1 files changed, 58 insertions, 0 deletions

diff --git a/www-ssl/ShowUserPicture.php b/www-ssl/ShowUserPicture.php
new file mode 100644
index 00000000..0b61d153
--- /dev/null
+++ b/www-ssl/ShowUserPicture.php
@@ -0,0 +1,58 @@
+<?PHP
+
+include ("../includes/config.php");
+include ("../includes/error_handler.php");
+include ("../includes/config_db.php");
+if( !isset($_SESSION))	session_start();
+include ("../includes/secure.php");
+
+
+// Parameter check
+if( !isset($_GET["UID"]) )
+	$_GET["UID"]= "-1";
+
+$SQL= "SELECT * FROM `UserPicture` WHERE `UID`='". $_GET["UID"]. "'";
+$res = mysql_query( $SQL, $con);
+
+if( mysql_num_rows($res) == 1)
+{
+	//genügend rechte
+	if( !isset($_SESSION['UID']) || $_SESSION['UID'] == -1)
+	{
+		header( "HTTP/1.0 403 Forbidden");
+		die( "403 Forbidden");
+	}
+	
+	// ist das bild sichtbar?
+	if( (mysql_result($res, 0, "show")=="N") AND
+	    ($_SESSION['UID']!=$_GET["UID"]) AND 
+	    ($_SESSION['CVS'][ "admin/UserPicture.php" ] == "N"))
+	{
+		$SQL= "SELECT * FROM `UserPicture` WHERE `UID`='-1'";
+		$res = mysql_query( $SQL, $con);
+		if( mysql_num_rows($res) != 1)
+		{
+			header( 'HTTP/1.0 404 Not Found');
+			die( "404 Not Found");
+		}
+	}
+
+	/// bild aus db auslesen
+	$bild = mysql_result($res, 0, "Bild");
+	
+	// ausgabe bild
+	header( "Accept-Ranges: bytes");
+	header( "Content-Length: ". strlen($bild));
+	header( "Content-type: ". mysql_result($res, 0, "ContentType"));
+	header( "Cache-control: public");
+	header( "Cache-request-directive: min-fresh = 120");
+	header( "Cache-request-directive: max-age = 360");
+	echo $bild;
+}
+else
+{
+	header( 'HTTP/1.0 404 Not Found');
+	die( "404 Not Found");
+}
+
+?>