diff options
Diffstat (limited to 'BSF/action.php')
| -rw-r--r-- | BSF/action.php | 203 |
1 files changed, 203 insertions, 0 deletions
diff --git a/BSF/action.php b/BSF/action.php new file mode 100644 index 000000000..3d16b1bd9 --- /dev/null +++ b/BSF/action.php @@ -0,0 +1,203 @@ +<?php +// +-----------------------------------------------------------------------+ +// | Piwigo - a PHP based picture gallery | +// +-----------------------------------------------------------------------+ +// | Copyright(C) 2008 Piwigo Team http://piwigo.org | +// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | +// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | +// +-----------------------------------------------------------------------+ +// | This program is free software; you can redistribute it and/or modify | +// | it under the terms of the GNU General Public License as published by | +// | the Free Software Foundation | +// | | +// | This program is distributed in the hope that it will be useful, but | +// | WITHOUT ANY WARRANTY; without even the implied warranty of | +// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | +// | General Public License for more details. | +// | | +// | You should have received a copy of the GNU General Public License | +// | along with this program; if not, write to the Free Software | +// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | +// | USA. | +// +-----------------------------------------------------------------------+ + +define('PHPWG_ROOT_PATH','./'); +include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); + +// Check Access and exit when user status is not ok +check_status(ACCESS_GUEST); + +function guess_mime_type($ext) +{ + switch ( strtolower($ext) ) + { + case "jpe": case "jpeg": + case "jpg": $ctype="image/jpeg"; break; + case "png": $ctype="image/png"; break; + case "gif": $ctype="image/gif"; break; + case "tiff": + case "tif": $ctype="image/tiff"; break; + case "txt": $ctype="text/plain"; break; + case "html": + case "htm": $ctype="text/html"; break; + case "xml": $ctype="text/xml"; break; + case "pdf": $ctype="application/pdf"; break; + case "zip": $ctype="application/zip"; break; + case "ogg": $ctype="application/ogg"; break; + default: $ctype="application/octet-stream"; + } + return $ctype; +} + +function do_error( $code, $str ) +{ + set_status_header( $code ); + echo $str ; + exit(); +} + + +if (!isset($_GET['id']) + or !is_numeric($_GET['id']) + or !isset($_GET['part']) + or !in_array($_GET['part'], array('t','e','i','h') ) ) +{ + do_error(400, 'Invalid request - id/part'); +} + +$query = ' +SELECT * FROM '. IMAGES_TABLE.' + WHERE id='.$_GET['id'].' +;'; + +$result = pwg_query($query); +$element_info = mysql_fetch_assoc($result); +if ( empty($element_info) ) +{ + do_error(404, 'Requested id not found'); +} + +// $filter['visible_categories'] and $filter['visible_images'] +// are not used because it's not necessary (filter <> restriction) +$query=' +SELECT id + FROM '.CATEGORIES_TABLE.' + INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON category_id = id + WHERE image_id = '.$_GET['id'].' +'.get_sql_condition_FandF( + array( + 'forbidden_categories' => 'category_id', + 'forbidden_images' => 'image_id', + ), + ' AND' + ).' + LIMIT 1 +;'; +if ( mysql_num_rows(pwg_query($query))<1 ) +{ + do_error(401, 'Access denied'); +} + +include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php'); +$file=''; +switch ($_GET['part']) +{ + case 't': + $file = get_thumbnail_path($element_info); + break; + case 'e': + $file = get_element_path($element_info); + break; + case 'i': + $file = get_image_path($element_info); + break; + case 'h': + if ( $user['enabled_high']!='true' ) + { + do_error(401, 'Access denied h'); + } + $file = get_high_path($element_info); + break; +} + +if ( empty($file) ) +{ + do_error(404, 'Requested file not found'); +} + +if ($_GET['part'] == 'h') { + pwg_log($_GET['id'], 'high'); +} +else if ($_GET['part'] == 'e') +{ + pwg_log($_GET['id'], 'other'); +} + +$http_headers = array(); + +$ctype = null; +if (!url_is_remote($file)) +{ + if ( !@is_readable($file) ) + { + do_error(404, "Requested file not found - $file"); + } + $http_headers[] = 'Content-Length: '.@filesize($file); + if ( function_exists('mime_content_type') ) + { + $ctype = mime_content_type($file); + } + + $gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)).' GMT'; + $http_headers[] = 'Last-Modified: '.$gmt_mtime; + + // following lines would indicate how the client should handle the cache + /* $max_age=300; + $http_headers[] = 'Expires: '.gmdate('D, d M Y H:i:s', time()+$max_age).' GMT'; + // HTTP/1.1 only + $http_headers[] = 'Cache-Control: private, must-revalidate, max-age='.$max_age;*/ + + if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) + { + set_status_header(304); + foreach ($http_headers as $header) + { + header( $header ); + } + exit(); + } +} + +if (!isset($ctype)) +{ // give it a guess + $ctype = guess_mime_type( get_extension($file) ); +} + +$http_headers[] = 'Content-Type: '.$ctype; + +if (!isset($_GET['view'])) +{ + $http_headers[] = 'Content-Disposition: attachment; filename="' + .basename($file).'";'; + $http_headers[] = 'Content-Transfer-Encoding: binary'; +} +else +{ + $http_headers[] = 'Content-Disposition: inline; filename="' + .basename($file).'";'; +} + +foreach ($http_headers as $header) +{ + header( $header ); +} + +// Looking at the safe_mode configuration for execution time +if (ini_get('safe_mode') == 0) +{ + @set_time_limit(0); +} + +@readfile($file); + +?>
\ No newline at end of file |