restriction) $query=' SELECT id FROM '.CATEGORIES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON category_id=id WHERE image_id='.$id.' .'get_sql_condition_FandF(array('forbidden_categories' => 'category_id'), 'AND').' LIMIT 1 ;'; if ( mysql_num_rows(pwg_query($query))<1 ) { do_error(401, 'Access denied'); } include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php'); $file=''; switch ($_GET['part']) { case 't': $file = get_thumbnail_path($element_info); break; case 'e': $file = get_element_path($element_info); break; case 'i': $file = get_image_path($element_info); break; case 'h': if ( $user['enabled_high']!='true' ) { do_error(401, 'Access denied h'); } $file = get_high_path($element_info); break; } if ( empty($file) ) { do_error(404, 'Requested file not found'); } $http_headers = array(); $ctype = null; if (!url_is_remote($file)) { if ( !@is_readable($file) ) { do_error(404, "Requested file not found - $file"); } $http_headers[] = 'Content-Length: '.@filesize($file); if ( function_exists('mime_content_type') ) { $ctype = mime_content_type($file); } $gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)).' GMT'; $http_headers[] = 'Last-Modified: '.$gmt_mtime; // following lines would indicate how the client should handle the cache /* $max_age=300; $http_headers[] = 'Expires: '.gmdate('D, d M Y H:i:s', time()+$max_age).' GMT'; // HTTP/1.1 only $http_headers[] = 'Cache-Control: private, must-revalidate, max-age='.$max_age;*/ if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) { set_status_header(304); foreach ($http_headers as $header) { header( $header ); } exit(); } } if (!isset($ctype)) { // give it a guess $ctype = guess_mime_type( get_extension($file) ); } $http_headers[] = 'Content-Type: '.$ctype; if (!isset($_GET['view'])) { $http_headers[] = 'Content-Disposition: attachment; filename="' .basename($file).'";'; $http_headers[] = 'Content-Transfer-Encoding: binary'; } else { $http_headers[] = 'Content-Disposition: inline; filename="' .basename($file).'";'; } foreach ($http_headers as $header) { header( $header ); } // Looking at the safe_mode configuration for execution time if (ini_get('safe_mode') == 0) { @set_time_limit(0); } @readfile($file); ?>