Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
Omnimaga
/
SMF2.1
mirror of [email protected]:Omnimaga/SMF2.1.git
2
0
Fork 0
Các tập tin Các vấn đề 0 Wiki
Tree: ea2a3be18c
Branches Tags
SMF2.1
/
Sources
/
Avatar.php

Avatar.php 4.2 KB
Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * This file handles the avatar requests. The whole point of this file is to reduce the loaded stuff to show an image
    5. 

  5.  *
    6. 

  6.  * Simple Machines Forum (SMF)
    7. 

  7.  *
    8. 

  8.  * @package SMF
    9. 

  9.  * @author Simple Machines
    10. 

  10.  *
    11. 

  11.  * @copyright 2012 Simple Machines
    12. 

  12.  * @license http://www.simplemachines.org/about/smf/license.php BSD
    13. 

  13.  *
    14. 

  14.  * @version 2.1 Alpha 1
    15. 

  15.  */
    16. 

  16. 

  17. if (!defined('SMF'))
    18. 

  18. 	die('Hacking attempt...');
    19. 

  19. 

  20. // Make sure we have the attachment ID
    21. 

  21. $temp = explode(';', $_SERVER['QUERY_STRING']);
    22. 

  22. foreach($temp as $tmp)
    23. 

  23. 	if(substr($tmp, 0, 6) == 'attach')
    24. 

  24. 	{
    25. 

  25. 		@list(, $_GET['attach']) = explode('=', $tmp);
    26. 

  26. 		break;
    27. 

  27. 	}
    28. 

  28. 

  29. // We need a valid ID
    30. 

  30. if(empty($_GET['attach']) || (string)$_GET['attach'] != (string)(int)$_GET['attach'])
    31. 

  31. 	die;
    32. 

  32. 

  33. // Load the only files we need
    34. 

  34. require($sourcedir. '/Load.php');
    35. 

  35. require($sourcedir. '/Subs.php');
    36. 

  36. 

  37. // No access in strict maintenance mode
    38. 

  38. if(!empty($maintenance) && $maintenance == 2)
    39. 

  39. 	die;
    40. 

  40. 

  41. $smcFunc = array();
    42. 

  42. 

  43. // Load the database.
    44. 

  44. loadDatabase();
    45. 

  45. 

  46. // Load the settings
    47. 

  47. reloadSettings();
    48. 

  48. 

  49. // This is done to clear any output that was made before now.
    50. 

  50. if(!empty($modSettings['enableCompressedOutput']) && !headers_sent() && ob_get_length() == 0)
    51. 

  51. {
    52. 

  52. 	if(@ini_get('zlib.output_compression') == '1' || @ini_get('output_handler') == 'ob_gzhandler')
    53. 

  53. 		$modSettings['enableCompressedOutput'] = 0;
    54. 

  54. 	else
    55. 

  55. 		ob_start('ob_gzhandler');
    56. 

  56. }
    57. 

  57. 

  58. if(empty($modSettings['enableCompressedOutput']))
    59. 

  59. {
    60. 

  60. 	ob_start();
    61. 

  61. 	header('Content-Encoding: none');
    62. 

  62. }
    63. 

  63. 

  64. // Better handling
    65. 

  65. $id_attach = (int)$_GET['attach'];
    66. 

  66. 

  67. // Use cache when possible
    68. 

  68. if(($cache = cache_get_data('avatar_lookup_id-'. $id_attach)) != null)
    69. 

  69. 	$file = $cache;
    70. 

  70. 

  71. // Get the info from the DB
    72. 

  72. else
    73. 

  73. {
    74. 

  74. 	$request = $smcFunc['db_query']('', '
    75. 

  75. 		SELECT id_folder, filename AS real_filename, file_hash, fileext, id_attach, attachment_type, mime_type, approved, id_member
    76. 

  76. 		FROM {db_prefix}attachments
    77. 

  77. 		WHERE id_attach = {int:id_attach}
    78. 

  78. 			AND id_member > {int:blank_id_member}
    79. 

  79. 		LIMIT 1',
    80. 

  80. 		array(
    81. 

  81. 			'id_attach' => $id_attach,
    82. 

  82. 			'blank_id_member' => 0,
    83. 

  83. 		)
    84. 

  84. 	);
    85. 

  85. 

  86. 	$file = $smcFunc['db_fetch_assoc']($request);
    87. 

  87. 

  88. 	// Update the download counter (unless it's a thumbnail).
    89. 

  89. 	if ($file['attachment_type'] != 3)
    90. 

  90. 		$smcFunc['db_query']('attach_download_increase', '
    91. 

  91. 			UPDATE LOW_PRIORITY {db_prefix}attachments
    92. 

  92. 			SET downloads = downloads + 1
    93. 

  93. 			WHERE id_attach = {int:id_attach}',
    94. 

  94. 			array(
    95. 

  95. 				'id_attach' => $id_attach,
    96. 

  96. 			)
    97. 

  97. 		);
    98. 

  98. 

  99. 	$file['filename'] = getAttachmentFilename($file['real_filename'], $id_attach, $file['id_folder'], false, $file['file_hash']);
    100. 

  100. 

  101. 	// ETag time
    102. 

  102. 	$file['etag'] = '"'. function_exists('md5_file') ? md5_file($file['filename']) : md5(file_get_contents($file['filename'])). '"';
    103. 

  103. 

  104. 	// Cache it... (Why do I randomly select a length at which to expire? Search around for RIP_JITTER :P)
    105. 

  105. 	cache_put_data('avatar_lookup_id-'. $id_attach, $file, mt_rand(850, 900));
    106. 

  106. }
    107. 

  107. 

  108. // The file does not exists
    109. 

  109. if(!file_exists($file['filename']))
    110. 

  110. {
    111. 

  111. 	header('HTTP/1.0 404 File Not Found');
    112. 

  112. 	die('404 File Not Found');
    113. 

  113. }
    114. 

  114. 

  115. // If it hasn't been modified since the last time this attachement was retrieved, there's no need to display it again.
    116. 

  116. if (!empty($_SERVER['HTTP_IF_MODIFIED_SINCE']))
    117. 

  117. {
    118. 

  118. 	list($modified_since) = explode(';', $_SERVER['HTTP_IF_MODIFIED_SINCE']);
    119. 

  119. 	if (strtotime($modified_since) >= filemtime($file['filename']))
    120. 

  120. 	{
    121. 

  121. 		ob_end_clean();
    122. 

  122. 

  123. 		// Answer the question - no, it hasn't been modified ;).
    124. 

  124. 		header('HTTP/1.1 304 Not Modified');
    125. 

  125. 		exit;
    126. 

  126. 	}
    127. 

  127. }
    128. 

  128. 

  129. header('Pragma: ');
    130. 

  130. header('Expires: '. gmdate('D, d M Y H:i:s', time() + 31536000). ' GMT');
    131. 

  131. header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($file['filename'])). ' GMT');
    132. 

  132. header('Accept-Ranges: bytes');
    133. 

  133. header('Connection: close');
    134. 

  134. header('ETag: '. $file['etag']);
    135. 

  135. header('Content-Type: '. $file['mime_type']);
    136. 

  136. 

  137. // Since we don't do output compression for files this large...
    138. 

  138. if (filesize($file['filename']) > 4194304)
    139. 

  139. {
    140. 

  140. 	// Forcibly end any output buffering going on.
    141. 

  141. 	while (@ob_get_level() > 0)
    142. 

  142. 		@ob_end_clean();
    143. 

  143. 

  144. 	$fp = fopen($file['filename'], 'rb');
    145. 

  145. 	while (!feof($fp))
    146. 

  146. 	{
    147. 

  147. 		print fread($fp, 8192);
    148. 

  148. 		flush();
    149. 

  149. 	}
    150. 

  150. 	fclose($fp);
    151. 

  151. }
    152. 

  152. 

  153. // On some of the less-bright hosts, readfile() is disabled.  It's just a faster, more byte safe, version of what's in the if.
    154. 

  154. elseif (@readfile($file['filename']) === null)
    155. 

  155. 	print file_get_contents($file['filename']);
    156. 

  156. 

  157. exit;
    158.