forked from atutor/ATutor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
get_profile_img.php
85 lines (70 loc) · 2.65 KB
/
get_profile_img.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<?php
/************************************************************************/
/* ATutor */
/************************************************************************/
/* Copyright (c) 2002-2010 */
/* Inclusive Design Institute */
/* http://atutor.ca */
/* This program is free software. You can redistribute it and/or */
/* modify it under the terms of the GNU General Public License */
/* as published by the Free Software Foundation. */
/************************************************************************/
// $Id$
define('AT_INCLUDE_PATH', 'include/');
@ob_end_clean();
header("Content-Encoding: none");
$_user_location = 'public';
$nophoto_flag = false; //true if no profile photo exists
require(AT_INCLUDE_PATH . 'vitals.inc.php');
require(AT_INCLUDE_PATH . 'lib/mime.inc.php');
$id = intval($_GET['id']);
if (isset($_GET['size']) && $_GET['size'] == 'o') {
$size = 'originals'; //t (thumbnail) or o (original)
} elseif (isset($_GET['size']) && $_GET['size'] == 'p') {
$size = 'profile'; //p (profile)
} else {
$size = 'thumbs';
}
$file = AT_CONTENT_DIR . 'profile_pictures/' . $size .'/'. $id .'.';
$extensions = array('gif', 'jpg', 'png');
foreach ($extensions as $extension) {
if (file_exists($file.$extension)) {
$file .= $extension;
}
}
//if file does not exist, quit.
if (!file_exists($file)){
$file = AT_INCLUDE_PATH.'../images/nophoto.gif';
$nophoto_flag = true;
}
$pathinfo = pathinfo($file);
$ext = $pathinfo['extension'];
if ($ext == '') {
$ext = 'application/octet-stream';
} else {
$ext = $mime[$ext][0];
}
$real = realpath($file);
if ($nophoto_flag || (file_exists($real) && (substr($real, 0, strlen(AT_CONTENT_DIR)) == AT_CONTENT_DIR))) {
header('Content-Disposition: inline; filename="'.$size.$id.'.'.$pathinfo['extension'].'"');
/**
* although we can check if mod_xsendfile is installed in apache2
* we can't actually check if it's enabled. also, we can't check if
* it's enabled and installed in lighty, so instead we send the
* header anyway, if it works then the line after it will not
* execute. if it doesn't work, then the line after it will replace
* it so that the full server path is not exposed.
*
* x-sendfile is supported in apache2 and lighttpd 1.5+ (previously
* named x-send-file in lighttpd 1.4)
*/
header('x-Sendfile: '.$real);
header('x-Sendfile: ', TRUE); // if we get here then it didn't work
header('Content-Type: '.$ext);
@readfile($real);
exit;
} else {
header('HTTP/1.1 404 Not Found', TRUE);
exit;
}
?>