source: trunk/action.php @ 2206

Last change on this file since 2206 was 2084, checked in by rvelices, 17 years ago

feature 731: permissions at image level

  • this is the first version - I wait for feedback before changing help files
  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 5.7 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | branch        : BSF (Best So Far)
8// | file          : $URL: svn+ssh://rub@svn.gna.org/svn/phpwebgallery/trunk/action.php $
9// | last update   : $Date: 2007-09-11 02:24:51 +0000 (Tue, 11 Sep 2007) $
10// | last modifier : $Author: rvelices $
11// | revision      : $Rev: 2084 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27
28define('PHPWG_ROOT_PATH','./');
29include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
30
31// Check Access and exit when user status is not ok
32check_status(ACCESS_GUEST);
33
34function guess_mime_type($ext)
35{
36  switch ( strtolower($ext) )
37  {
38    case "jpe": case "jpeg":
39    case "jpg": $ctype="image/jpeg"; break;
40    case "png": $ctype="image/png"; break;
41    case "gif": $ctype="image/gif"; break;
42    case "tiff":
43    case "tif": $ctype="image/tiff"; break;
44    case "txt": $ctype="text/plain"; break;
45    case "html":
46    case "htm": $ctype="text/html"; break;
47    case "xml": $ctype="text/xml"; break;
48    case "pdf": $ctype="application/pdf"; break;
49    case "zip": $ctype="application/zip"; break;
50    case "ogg": $ctype="application/ogg"; break;
51    default: $ctype="application/octet-stream";
52  }
53  return $ctype;
54}
55
56function do_error( $code, $str )
57{
58  set_status_header( $code );
59  echo $str ;
60  exit();
61}
62
63
64if (!isset($_GET['id'])
65    or !is_numeric($_GET['id'])
66    or !isset($_GET['part'])
67    or !in_array($_GET['part'], array('t','e','i','h') ) )
68{
69  do_error(400, 'Invalid request - id/part');
70}
71
72$query = '
73SELECT * FROM '. IMAGES_TABLE.'
74  WHERE id='.$_GET['id'].'
75;';
76
77$result = pwg_query($query);
78$element_info = mysql_fetch_assoc($result);
79if ( empty($element_info) )
80{
81  do_error(404, 'Requested id not found');
82}
83
84// $filter['visible_categories'] and $filter['visible_images']
85// are not used because it's not necessary (filter <> restriction)
86$query='
87SELECT id
88  FROM '.CATEGORIES_TABLE.'
89    INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON category_id = id
90  WHERE image_id = '.$_GET['id'].'
91'.get_sql_condition_FandF(
92  array(
93      'forbidden_categories' => 'category_id',
94      'forbidden_images' => 'image_id',
95    ),
96  '    AND'
97  ).'
98  LIMIT 1
99;';
100if ( mysql_num_rows(pwg_query($query))<1 )
101{
102  do_error(401, 'Access denied');
103}
104
105include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
106$file='';
107switch ($_GET['part'])
108{
109  case 't':
110    $file = get_thumbnail_path($element_info);
111    break;
112  case 'e':
113    $file = get_element_path($element_info);
114    break;
115  case 'i':
116    $file = get_image_path($element_info);
117    break;
118  case 'h':
119    if ( $user['enabled_high']!='true' )
120    {
121      do_error(401, 'Access denied h');
122    }
123    $file = get_high_path($element_info);
124    break;
125}
126
127if ( empty($file) )
128{
129  do_error(404, 'Requested file not found');
130}
131
132if ($_GET['part'] == 'h') {
133  pwg_log($_GET['id'], 'high');
134}
135else if ($_GET['part'] == 'e')
136{
137  pwg_log($_GET['id'], 'other');
138}
139
140$http_headers = array();
141
142$ctype = null;
143if (!url_is_remote($file))
144{
145  if ( !@is_readable($file) )
146  {
147    do_error(404, "Requested file not found - $file");
148  }
149  $http_headers[] = 'Content-Length: '.@filesize($file);
150  if ( function_exists('mime_content_type') )
151  {
152    $ctype = mime_content_type($file);
153  }
154
155  $gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)).' GMT';
156  $http_headers[] = 'Last-Modified: '.$gmt_mtime;
157
158  // following lines would indicate how the client should handle the cache
159  /* $max_age=300;
160  $http_headers[] = 'Expires: '.gmdate('D, d M Y H:i:s', time()+$max_age).' GMT';
161  // HTTP/1.1 only
162  $http_headers[] = 'Cache-Control: private, must-revalidate, max-age='.$max_age;*/
163
164  if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
165  {
166    set_status_header(304);
167    foreach ($http_headers as $header)
168    {
169      header( $header );
170    }
171    exit();
172  }
173}
174
175if (!isset($ctype))
176{ // give it a guess
177  $ctype = guess_mime_type( get_extension($file) );
178}
179
180$http_headers[] = 'Content-Type: '.$ctype;
181
182if (!isset($_GET['view']))
183{
184  $http_headers[] = 'Content-Disposition: attachment; filename="'
185            .basename($file).'";';
186  $http_headers[] = 'Content-Transfer-Encoding: binary';
187}
188else
189{
190  $http_headers[] = 'Content-Disposition: inline; filename="'
191            .basename($file).'";';
192}
193
194foreach ($http_headers as $header)
195{
196  header( $header );
197}
198
199// Looking at the safe_mode configuration for execution time
200if (ini_get('safe_mode') == 0)
201{
202  @set_time_limit(0);
203}
204
205@readfile($file);
206
207?>
Note: See TracBrowser for help on using the repository browser.