source: trunk/action.php @ 2481

Last change on this file since 2481 was 2299, checked in by plg, 17 years ago

Bug fixed: as rvelices notified me by email, my header replacement script was
bugged (r2297 was repeating new and old header).

By the way, I've also removed the replacement keywords. We were using them
because it was a common usage with CVS but it is advised not to use them with
Subversion. Personnaly, it is a problem when I search differences between 2
Piwigo installations outside Subversion.

  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 5.5 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008      Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24define('PHPWG_ROOT_PATH','./');
25include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
26
27// Check Access and exit when user status is not ok
28check_status(ACCESS_GUEST);
29
30function guess_mime_type($ext)
31{
32  switch ( strtolower($ext) )
33  {
34    case "jpe": case "jpeg":
35    case "jpg": $ctype="image/jpeg"; break;
36    case "png": $ctype="image/png"; break;
37    case "gif": $ctype="image/gif"; break;
38    case "tiff":
39    case "tif": $ctype="image/tiff"; break;
40    case "txt": $ctype="text/plain"; break;
41    case "html":
42    case "htm": $ctype="text/html"; break;
43    case "xml": $ctype="text/xml"; break;
44    case "pdf": $ctype="application/pdf"; break;
45    case "zip": $ctype="application/zip"; break;
46    case "ogg": $ctype="application/ogg"; break;
47    default: $ctype="application/octet-stream";
48  }
49  return $ctype;
50}
51
52function do_error( $code, $str )
53{
54  set_status_header( $code );
55  echo $str ;
56  exit();
57}
58
59
60if (!isset($_GET['id'])
61    or !is_numeric($_GET['id'])
62    or !isset($_GET['part'])
63    or !in_array($_GET['part'], array('t','e','i','h') ) )
64{
65  do_error(400, 'Invalid request - id/part');
66}
67
68$query = '
69SELECT * FROM '. IMAGES_TABLE.'
70  WHERE id='.$_GET['id'].'
71;';
72
73$result = pwg_query($query);
74$element_info = mysql_fetch_assoc($result);
75if ( empty($element_info) )
76{
77  do_error(404, 'Requested id not found');
78}
79
80// $filter['visible_categories'] and $filter['visible_images']
81// are not used because it's not necessary (filter <> restriction)
82$query='
83SELECT id
84  FROM '.CATEGORIES_TABLE.'
85    INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON category_id = id
86  WHERE image_id = '.$_GET['id'].'
87'.get_sql_condition_FandF(
88  array(
89      'forbidden_categories' => 'category_id',
90      'forbidden_images' => 'image_id',
91    ),
92  '    AND'
93  ).'
94  LIMIT 1
95;';
96if ( mysql_num_rows(pwg_query($query))<1 )
97{
98  do_error(401, 'Access denied');
99}
100
101include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
102$file='';
103switch ($_GET['part'])
104{
105  case 't':
106    $file = get_thumbnail_path($element_info);
107    break;
108  case 'e':
109    $file = get_element_path($element_info);
110    break;
111  case 'i':
112    $file = get_image_path($element_info);
113    break;
114  case 'h':
115    if ( $user['enabled_high']!='true' )
116    {
117      do_error(401, 'Access denied h');
118    }
119    $file = get_high_path($element_info);
120    break;
121}
122
123if ( empty($file) )
124{
125  do_error(404, 'Requested file not found');
126}
127
128if ($_GET['part'] == 'h') {
129  pwg_log($_GET['id'], 'high');
130}
131else if ($_GET['part'] == 'e')
132{
133  pwg_log($_GET['id'], 'other');
134}
135
136$http_headers = array();
137
138$ctype = null;
139if (!url_is_remote($file))
140{
141  if ( !@is_readable($file) )
142  {
143    do_error(404, "Requested file not found - $file");
144  }
145  $http_headers[] = 'Content-Length: '.@filesize($file);
146  if ( function_exists('mime_content_type') )
147  {
148    $ctype = mime_content_type($file);
149  }
150
151  $gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)).' GMT';
152  $http_headers[] = 'Last-Modified: '.$gmt_mtime;
153
154  // following lines would indicate how the client should handle the cache
155  /* $max_age=300;
156  $http_headers[] = 'Expires: '.gmdate('D, d M Y H:i:s', time()+$max_age).' GMT';
157  // HTTP/1.1 only
158  $http_headers[] = 'Cache-Control: private, must-revalidate, max-age='.$max_age;*/
159
160  if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
161  {
162    set_status_header(304);
163    foreach ($http_headers as $header)
164    {
165      header( $header );
166    }
167    exit();
168  }
169}
170
171if (!isset($ctype))
172{ // give it a guess
173  $ctype = guess_mime_type( get_extension($file) );
174}
175
176$http_headers[] = 'Content-Type: '.$ctype;
177
178if (!isset($_GET['view']))
179{
180  $http_headers[] = 'Content-Disposition: attachment; filename="'
181            .basename($file).'";';
182  $http_headers[] = 'Content-Transfer-Encoding: binary';
183}
184else
185{
186  $http_headers[] = 'Content-Disposition: inline; filename="'
187            .basename($file).'";';
188}
189
190foreach ($http_headers as $header)
191{
192  header( $header );
193}
194
195// Looking at the safe_mode configuration for execution time
196if (ini_get('safe_mode') == 0)
197{
198  @set_time_limit(0);
199}
200
201@readfile($file);
202
203?>
Note: See TracBrowser for help on using the repository browser.