summaryrefslogtreecommitdiff
path: root/www-ssl/ShowUserPicture.php
blob: 793b55464e505f79112757f7230f8fbeb501fd2e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
<?PHP

include ("../../camp2011/includes/config.php");
include ("../../camp2011/includes/error_handler.php");
include ("../../camp2011/includes/config_db.php");
if( !isset($_SESSION))	session_start();
include ("../../camp2011/includes/secure.php");


// Parameter check
if( !isset($_GET["UID"]) )
	$_GET["UID"]= "-1";

$SQL= "SELECT * FROM `UserPicture` WHERE `UID`='". $_GET["UID"]. "'";
$res = mysql_query( $SQL, $con);

if( mysql_num_rows($res) == 1)
{
	//gen�gend rechte
	if( !isset($_SESSION['UID']) || $_SESSION['UID'] == -1)
	{
		header( "HTTP/1.0 403 Forbidden");
		die( "403 Forbidden");
	}
	
	// ist das bild sichtbar?
	if( (mysql_result($res, 0, "show")=="N") AND
	    ($_SESSION['UID']!=$_GET["UID"]) AND 
	    ($_SESSION['CVS'][ "admin/UserPicture.php" ] == "N"))
	{
		$SQL= "SELECT * FROM `UserPicture` WHERE `UID`='-1'";
		$res = mysql_query( $SQL, $con);
		if( mysql_num_rows($res) != 1)
		{
			header( 'HTTP/1.0 404 Not Found');
			die( "404 Not Found");
		}
	}

	/// bild aus db auslesen
	$bild = mysql_result($res, 0, "Bild");
	
	// ausgabe bild
	header( "Accept-Ranges: bytes");
	header( "Content-Length: ". strlen($bild));
	header( "Content-type: ". mysql_result($res, 0, "ContentType"));
	header( "Cache-control: public");
	header( "Cache-request-directive: min-fresh = 120");
	header( "Cache-request-directive: max-age = 360");
	echo $bild;
}
else
{
	header( 'HTTP/1.0 404 Not Found');
	die( "404 Not Found");
}

?>