source: trunk/action.php @ 13489

Last change on this file since 13489 was 13489, checked in by rvelices, 12 years ago

added event for src image url
simplify js in picture.tpl
action.php fix history saving

  • Property svn:eol-style set to LF
File size: 5.5 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2012 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24define('PHPWG_ROOT_PATH','./');
25session_cache_limiter('public');
26include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
27
28// Check Access and exit when user status is not ok
29check_status(ACCESS_GUEST);
30
31function guess_mime_type($ext)
32{
33  switch ( strtolower($ext) )
34  {
35    case "jpe": case "jpeg":
36    case "jpg": $ctype="image/jpeg"; break;
37    case "png": $ctype="image/png"; break;
38    case "gif": $ctype="image/gif"; break;
39    case "tiff":
40    case "tif": $ctype="image/tiff"; break;
41    case "txt": $ctype="text/plain"; break;
42    case "html":
43    case "htm": $ctype="text/html"; break;
44    case "xml": $ctype="text/xml"; break;
45    case "pdf": $ctype="application/pdf"; break;
46    case "zip": $ctype="application/zip"; break;
47    case "ogg": $ctype="application/ogg"; break;
48    default: $ctype="application/octet-stream";
49  }
50  return $ctype;
51}
52
53function do_error( $code, $str )
54{
55  set_status_header( $code );
56  echo $str ;
57  exit();
58}
59
60
61if (!isset($_GET['id'])
62    or !is_numeric($_GET['id'])
63    or !isset($_GET['part'])
64    or !in_array($_GET['part'], array('e','r') ) )
65{
66  do_error(400, 'Invalid request - id/part');
67}
68
69$query = '
70SELECT * FROM '. IMAGES_TABLE.'
71  WHERE id='.$_GET['id'].'
72;';
73
74$element_info = pwg_db_fetch_assoc(pwg_query($query));
75if ( empty($element_info) )
76{
77  do_error(404, 'Requested id not found');
78}
79
80// $filter['visible_categories'] and $filter['visible_images']
81// are not used because it's not necessary (filter <> restriction)
82$query='
83SELECT id
84  FROM '.CATEGORIES_TABLE.'
85    INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON category_id = id
86  WHERE image_id = '.$_GET['id'].'
87'.get_sql_condition_FandF(
88  array(
89      'forbidden_categories' => 'category_id',
90      'forbidden_images' => 'image_id',
91    ),
92  '    AND'
93  ).'
94  LIMIT 1
95;';
96if ( pwg_db_num_rows(pwg_query($query))<1 )
97{
98  do_error(401, 'Access denied');
99}
100
101include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
102$file='';
103switch ($_GET['part'])
104{
105  case 'e':
106    if ( $user['enabled_high']!='true' )
107    {
108      do_error(401, 'Access denied e');
109    }
110    $file = get_element_path($element_info);
111    break;
112  case 'r':
113    $file = original_to_representative( get_element_path($element_info), $element_info['representative_ext'] );
114    break;
115}
116
117if ( empty($file) )
118{
119  do_error(404, 'Requested file not found');
120}
121
122if ($_GET['part'] == 'e') {
123  pwg_log($_GET['id'], 'high');
124}
125else if ($_GET['part'] == 'e')
126{
127  pwg_log($_GET['id'], 'other');
128}
129
130$http_headers = array();
131
132$ctype = null;
133if (!url_is_remote($file))
134{
135  if ( !@is_readable($file) )
136  {
137    do_error(404, "Requested file not found - $file");
138  }
139  $http_headers[] = 'Content-Length: '.@filesize($file);
140  if ( function_exists('mime_content_type') )
141  {
142    $ctype = mime_content_type($file);
143  }
144
145  $gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)).' GMT';
146  $http_headers[] = 'Last-Modified: '.$gmt_mtime;
147
148  // following lines would indicate how the client should handle the cache
149  /* $max_age=300;
150  $http_headers[] = 'Expires: '.gmdate('D, d M Y H:i:s', time()+$max_age).' GMT';
151  // HTTP/1.1 only
152  $http_headers[] = 'Cache-Control: private, must-revalidate, max-age='.$max_age;*/
153
154  if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
155  {
156    set_status_header(304);
157    foreach ($http_headers as $header)
158    {
159      header( $header );
160    }
161    exit();
162  }
163}
164
165if (!isset($ctype))
166{ // give it a guess
167  $ctype = guess_mime_type( get_extension($file) );
168}
169
170$http_headers[] = 'Content-Type: '.$ctype;
171
172if (isset($_GET['download']))
173{
174  $http_headers[] = 'Content-Disposition: attachment; filename="'.$element_info['file'].'";';
175  $http_headers[] = 'Content-Transfer-Encoding: binary';
176}
177else
178{
179  $http_headers[] = 'Content-Disposition: inline; filename="'
180            .basename($file).'";';
181}
182
183foreach ($http_headers as $header)
184{
185  header( $header );
186}
187
188// Looking at the safe_mode configuration for execution time
189if (ini_get('safe_mode') == 0)
190{
191  @set_time_limit(0);
192}
193
194@readfile($file);
195
196?>
Note: See TracBrowser for help on using the repository browser.