source: trunk/action.php @ 24880

Last change on this file since 24880 was 19703, checked in by plg, 12 years ago

update Piwigo headers to 2013 (the end of the world didn't occur as expected on r12922)

  • Property svn:eol-style set to LF
File size: 5.6 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2013 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24define('PHPWG_ROOT_PATH','./');
25session_cache_limiter('public');
26include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
27
28// Check Access and exit when user status is not ok
29check_status(ACCESS_GUEST);
30
31function guess_mime_type($ext)
32{
33  switch ( strtolower($ext) )
34  {
35    case "jpe": case "jpeg":
36    case "jpg": $ctype="image/jpeg"; break;
37    case "png": $ctype="image/png"; break;
38    case "gif": $ctype="image/gif"; break;
39    case "tiff":
40    case "tif": $ctype="image/tiff"; break;
41    case "txt": $ctype="text/plain"; break;
42    case "html":
43    case "htm": $ctype="text/html"; break;
44    case "xml": $ctype="text/xml"; break;
45    case "pdf": $ctype="application/pdf"; break;
46    case "zip": $ctype="application/zip"; break;
47    case "ogg": $ctype="application/ogg"; break;
48    default: $ctype="application/octet-stream";
49  }
50  return $ctype;
51}
52
53function do_error( $code, $str )
54{
55  set_status_header( $code );
56  echo $str ;
57  exit();
58}
59
60
61if (!isset($_GET['id'])
62    or !is_numeric($_GET['id'])
63    or !isset($_GET['part'])
64    or !in_array($_GET['part'], array('e','r') ) )
65{
66  do_error(400, 'Invalid request - id/part');
67}
68
69$query = '
70SELECT * FROM '. IMAGES_TABLE.'
71  WHERE id='.$_GET['id'].'
72;';
73
74$element_info = pwg_db_fetch_assoc(pwg_query($query));
75if ( empty($element_info) )
76{
77  do_error(404, 'Requested id not found');
78}
79
80// $filter['visible_categories'] and $filter['visible_images']
81// are not used because it's not necessary (filter <> restriction)
82$query='
83SELECT id
84  FROM '.CATEGORIES_TABLE.'
85    INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON category_id = id
86  WHERE image_id = '.$_GET['id'].'
87'.get_sql_condition_FandF(
88  array(
89      'forbidden_categories' => 'category_id',
90      'forbidden_images' => 'image_id',
91    ),
92  '    AND'
93  ).'
94  LIMIT 1
95;';
96if ( pwg_db_num_rows(pwg_query($query))<1 )
97{
98  do_error(401, 'Access denied');
99}
100
101include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
102$file='';
103switch ($_GET['part'])
104{
105  case 'e':
106    if ( !$user['enabled_high'] )
107    {
108      $deriv = new DerivativeImage(IMG_XXLARGE, new SrcImage($element_info));
109      if ( !$deriv->same_as_source() )
110      {
111        do_error(401, 'Access denied e');
112      }
113    }
114    $file = get_element_path($element_info);
115    break;
116  case 'r':
117    $file = original_to_representative( get_element_path($element_info), $element_info['representative_ext'] );
118    break;
119}
120
121if ( empty($file) )
122{
123  do_error(404, 'Requested file not found');
124}
125
126if ($_GET['part'] == 'e') {
127  pwg_log($_GET['id'], 'high');
128}
129else if ($_GET['part'] == 'e')
130{
131  pwg_log($_GET['id'], 'other');
132}
133
134$http_headers = array();
135
136$ctype = null;
137if (!url_is_remote($file))
138{
139  if ( !@is_readable($file) )
140  {
141    do_error(404, "Requested file not found - $file");
142  }
143  $http_headers[] = 'Content-Length: '.@filesize($file);
144  if ( function_exists('mime_content_type') )
145  {
146    $ctype = mime_content_type($file);
147  }
148
149  $gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)).' GMT';
150  $http_headers[] = 'Last-Modified: '.$gmt_mtime;
151
152  // following lines would indicate how the client should handle the cache
153  /* $max_age=300;
154  $http_headers[] = 'Expires: '.gmdate('D, d M Y H:i:s', time()+$max_age).' GMT';
155  // HTTP/1.1 only
156  $http_headers[] = 'Cache-Control: private, must-revalidate, max-age='.$max_age;*/
157
158  if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
159  {
160    set_status_header(304);
161    foreach ($http_headers as $header)
162    {
163      header( $header );
164    }
165    exit();
166  }
167}
168
169if (!isset($ctype))
170{ // give it a guess
171  $ctype = guess_mime_type( get_extension($file) );
172}
173
174$http_headers[] = 'Content-Type: '.$ctype;
175
176if (isset($_GET['download']))
177{
178  $http_headers[] = 'Content-Disposition: attachment; filename="'.$element_info['file'].'";';
179  $http_headers[] = 'Content-Transfer-Encoding: binary';
180}
181else
182{
183  $http_headers[] = 'Content-Disposition: inline; filename="'
184            .basename($file).'";';
185}
186
187foreach ($http_headers as $header)
188{
189  header( $header );
190}
191
192// Looking at the safe_mode configuration for execution time
193if (ini_get('safe_mode') == 0)
194{
195  @set_time_limit(0);
196}
197
198@readfile($file);
199
200?>
Note: See TracBrowser for help on using the repository browser.