2
0

Avatar.php 4.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143
  1. <?php
  2. /**
  3. * This file handles the avatar requests. The whole point of this file is to reduce the loaded stuff to show an image
  4. *
  5. * Simple Machines Forum (SMF)
  6. *
  7. * @package SMF
  8. * @author Simple Machines http://www.simplemachines.org
  9. * @copyright 2014 Simple Machines and individual contributors
  10. * @license http://www.simplemachines.org/about/smf/license.php BSD
  11. *
  12. * @version 2.1 Alpha 1
  13. */
  14. if (!defined('SMF'))
  15. die('No direct access...');
  16. /**
  17. * Shows an avatar based on $_GET['attach']
  18. */
  19. function showAvatar()
  20. {
  21. global $smcFunc, $modSettings, $maintenance;
  22. // We need a valid ID
  23. if(empty($_GET['attach']) || (string)$_GET['attach'] != (string)(int)$_GET['attach'])
  24. die;
  25. // No access in strict maintenance mode
  26. if(!empty($maintenance) && $maintenance == 2)
  27. die;
  28. // This is done to clear any output that was made before now.
  29. if(!empty($modSettings['enableCompressedOutput']) && !headers_sent() && ob_get_length() == 0)
  30. {
  31. if(@ini_get('zlib.output_compression') == '1' || @ini_get('output_handler') == 'ob_gzhandler')
  32. $modSettings['enableCompressedOutput'] = 0;
  33. else
  34. ob_start('ob_gzhandler');
  35. }
  36. if(empty($modSettings['enableCompressedOutput']))
  37. {
  38. ob_start();
  39. header('Content-Encoding: none');
  40. }
  41. // Better handling
  42. $id_attach = (int) $_GET['attach'];
  43. // Use cache when possible
  44. if(($cache = cache_get_data('avatar_lookup_id-'. $id_attach)) != null)
  45. $file = $cache;
  46. // Get the info from the DB
  47. else
  48. {
  49. $request = $smcFunc['db_query']('', '
  50. SELECT id_folder, filename AS real_filename, file_hash, fileext, id_attach, attachment_type, mime_type, approved, id_member
  51. FROM {db_prefix}attachments
  52. WHERE id_attach = {int:id_attach}
  53. AND id_member > {int:blank_id_member}
  54. LIMIT 1',
  55. array(
  56. 'id_attach' => $id_attach,
  57. 'blank_id_member' => 0,
  58. )
  59. );
  60. $file = $smcFunc['db_fetch_assoc']($request);
  61. // Update the download counter (unless it's a thumbnail).
  62. if ($file['attachment_type'] != 3)
  63. $smcFunc['db_query']('attach_download_increase', '
  64. UPDATE LOW_PRIORITY {db_prefix}attachments
  65. SET downloads = downloads + 1
  66. WHERE id_attach = {int:id_attach}',
  67. array(
  68. 'id_attach' => $id_attach,
  69. )
  70. );
  71. $file['filename'] = getAttachmentFilename($file['real_filename'], $id_attach, $file['id_folder'], false, $file['file_hash']);
  72. // ETag time
  73. $file['etag'] = '"'. function_exists('md5_file') ? md5_file($file['filename']) : md5(file_get_contents($file['filename'])). '"';
  74. // Cache it... (Why do I randomly select a length at which to expire? Search around for RIP_JITTER :P)
  75. cache_put_data('avatar_lookup_id-'. $id_attach, $file, mt_rand(850, 900));
  76. }
  77. // The file does not exists
  78. if(!file_exists($file['filename']))
  79. {
  80. header('HTTP/1.0 404 File Not Found');
  81. die('404 File Not Found');
  82. }
  83. // If it hasn't been modified since the last time this attachement was retrieved, there's no need to display it again.
  84. if (!empty($_SERVER['HTTP_IF_MODIFIED_SINCE']))
  85. {
  86. list($modified_since) = explode(';', $_SERVER['HTTP_IF_MODIFIED_SINCE']);
  87. if (strtotime($modified_since) >= filemtime($file['filename']))
  88. {
  89. ob_end_clean();
  90. // Answer the question - no, it hasn't been modified ;).
  91. header('HTTP/1.1 304 Not Modified');
  92. exit;
  93. }
  94. }
  95. header('Pragma: ');
  96. header('Expires: '. gmdate('D, d M Y H:i:s', time() + 31536000). ' GMT');
  97. header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($file['filename'])). ' GMT');
  98. header('Accept-Ranges: bytes');
  99. header('Connection: close');
  100. header('ETag: '. $file['etag']);
  101. header('Content-Type: '. $file['mime_type']);
  102. // Since we don't do output compression for files this large...
  103. if (filesize($file['filename']) > 4194304)
  104. {
  105. // Forcibly end any output buffering going on.
  106. while (@ob_get_level() > 0)
  107. @ob_end_clean();
  108. $fp = fopen($file['filename'], 'rb');
  109. while (!feof($fp))
  110. {
  111. print fread($fp, 8192);
  112. flush();
  113. }
  114. fclose($fp);
  115. }
  116. // On some of the less-bright hosts, readfile() is disabled. It's just a faster, more byte safe, version of what's in the if.
  117. elseif (@readfile($file['filename']) === null)
  118. print file_get_contents($file['filename']);
  119. die();
  120. }