engelsystem/www-ssl/ShowUserPicture.php

<?php
  include "../../camp2011/includes/config.php";
  include "../../camp2011/includes/error_handler.php";
  include "../../camp2011/includes/config_db.php";

  if(!isset($_SESSION))
    session_start();

  include "../../camp2011/includes/secure.php";

  // Parameter check
  if(!isset($_GET["UID"]))
    $_GET["UID"] = "-1";

  $SQL = "SELECT * FROM `UserPicture` WHERE `UID`='" . $_GET["UID"] . "'";
  $res = mysql_query($SQL, $con);

  if(mysql_num_rows($res) == 1) {
    // genuegend rechte
    if(!isset($_SESSION['UID']) || $_SESSION['UID'] == -1) {
      header("HTTP/1.0 403 Forbidden");
      die("403 Forbidden");
    }

    // ist das bild sichtbar?
    if((mysql_result($res, 0, "show") == "N") AND ($_SESSION['UID']!=$_GET["UID"]) AND ($_SESSION['CVS'][ "admin/UserPicture.php" ] == "N")) {
      $SQL = "SELECT * FROM `UserPicture` WHERE `UID`='-1'";
      $res = mysql_query($SQL, $con);

      if(mysql_num_rows($res) != 1) {
        header("HTTP/1.0 404 Not Found");
        die("404 Not Found");
      }
    }

    // bild aus db auslesen
    $bild = mysql_result($res, 0, "Bild");

    // ausgabe bild
    header("Accept-Ranges: bytes");
    header("Content-Length: " . strlen($bild));
    header("Content-type: " . mysql_result($res, 0, "ContentType"));
    header("Cache-control: public");
    header("Cache-request-directive: min-fresh = 120");
    header("Cache-request-directive: max-age = 360");
    echo $bild;
  } else {
    header("HTTP/1.0 404 Not Found");
    die( "404 Not Found");
  }
?>
fixes 2011-06-01 12:13:39 +02:00			`<?php`
			`include "../../camp2011/includes/config.php";`
			`include "../../camp2011/includes/error_handler.php";`
			`include "../../camp2011/includes/config_db.php";`
moved /inc to ../includes git-svn-id: svn://svn.cccv.de/engel-system@281 29ba0400-6e00-0410-a75a-ca02368028f8 2008-09-10 05:42:44 +02:00
fixes 2011-06-01 12:13:39 +02:00			`if(!isset($_SESSION))`
			`session_start();`

			`include "../../camp2011/includes/secure.php";`

			`// Parameter check`
			`if(!isset($_GET["UID"]))`
			`$_GET["UID"] = "-1";`

			$SQL = "SELECT * FROM `UserPicture` WHERE `UID`='" . $_GET["UID"] . "'";
			`$res = mysql_query($SQL, $con);`

			`if(mysql_num_rows($res) == 1) {`
			`// genuegend rechte`
			`if(!isset($_SESSION['UID']) \|\| $_SESSION['UID'] == -1) {`
			`header("HTTP/1.0 403 Forbidden");`
			`die("403 Forbidden");`
			`}`

			`// ist das bild sichtbar?`
			`if((mysql_result($res, 0, "show") == "N") AND ($_SESSION['UID']!=$_GET["UID"]) AND ($_SESSION['CVS'][ "admin/UserPicture.php" ] == "N")) {`
			$SQL = "SELECT * FROM `UserPicture` WHERE `UID`='-1'";
			`$res = mysql_query($SQL, $con);`

			`if(mysql_num_rows($res) != 1) {`
			`header("HTTP/1.0 404 Not Found");`
			`die("404 Not Found");`
			`}`
			`}`

			`// bild aus db auslesen`
			`$bild = mysql_result($res, 0, "Bild");`

			`// ausgabe bild`
			`header("Accept-Ranges: bytes");`
			`header("Content-Length: " . strlen($bild));`
			`header("Content-type: " . mysql_result($res, 0, "ContentType"));`
			`header("Cache-control: public");`
			`header("Cache-request-directive: min-fresh = 120");`
			`header("Cache-request-directive: max-age = 360");`
			`echo $bild;`
			`} else {`
			`header("HTTP/1.0 404 Not Found");`
			`die( "404 Not Found");`
			`}`
moved /inc to ../includes git-svn-id: svn://svn.cccv.de/engel-system@281 29ba0400-6e00-0410-a75a-ca02368028f8 2008-09-10 05:42:44 +02:00			`?>`