Avatar.php 4.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144
  1. <?php
  2. /**
  3. * This file handles the avatar requests. The whole point of this file is to reduce the loaded stuff to show an image
  4. *
  5. * Simple Machines Forum (SMF)
  6. *
  7. * @package SMF
  8. * @author Simple Machines
  9. *
  10. * @copyright 2013 Simple Machines and individual contributors
  11. * @license http://www.simplemachines.org/about/smf/license.php BSD
  12. *
  13. * @version 2.1 Alpha 1
  14. */
  15. if (!defined('SMF'))
  16. die('No direct access...');
  17. /**
  18. * Shows an avatar based on $_GET['attach']
  19. */
  20. function showAvatar()
  21. {
  22. global $smcFunc, $modSettings, $maintenance;
  23. // We need a valid ID
  24. if(empty($_GET['attach']) || (string)$_GET['attach'] != (string)(int)$_GET['attach'])
  25. die;
  26. // No access in strict maintenance mode
  27. if(!empty($maintenance) && $maintenance == 2)
  28. die;
  29. // This is done to clear any output that was made before now.
  30. if(!empty($modSettings['enableCompressedOutput']) && !headers_sent() && ob_get_length() == 0)
  31. {
  32. if(@ini_get('zlib.output_compression') == '1' || @ini_get('output_handler') == 'ob_gzhandler')
  33. $modSettings['enableCompressedOutput'] = 0;
  34. else
  35. ob_start('ob_gzhandler');
  36. }
  37. if(empty($modSettings['enableCompressedOutput']))
  38. {
  39. ob_start();
  40. header('Content-Encoding: none');
  41. }
  42. // Better handling
  43. $id_attach = (int) $_GET['attach'];
  44. // Use cache when possible
  45. if(($cache = cache_get_data('avatar_lookup_id-'. $id_attach)) != null)
  46. $file = $cache;
  47. // Get the info from the DB
  48. else
  49. {
  50. $request = $smcFunc['db_query']('', '
  51. SELECT id_folder, filename AS real_filename, file_hash, fileext, id_attach, attachment_type, mime_type, approved, id_member
  52. FROM {db_prefix}attachments
  53. WHERE id_attach = {int:id_attach}
  54. AND id_member > {int:blank_id_member}
  55. LIMIT 1',
  56. array(
  57. 'id_attach' => $id_attach,
  58. 'blank_id_member' => 0,
  59. )
  60. );
  61. $file = $smcFunc['db_fetch_assoc']($request);
  62. // Update the download counter (unless it's a thumbnail).
  63. if ($file['attachment_type'] != 3)
  64. $smcFunc['db_query']('attach_download_increase', '
  65. UPDATE LOW_PRIORITY {db_prefix}attachments
  66. SET downloads = downloads + 1
  67. WHERE id_attach = {int:id_attach}',
  68. array(
  69. 'id_attach' => $id_attach,
  70. )
  71. );
  72. $file['filename'] = getAttachmentFilename($file['real_filename'], $id_attach, $file['id_folder'], false, $file['file_hash']);
  73. // ETag time
  74. $file['etag'] = '"'. function_exists('md5_file') ? md5_file($file['filename']) : md5(file_get_contents($file['filename'])). '"';
  75. // Cache it... (Why do I randomly select a length at which to expire? Search around for RIP_JITTER :P)
  76. cache_put_data('avatar_lookup_id-'. $id_attach, $file, mt_rand(850, 900));
  77. }
  78. // The file does not exists
  79. if(!file_exists($file['filename']))
  80. {
  81. header('HTTP/1.0 404 File Not Found');
  82. die('404 File Not Found');
  83. }
  84. // If it hasn't been modified since the last time this attachement was retrieved, there's no need to display it again.
  85. if (!empty($_SERVER['HTTP_IF_MODIFIED_SINCE']))
  86. {
  87. list($modified_since) = explode(';', $_SERVER['HTTP_IF_MODIFIED_SINCE']);
  88. if (strtotime($modified_since) >= filemtime($file['filename']))
  89. {
  90. ob_end_clean();
  91. // Answer the question - no, it hasn't been modified ;).
  92. header('HTTP/1.1 304 Not Modified');
  93. exit;
  94. }
  95. }
  96. header('Pragma: ');
  97. header('Expires: '. gmdate('D, d M Y H:i:s', time() + 31536000). ' GMT');
  98. header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($file['filename'])). ' GMT');
  99. header('Accept-Ranges: bytes');
  100. header('Connection: close');
  101. header('ETag: '. $file['etag']);
  102. header('Content-Type: '. $file['mime_type']);
  103. // Since we don't do output compression for files this large...
  104. if (filesize($file['filename']) > 4194304)
  105. {
  106. // Forcibly end any output buffering going on.
  107. while (@ob_get_level() > 0)
  108. @ob_end_clean();
  109. $fp = fopen($file['filename'], 'rb');
  110. while (!feof($fp))
  111. {
  112. print fread($fp, 8192);
  113. flush();
  114. }
  115. fclose($fp);
  116. }
  117. // On some of the less-bright hosts, readfile() is disabled. It's just a faster, more byte safe, version of what's in the if.
  118. elseif (@readfile($file['filename']) === null)
  119. print file_get_contents($file['filename']);
  120. die();
  121. }