summaryrefslogtreecommitdiff
path: root/www-ssl/ShowUserPicture.php
diff options
context:
space:
mode:
authorichdasich <ichdasich@29ba0400-6e00-0410-a75a-ca02368028f8>2008-09-26 17:29:39 +0000
committerichdasich <ichdasich@29ba0400-6e00-0410-a75a-ca02368028f8>2008-09-26 17:29:39 +0000
commitedeb637de1fbba698a599e6d3b3e21d909c06c11 (patch)
tree732c403f72b54a4adeb189a4ce9c6f68f1473676 /www-ssl/ShowUserPicture.php
parent3f35e47a32d5c0702ff3a396bdfdd6d4ce1136dc (diff)
final pic-fixes
git-svn-id: svn://svn.cccv.de/engel-system@293 29ba0400-6e00-0410-a75a-ca02368028f8
Diffstat (limited to 'www-ssl/ShowUserPicture.php')
-rw-r--r--www-ssl/ShowUserPicture.php58
1 files changed, 58 insertions, 0 deletions
diff --git a/www-ssl/ShowUserPicture.php b/www-ssl/ShowUserPicture.php
new file mode 100644
index 00000000..0b61d153
--- /dev/null
+++ b/www-ssl/ShowUserPicture.php
@@ -0,0 +1,58 @@
+<?PHP
+
+include ("../includes/config.php");
+include ("../includes/error_handler.php");
+include ("../includes/config_db.php");
+if( !isset($_SESSION)) session_start();
+include ("../includes/secure.php");
+
+
+// Parameter check
+if( !isset($_GET["UID"]) )
+ $_GET["UID"]= "-1";
+
+$SQL= "SELECT * FROM `UserPicture` WHERE `UID`='". $_GET["UID"]. "'";
+$res = mysql_query( $SQL, $con);
+
+if( mysql_num_rows($res) == 1)
+{
+ //genügend rechte
+ if( !isset($_SESSION['UID']) || $_SESSION['UID'] == -1)
+ {
+ header( "HTTP/1.0 403 Forbidden");
+ die( "403 Forbidden");
+ }
+
+ // ist das bild sichtbar?
+ if( (mysql_result($res, 0, "show")=="N") AND
+ ($_SESSION['UID']!=$_GET["UID"]) AND
+ ($_SESSION['CVS'][ "admin/UserPicture.php" ] == "N"))
+ {
+ $SQL= "SELECT * FROM `UserPicture` WHERE `UID`='-1'";
+ $res = mysql_query( $SQL, $con);
+ if( mysql_num_rows($res) != 1)
+ {
+ header( 'HTTP/1.0 404 Not Found');
+ die( "404 Not Found");
+ }
+ }
+
+ /// bild aus db auslesen
+ $bild = mysql_result($res, 0, "Bild");
+
+ // ausgabe bild
+ header( "Accept-Ranges: bytes");
+ header( "Content-Length: ". strlen($bild));
+ header( "Content-type: ". mysql_result($res, 0, "ContentType"));
+ header( "Cache-control: public");
+ header( "Cache-request-directive: min-fresh = 120");
+ header( "Cache-request-directive: max-age = 360");
+ echo $bild;
+}
+else
+{
+ header( 'HTTP/1.0 404 Not Found');
+ die( "404 Not Found");
+}
+
+?>