plugins/gallery/fetcher.php
author Dan
Thu, 29 Nov 2007 22:47:20 -0500
changeset 16 36dd990c0c25
parent 9 ebd7003e73c6
child 25 d9f37d2ea2cf
permissions -rw-r--r--
Apparently didn't nail the last of that namespace typo

<?php

/*
 * Snapr
 * Version 0.1 beta 1
 * Copyright (C) 2007 Dan Fuhry
 *
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
 */

##
## IMAGE FILE FETCHER
##

$plugins->attachHook('base_classes_initted', '
  global $paths;
    $paths->add_page(Array(
      \'name\'=>\'Image fetcher pagelet\',
      \'urlname\'=>\'GalleryFetcher\',
      \'namespace\'=>\'Special\',
      \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
      ));
  ');

function page_Special_GalleryFetcher()
{
  global $db, $session, $paths, $template, $plugins; // Common objects
  
  $type = $paths->getParam(0);
  if ( !in_array($type, array('thumb', 'preview', 'full')) )
  {
    die('Hack attempt');
  }
  
  $id = intval($paths->getParam(1));
  if ( !$id )
  {
    die('Hack attempt');
  }
  
  // Permissions object
  $perms = $session->fetch_page_acl($id, 'Gallery');
  
  if ( !$perms->get_permissions('gal_full_res') && $type == 'full' )
  {
    $type = 'preview';
  }
  
  $q = $db->sql_query('SELECT img_title, img_filename, img_time_mod, is_folder FROM '.table_prefix.'gallery WHERE img_id=' . $id . ';');
  if ( !$q )
    $db->_die();
  
  if ( $db->numrows() < 1 )
    die('Image not found');
  
  $row = $db->fetchrow();
  
  switch ( $type )
  {
    case 'thumb':
      $filename = ENANO_ROOT . '/cache/' . $row['img_filename'] . '-thumb.jpg';
      $mimetype = 'image/jpeg';
      $ext = "jpg";
      break;
    case 'preview':
      $filename = ENANO_ROOT . '/cache/' . $row['img_filename'] . '-preview.jpg';
      $mimetype = 'image/jpeg';
      $ext = "jpg";
      break;
    case 'full':
      $filename = ENANO_ROOT . '/files/' . $row['img_filename'];
      $ext = get_file_extension($filename);
      switch($ext)
      {
        case 'png': $mimetype = 'image/png'; break;
        case 'gif': $mimetype = 'image/gif'; break;
        case 'bmp': $mimetype = 'image/bmp'; break;
        case 'jpg': case 'jpeg': $mimetype = 'image/jpeg'; break;
        case 'tif': case 'tiff': $mimetype = 'image/tiff'; break;
        default: $mimetype = 'application/octet-stream';
      }
      break;
    default:
      die('PHP...insane...');
      break;
  }
  
  // Make sure we have permission to read this image
  if ( !$perms->get_permissions('read') )
  {
    $filename = ENANO_ROOT . '/plugins/gallery/denied.png';
    $mimetype = 'image/png';
  }
  
  if ( $row['is_folder'] == '1' )
  {
    $filename = ENANO_ROOT . '/plugins/gallery/folder.png';
    $mimetype = 'image/png';
  }
  
  if ( !file_exists($filename) )
    die('Can\'t retrieve image file ' . $filename);
  
  $contents = file_get_contents($filename);
  
  header('Content-type: '   . $mimetype);
  header('Content-length: ' . strlen($contents));
  header('Last-Modified: '  . date('r', $row['img_time_mod']));
  
  if ( isset($_GET['download']) )
  {
    // determine an appropriate non-revealing filename
    $filename = str_replace(' ', '_', $row['img_title']);
    $filename = preg_replace('/([^\w\._-]+)/', '-', $filename);
    $filename = trim($filename, '-');
    $filename .= ".$ext";
    header('Content-disposition: attachment; filename=' . $filename);
  }
  
  echo $contents;
  
  gzip_output();
  
  $db->close();
  exit;
  
}

?>