diff options
author | ichdasich <ichdasich@29ba0400-6e00-0410-a75a-ca02368028f8> | 2008-09-26 17:29:39 +0000 |
---|---|---|
committer | ichdasich <ichdasich@29ba0400-6e00-0410-a75a-ca02368028f8> | 2008-09-26 17:29:39 +0000 |
commit | edeb637de1fbba698a599e6d3b3e21d909c06c11 (patch) | |
tree | 732c403f72b54a4adeb189a4ce9c6f68f1473676 /www-ssl | |
parent | 3f35e47a32d5c0702ff3a396bdfdd6d4ce1136dc (diff) |
final pic-fixes
git-svn-id: svn://svn.cccv.de/engel-system@293 29ba0400-6e00-0410-a75a-ca02368028f8
Diffstat (limited to 'www-ssl')
-rw-r--r-- | www-ssl/ShowUserPicture.php | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/www-ssl/ShowUserPicture.php b/www-ssl/ShowUserPicture.php new file mode 100644 index 00000000..0b61d153 --- /dev/null +++ b/www-ssl/ShowUserPicture.php @@ -0,0 +1,58 @@ +<?PHP + +include ("../includes/config.php"); +include ("../includes/error_handler.php"); +include ("../includes/config_db.php"); +if( !isset($_SESSION)) session_start(); +include ("../includes/secure.php"); + + +// Parameter check +if( !isset($_GET["UID"]) ) + $_GET["UID"]= "-1"; + +$SQL= "SELECT * FROM `UserPicture` WHERE `UID`='". $_GET["UID"]. "'"; +$res = mysql_query( $SQL, $con); + +if( mysql_num_rows($res) == 1) +{ + //genügend rechte + if( !isset($_SESSION['UID']) || $_SESSION['UID'] == -1) + { + header( "HTTP/1.0 403 Forbidden"); + die( "403 Forbidden"); + } + + // ist das bild sichtbar? + if( (mysql_result($res, 0, "show")=="N") AND + ($_SESSION['UID']!=$_GET["UID"]) AND + ($_SESSION['CVS'][ "admin/UserPicture.php" ] == "N")) + { + $SQL= "SELECT * FROM `UserPicture` WHERE `UID`='-1'"; + $res = mysql_query( $SQL, $con); + if( mysql_num_rows($res) != 1) + { + header( 'HTTP/1.0 404 Not Found'); + die( "404 Not Found"); + } + } + + /// bild aus db auslesen + $bild = mysql_result($res, 0, "Bild"); + + // ausgabe bild + header( "Accept-Ranges: bytes"); + header( "Content-Length: ". strlen($bild)); + header( "Content-type: ". mysql_result($res, 0, "ContentType")); + header( "Cache-control: public"); + header( "Cache-request-directive: min-fresh = 120"); + header( "Cache-request-directive: max-age = 360"); + echo $bild; +} +else +{ + header( 'HTTP/1.0 404 Not Found'); + die( "404 Not Found"); +} + +?> |