summaryrefslogtreecommitdiff
path: root/www-ssl/inc/ShowUserPicture.php
diff options
context:
space:
mode:
Diffstat (limited to 'www-ssl/inc/ShowUserPicture.php')
-rw-r--r--www-ssl/inc/ShowUserPicture.php58
1 files changed, 0 insertions, 58 deletions
diff --git a/www-ssl/inc/ShowUserPicture.php b/www-ssl/inc/ShowUserPicture.php
deleted file mode 100644
index 8e058127..00000000
--- a/www-ssl/inc/ShowUserPicture.php
+++ /dev/null
@@ -1,58 +0,0 @@
-<?PHP
-
-include ("./inc/config.php");
-include ("./inc/error_handler.php");
-include ("./inc/config_db.php");
-if( !isset($_SESSION)) session_start();
-include ("./inc/secure.php");
-
-
-// Parameter check
-if( !isset($_GET["UID"]) )
- $_GET["UID"]= "-1";
-
-$SQL= "SELECT * FROM `UserPicture` WHERE `UID`='". $_GET["UID"]. "'";
-$res = mysql_query( $SQL, $con);
-
-if( mysql_num_rows($res) == 1)
-{
- //genügend rechte
- if( !isset($_SESSION['UID']) || $_SESSION['UID'] == -1)
- {
- header( "HTTP/1.0 403 Forbidden");
- die( "403 Forbidden");
- }
-
- // ist das bild sichtbar?
- if( (mysql_result($res, 0, "show")=="N") AND
- ($_SESSION['UID']!=$_GET["UID"]) AND
- ($_SESSION['CVS'][ "admin/UserPicture.php" ] == "N"))
- {
- $SQL= "SELECT * FROM `UserPicture` WHERE `UID`='-1'";
- $res = mysql_query( $SQL, $con);
- if( mysql_num_rows($res) != 1)
- {
- header( 'HTTP/1.0 404 Not Found');
- die( "404 Not Found");
- }
- }
-
- /// bild aus db auslesen
- $bild = mysql_result($res, 0, "Bild");
-
- // ausgabe bild
- header( "Accept-Ranges: bytes");
- header( "Content-Length: ". strlen($bild));
- header( "Content-type: ". mysql_result($res, 0, "ContentType"));
- header( "Cache-control: public");
- header( "Cache-request-directive: min-fresh = 120");
- header( "Cache-request-directive: max-age = 360");
- echo $bild;
-}
-else
-{
- header( 'HTTP/1.0 404 Not Found');
- die( "404 Not Found");
-}
-
-?>