2005-12-19 19:58:38 +01:00
|
|
|
<?php
|
|
|
|
// +-----------------------------------------------------------------------+
|
2011-01-18 01:02:52 +01:00
|
|
|
// | Piwigo - a PHP based photo gallery |
|
2008-04-05 00:57:23 +02:00
|
|
|
// +-----------------------------------------------------------------------+
|
2016-01-14 12:17:58 +01:00
|
|
|
// | Copyright(C) 2008-2016 Piwigo Team http://piwigo.org |
|
2008-04-05 00:57:23 +02:00
|
|
|
// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net |
|
|
|
|
// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick |
|
|
|
|
// +-----------------------------------------------------------------------+
|
|
|
|
// | This program is free software; you can redistribute it and/or modify |
|
2005-12-19 19:58:38 +01:00
|
|
|
// | it under the terms of the GNU General Public License as published by |
|
|
|
|
// | the Free Software Foundation |
|
|
|
|
// | |
|
|
|
|
// | This program is distributed in the hope that it will be useful, but |
|
|
|
|
// | WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
|
|
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
|
|
|
|
// | General Public License for more details. |
|
|
|
|
// | |
|
|
|
|
// | You should have received a copy of the GNU General Public License |
|
|
|
|
// | along with this program; if not, write to the Free Software |
|
|
|
|
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
|
|
|
|
// | USA. |
|
|
|
|
// +-----------------------------------------------------------------------+
|
|
|
|
|
2006-10-10 23:23:06 +02:00
|
|
|
define('PHPWG_ROOT_PATH','./');
|
2012-03-06 21:43:18 +01:00
|
|
|
session_cache_limiter('public');
|
2006-10-10 23:23:06 +02:00
|
|
|
include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
|
|
|
|
|
|
|
|
// Check Access and exit when user status is not ok
|
|
|
|
check_status(ACCESS_GUEST);
|
|
|
|
|
2006-11-17 05:26:10 +01:00
|
|
|
function guess_mime_type($ext)
|
2005-12-19 19:58:38 +01:00
|
|
|
{
|
2006-11-17 05:26:10 +01:00
|
|
|
switch ( strtolower($ext) )
|
2006-10-10 23:23:06 +02:00
|
|
|
{
|
2006-11-17 05:26:10 +01:00
|
|
|
case "jpe": case "jpeg":
|
|
|
|
case "jpg": $ctype="image/jpeg"; break;
|
|
|
|
case "png": $ctype="image/png"; break;
|
|
|
|
case "gif": $ctype="image/gif"; break;
|
|
|
|
case "tiff":
|
|
|
|
case "tif": $ctype="image/tiff"; break;
|
|
|
|
case "txt": $ctype="text/plain"; break;
|
|
|
|
case "html":
|
|
|
|
case "htm": $ctype="text/html"; break;
|
|
|
|
case "xml": $ctype="text/xml"; break;
|
|
|
|
case "pdf": $ctype="application/pdf"; break;
|
|
|
|
case "zip": $ctype="application/zip"; break;
|
|
|
|
case "ogg": $ctype="application/ogg"; break;
|
|
|
|
default: $ctype="application/octet-stream";
|
2006-10-10 23:23:06 +02:00
|
|
|
}
|
2006-11-17 05:26:10 +01:00
|
|
|
return $ctype;
|
|
|
|
}
|
2005-12-19 19:58:38 +01:00
|
|
|
|
2006-11-17 05:26:10 +01:00
|
|
|
function do_error( $code, $str )
|
|
|
|
{
|
2006-12-08 01:12:44 +01:00
|
|
|
set_status_header( $code );
|
2006-11-17 05:26:10 +01:00
|
|
|
echo $str ;
|
|
|
|
exit();
|
|
|
|
}
|
|
|
|
|
2015-12-17 14:08:53 +01:00
|
|
|
if ($conf['enable_formats'] and isset($_GET['format']))
|
2015-12-07 10:54:18 +01:00
|
|
|
{
|
|
|
|
check_input_parameter('format', $_GET, false, PATTERN_ID);
|
|
|
|
|
|
|
|
$query = '
|
|
|
|
SELECT
|
|
|
|
*
|
|
|
|
FROM '.IMAGE_FORMAT_TABLE.'
|
|
|
|
WHERE format_id = '.$_GET['format'].'
|
|
|
|
;';
|
|
|
|
$formats = query2array($query);
|
|
|
|
|
|
|
|
if (count($formats) == 0)
|
|
|
|
{
|
|
|
|
do_error(400, 'Invalid request - format');
|
|
|
|
}
|
|
|
|
|
|
|
|
$format = $formats[0];
|
|
|
|
|
|
|
|
$_GET['id'] = $format['image_id'];
|
|
|
|
$_GET['part'] = 'f'; // "f" for "format"
|
|
|
|
}
|
|
|
|
|
2006-11-17 05:26:10 +01:00
|
|
|
|
2007-02-14 23:53:02 +01:00
|
|
|
if (!isset($_GET['id'])
|
|
|
|
or !is_numeric($_GET['id'])
|
2006-11-17 05:26:10 +01:00
|
|
|
or !isset($_GET['part'])
|
2015-12-07 10:54:18 +01:00
|
|
|
or !in_array($_GET['part'], array('e','r','f') ) )
|
2006-11-17 05:26:10 +01:00
|
|
|
{
|
|
|
|
do_error(400, 'Invalid request - id/part');
|
|
|
|
}
|
|
|
|
|
|
|
|
$query = '
|
|
|
|
SELECT * FROM '. IMAGES_TABLE.'
|
2007-02-14 23:53:02 +01:00
|
|
|
WHERE id='.$_GET['id'].'
|
2006-11-17 05:26:10 +01:00
|
|
|
;';
|
|
|
|
|
2012-03-06 21:43:18 +01:00
|
|
|
$element_info = pwg_db_fetch_assoc(pwg_query($query));
|
2006-11-17 05:26:10 +01:00
|
|
|
if ( empty($element_info) )
|
|
|
|
{
|
|
|
|
do_error(404, 'Requested id not found');
|
|
|
|
}
|
2006-12-22 00:49:12 +01:00
|
|
|
|
2016-07-18 23:08:31 +02:00
|
|
|
// special download action for admins
|
|
|
|
$is_admin_download = false;
|
|
|
|
if (is_admin() and isset($_GET['pwg_token']) and get_pwg_token() == $_GET['pwg_token'])
|
|
|
|
{
|
|
|
|
$is_admin_download = true;
|
|
|
|
$user['enabled_high'] = true;
|
|
|
|
}
|
|
|
|
|
2016-05-10 11:37:35 +02:00
|
|
|
$src_image = new SrcImage($element_info);
|
|
|
|
|
2006-12-22 00:49:12 +01:00
|
|
|
// $filter['visible_categories'] and $filter['visible_images']
|
2006-12-21 22:38:20 +01:00
|
|
|
// are not used because it's not necessary (filter <> restriction)
|
2006-11-22 03:57:41 +01:00
|
|
|
$query='
|
2007-02-14 23:53:02 +01:00
|
|
|
SELECT id
|
|
|
|
FROM '.CATEGORIES_TABLE.'
|
|
|
|
INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON category_id = id
|
|
|
|
WHERE image_id = '.$_GET['id'].'
|
|
|
|
'.get_sql_condition_FandF(
|
2007-09-11 04:24:51 +02:00
|
|
|
array(
|
|
|
|
'forbidden_categories' => 'category_id',
|
|
|
|
'forbidden_images' => 'image_id',
|
|
|
|
),
|
2007-02-14 23:53:02 +01:00
|
|
|
' AND'
|
|
|
|
).'
|
2006-11-22 03:57:41 +01:00
|
|
|
LIMIT 1
|
|
|
|
;';
|
2016-07-18 23:08:31 +02:00
|
|
|
if (!$is_admin_download and pwg_db_num_rows(pwg_query($query))<1 )
|
2006-11-22 03:57:41 +01:00
|
|
|
{
|
|
|
|
do_error(401, 'Access denied');
|
|
|
|
}
|
2006-11-17 05:26:10 +01:00
|
|
|
|
|
|
|
include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
|
|
|
|
$file='';
|
|
|
|
switch ($_GET['part'])
|
|
|
|
{
|
|
|
|
case 'e':
|
2016-05-10 11:37:35 +02:00
|
|
|
if ( $src_image->is_original() and !$user['enabled_high'] )
|
|
|
|
{// we have a photo and the user has no access to HD
|
|
|
|
$deriv = new DerivativeImage(IMG_XXLARGE, $src_image);
|
2012-03-09 07:04:55 +01:00
|
|
|
if ( !$deriv->same_as_source() )
|
|
|
|
{
|
|
|
|
do_error(401, 'Access denied e');
|
|
|
|
}
|
2006-11-22 03:57:41 +01:00
|
|
|
}
|
2012-01-05 23:06:21 +01:00
|
|
|
$file = get_element_path($element_info);
|
|
|
|
break;
|
|
|
|
case 'r':
|
|
|
|
$file = original_to_representative( get_element_path($element_info), $element_info['representative_ext'] );
|
2006-11-17 05:26:10 +01:00
|
|
|
break;
|
2015-12-07 10:54:18 +01:00
|
|
|
case 'f' :
|
|
|
|
$file = original_to_format(get_element_path($element_info), $format['ext']);
|
|
|
|
$element_info['file'] = get_filename_wo_extension($element_info['file']).'.'.$format['ext'];
|
|
|
|
break;
|
2006-11-17 05:26:10 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if ( empty($file) )
|
|
|
|
{
|
|
|
|
do_error(404, 'Requested file not found');
|
|
|
|
}
|
|
|
|
|
2012-03-06 21:43:18 +01:00
|
|
|
if ($_GET['part'] == 'e') {
|
2007-02-21 00:40:02 +01:00
|
|
|
pwg_log($_GET['id'], 'high');
|
|
|
|
}
|
|
|
|
else if ($_GET['part'] == 'e')
|
|
|
|
{
|
|
|
|
pwg_log($_GET['id'], 'other');
|
2007-02-14 23:53:02 +01:00
|
|
|
}
|
2015-12-07 10:54:18 +01:00
|
|
|
else if ($_GET['part'] == 'f')
|
|
|
|
{
|
|
|
|
pwg_log($_GET['id'], 'high', $format['format_id']);
|
|
|
|
}
|
2007-02-14 23:53:02 +01:00
|
|
|
|
2006-11-17 05:26:10 +01:00
|
|
|
$http_headers = array();
|
2005-12-19 19:58:38 +01:00
|
|
|
|
2006-11-17 05:26:10 +01:00
|
|
|
$ctype = null;
|
|
|
|
if (!url_is_remote($file))
|
|
|
|
{
|
|
|
|
if ( !@is_readable($file) )
|
2006-10-10 23:23:06 +02:00
|
|
|
{
|
2006-11-17 05:26:10 +01:00
|
|
|
do_error(404, "Requested file not found - $file");
|
2006-10-10 23:23:06 +02:00
|
|
|
}
|
2006-11-17 05:26:10 +01:00
|
|
|
$http_headers[] = 'Content-Length: '.@filesize($file);
|
|
|
|
if ( function_exists('mime_content_type') )
|
2006-09-20 23:24:34 +02:00
|
|
|
{
|
2006-11-17 05:26:10 +01:00
|
|
|
$ctype = mime_content_type($file);
|
2006-09-20 23:24:34 +02:00
|
|
|
}
|
2006-11-22 03:57:41 +01:00
|
|
|
|
|
|
|
$gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)).' GMT';
|
|
|
|
$http_headers[] = 'Last-Modified: '.$gmt_mtime;
|
|
|
|
|
|
|
|
// following lines would indicate how the client should handle the cache
|
|
|
|
/* $max_age=300;
|
|
|
|
$http_headers[] = 'Expires: '.gmdate('D, d M Y H:i:s', time()+$max_age).' GMT';
|
|
|
|
// HTTP/1.1 only
|
|
|
|
$http_headers[] = 'Cache-Control: private, must-revalidate, max-age='.$max_age;*/
|
|
|
|
|
2015-12-20 17:49:12 +01:00
|
|
|
if ('f' != $_GET['part'] and isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
|
2006-11-22 03:57:41 +01:00
|
|
|
{
|
2006-12-08 01:12:44 +01:00
|
|
|
set_status_header(304);
|
2006-11-22 03:57:41 +01:00
|
|
|
foreach ($http_headers as $header)
|
|
|
|
{
|
|
|
|
header( $header );
|
|
|
|
}
|
|
|
|
exit();
|
|
|
|
}
|
2006-11-17 05:26:10 +01:00
|
|
|
}
|
2006-11-22 03:57:41 +01:00
|
|
|
|
2006-11-17 05:26:10 +01:00
|
|
|
if (!isset($ctype))
|
|
|
|
{ // give it a guess
|
|
|
|
$ctype = guess_mime_type( get_extension($file) );
|
|
|
|
}
|
2006-09-20 23:24:34 +02:00
|
|
|
|
2006-11-17 05:26:10 +01:00
|
|
|
$http_headers[] = 'Content-Type: '.$ctype;
|
|
|
|
|
2012-01-05 23:06:21 +01:00
|
|
|
if (isset($_GET['download']))
|
2006-11-17 05:26:10 +01:00
|
|
|
{
|
2010-02-19 10:46:42 +01:00
|
|
|
$http_headers[] = 'Content-Disposition: attachment; filename="'.$element_info['file'].'";';
|
2006-11-17 05:26:10 +01:00
|
|
|
$http_headers[] = 'Content-Transfer-Encoding: binary';
|
2005-12-19 19:58:38 +01:00
|
|
|
}
|
2006-11-22 03:57:41 +01:00
|
|
|
else
|
|
|
|
{
|
|
|
|
$http_headers[] = 'Content-Disposition: inline; filename="'
|
|
|
|
.basename($file).'";';
|
|
|
|
}
|
2006-11-17 05:26:10 +01:00
|
|
|
|
|
|
|
foreach ($http_headers as $header)
|
2005-12-19 19:58:38 +01:00
|
|
|
{
|
2006-11-17 05:26:10 +01:00
|
|
|
header( $header );
|
2005-12-19 19:58:38 +01:00
|
|
|
}
|
2006-11-17 05:26:10 +01:00
|
|
|
|
|
|
|
// Looking at the safe_mode configuration for execution time
|
|
|
|
if (ini_get('safe_mode') == 0)
|
|
|
|
{
|
|
|
|
@set_time_limit(0);
|
|
|
|
}
|
|
|
|
|
|
|
|
@readfile($file);
|
2005-12-19 19:58:38 +01:00
|
|
|
|
2006-11-17 05:26:10 +01:00
|
|
|
?>
|