blob: 928c4ed8361a9df594479f4c3359be2c599223f1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
<?PHP
include ("../../27c3/includes/config.php");
include ("../../27c3/includes/error_handler.php");
include ("../../27c3/includes/config_db.php");
if( !isset($_SESSION)) session_start();
include ("../../27c3/includes/secure.php");
// Parameter check
if( !isset($_GET["UID"]) )
$_GET["UID"]= "-1";
$SQL= "SELECT * FROM `UserPicture` WHERE `UID`='". $_GET["UID"]. "'";
$res = mysql_query( $SQL, $con);
if( mysql_num_rows($res) == 1)
{
//gen�gend rechte
if( !isset($_SESSION['UID']) || $_SESSION['UID'] == -1)
{
header( "HTTP/1.0 403 Forbidden");
die( "403 Forbidden");
}
// ist das bild sichtbar?
if( (mysql_result($res, 0, "show")=="N") AND
($_SESSION['UID']!=$_GET["UID"]) AND
($_SESSION['CVS'][ "admin/UserPicture.php" ] == "N"))
{
$SQL= "SELECT * FROM `UserPicture` WHERE `UID`='-1'";
$res = mysql_query( $SQL, $con);
if( mysql_num_rows($res) != 1)
{
header( 'HTTP/1.0 404 Not Found');
die( "404 Not Found");
}
}
/// bild aus db auslesen
$bild = mysql_result($res, 0, "Bild");
// ausgabe bild
header( "Accept-Ranges: bytes");
header( "Content-Length: ". strlen($bild));
header( "Content-type: ". mysql_result($res, 0, "ContentType"));
header( "Cache-control: public");
header( "Cache-request-directive: min-fresh = 120");
header( "Cache-request-directive: max-age = 360");
echo $bild;
}
else
{
header( 'HTTP/1.0 404 Not Found');
die( "404 Not Found");
}
?>
|