diff options
Diffstat (limited to 'www-ssl/ShowUserPicture.php')
-rw-r--r-- | www-ssl/ShowUserPicture.php | 105 |
1 files changed, 49 insertions, 56 deletions
diff --git a/www-ssl/ShowUserPicture.php b/www-ssl/ShowUserPicture.php index 793b5546..b6e95897 100644 --- a/www-ssl/ShowUserPicture.php +++ b/www-ssl/ShowUserPicture.php @@ -1,58 +1,51 @@ -<?PHP - -include ("../../camp2011/includes/config.php"); -include ("../../camp2011/includes/error_handler.php"); -include ("../../camp2011/includes/config_db.php"); -if( !isset($_SESSION)) session_start(); -include ("../../camp2011/includes/secure.php"); - - -// Parameter check -if( !isset($_GET["UID"]) ) - $_GET["UID"]= "-1"; - -$SQL= "SELECT * FROM `UserPicture` WHERE `UID`='". $_GET["UID"]. "'"; -$res = mysql_query( $SQL, $con); - -if( mysql_num_rows($res) == 1) -{ - //genügend rechte - if( !isset($_SESSION['UID']) || $_SESSION['UID'] == -1) - { - header( "HTTP/1.0 403 Forbidden"); - die( "403 Forbidden"); - } - - // ist das bild sichtbar? - if( (mysql_result($res, 0, "show")=="N") AND - ($_SESSION['UID']!=$_GET["UID"]) AND - ($_SESSION['CVS'][ "admin/UserPicture.php" ] == "N")) - { - $SQL= "SELECT * FROM `UserPicture` WHERE `UID`='-1'"; - $res = mysql_query( $SQL, $con); - if( mysql_num_rows($res) != 1) - { - header( 'HTTP/1.0 404 Not Found'); - die( "404 Not Found"); - } - } - - /// bild aus db auslesen - $bild = mysql_result($res, 0, "Bild"); - - // ausgabe bild - header( "Accept-Ranges: bytes"); - header( "Content-Length: ". strlen($bild)); - header( "Content-type: ". mysql_result($res, 0, "ContentType")); - header( "Cache-control: public"); - header( "Cache-request-directive: min-fresh = 120"); - header( "Cache-request-directive: max-age = 360"); - echo $bild; -} -else -{ - header( 'HTTP/1.0 404 Not Found'); - die( "404 Not Found"); -} +<?php + include "../../camp2011/includes/config.php"; + include "../../camp2011/includes/error_handler.php"; + include "../../camp2011/includes/config_db.php"; + if(!isset($_SESSION)) + session_start(); + + include "../../camp2011/includes/secure.php"; + + // Parameter check + if(!isset($_GET["UID"])) + $_GET["UID"] = "-1"; + + $SQL = "SELECT * FROM `UserPicture` WHERE `UID`='" . $_GET["UID"] . "'"; + $res = mysql_query($SQL, $con); + + if(mysql_num_rows($res) == 1) { + // genuegend rechte + if(!isset($_SESSION['UID']) || $_SESSION['UID'] == -1) { + header("HTTP/1.0 403 Forbidden"); + die("403 Forbidden"); + } + + // ist das bild sichtbar? + if((mysql_result($res, 0, "show") == "N") AND ($_SESSION['UID']!=$_GET["UID"]) AND ($_SESSION['CVS'][ "admin/UserPicture.php" ] == "N")) { + $SQL = "SELECT * FROM `UserPicture` WHERE `UID`='-1'"; + $res = mysql_query($SQL, $con); + + if(mysql_num_rows($res) != 1) { + header("HTTP/1.0 404 Not Found"); + die("404 Not Found"); + } + } + + // bild aus db auslesen + $bild = mysql_result($res, 0, "Bild"); + + // ausgabe bild + header("Accept-Ranges: bytes"); + header("Content-Length: " . strlen($bild)); + header("Content-type: " . mysql_result($res, 0, "ContentType")); + header("Cache-control: public"); + header("Cache-request-directive: min-fresh = 120"); + header("Cache-request-directive: max-age = 360"); + echo $bild; + } else { + header("HTTP/1.0 404 Not Found"); + die( "404 Not Found"); + } ?> |