1 files changed, 56 insertions, 0 deletions

diff --git a/www-ssl_old/ShowUserPicture.php b/www-ssl_old/ShowUserPicture.php
new file mode 100644
index 00000000..5a222c07
--- /dev/null
+++ b/www-ssl_old/ShowUserPicture.php
@@ -0,0 +1,56 @@
+<?php
+// Momentan keine Avatar-Funktionen
+die();
+
+require_once ('bootstrap.php');
+
+include "config/config.php";
+include "includes/error_handler.php";
+include "config/config_db.php";
+
+if (!isset ($_SESSION))
+	session_start();
+
+include "includes/secure.php";
+
+// Parameter check
+if (!isset ($_GET["UID"]))
+	$_GET["UID"] = "-1";
+
+$SQL = "SELECT * FROM `UserPicture` WHERE `UID`='" . $_GET["UID"] . "'";
+$res = mysql_query($SQL, $con);
+
+if (mysql_num_rows($res) == 1) {
+	// genuegend rechte
+	if (!isset ($_SESSION['UID']) || $_SESSION['UID'] == -1) {
+		header("HTTP/1.0 403 Forbidden");
+		die("403 Forbidden");
+	}
+
+	// ist das bild sichtbar?
+	if ((mysql_result($res, 0, "show") == "N") AND ($_SESSION['UID'] != $_GET["UID"]) AND ($_SESSION['CVS']["admin/UserPicture.php"] == "N")) {
+		$SQL = "SELECT * FROM `UserPicture` WHERE `UID`='-1'";
+		$res = mysql_query($SQL, $con);
+
+		if (mysql_num_rows($res) != 1) {
+			header("HTTP/1.0 404 Not Found");
+			die("404 Not Found");
+		}
+	}
+
+	// bild aus db auslesen
+	$bild = mysql_result($res, 0, "Bild");
+
+	// ausgabe bild
+	header("Accept-Ranges: bytes");
+	header("Content-Length: " . strlen($bild));
+	header("Content-type: " . mysql_result($res, 0, "ContentType"));
+	header("Cache-control: public");
+	header("Cache-request-directive: min-fresh = 120");
+	header("Cache-request-directive: max-age = 360");
+	echo $bild;
+} else {
+	header("HTTP/1.0 404 Not Found");
+	die("404 Not Found");
+}
+?>