] = 'Last-Modified: '.$gmt_mtime;
153
154  // following lines would indicate how the client should handle the cache
155  /* $max_age=300;
156  $http_headers[] = 'Expires: '.gmdate('D, d M Y H:i:s', time()+$max_age).' GMT';
157  // HTTP/1.1 only
158  $http_headers[] = 'Cache-Control: private, must-revalidate, max-age='.$max_age;*/
159
160  if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
161  {
162    set_status_header(304);
163    foreach ($http_headers as $header)
164    {
165      header( $header );
166    }
167    exit();
168  }
169}
170
171if (!isset($ctype))
172{ // give it a guess
173  $ctype = guess_mime_type( get_extension($file) );
174}
175
176$http_headers[] = 'Content-Type: '.$ctype;
177
178if (!isset($_GET['view']))
179{
180  $http_headers[] = 'Content-Disposition: attachment; filename="'
181            .basename($file).'";';
182  $http_headers[] = 'Content-Transfer-Encoding: binary';
183}
184else
185{
186  $http_headers[] = 'Content-Disposition: inline; filename="'
187            .basename($file).'";';
188}
189
190foreach ($http_headers as $header)
191{
192  header( $header );
193}
194
195// Looking at the safe_mode configuration for execution time
196if (ini_get('safe_mode') == 0)
197{
198  @set_time_limit(0);
199}
200
201@readfile($file);
202
203?>
Note: See TracBrowser for help on using the repository browser.