File size: 4.1Kb
<?php
/***************************************************************************
* album_pic.php
* -------------------
* Разработка: (C) 2003 Smartor
* Модификация: чел
***************************************************************************/
/***************************************************************************
*
* Эта версия phpBB-WAP является бесплатным
* программным обеспечением и распространяется
* в рамках лицензии GNU General Public License.
* Автор модификации настоятельно не
* рекомендует распрострянять её так, как
* распространялась 5 версия мода.
*
***************************************************************************/
define('IN_PHPBB', true);
$phpbb_root_path = './';
$album_root_path = $phpbb_root_path . 'album_mod/';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
$userdata = session_pagestart($user_ip, PAGE_ALBUM);
init_userprefs($userdata);
include($album_root_path . 'album_common.'.$phpEx);
if( isset($HTTP_GET_VARS['pic_id']) )
{
$pic_id = intval($HTTP_GET_VARS['pic_id']);
}
else if( isset($HTTP_POST_VARS['pic_id']) )
{
$pic_id = intval($HTTP_POST_VARS['pic_id']);
}
else
{
die('No pics specified');
}
$sql = "SELECT *
FROM ". ALBUM_TABLE ."
WHERE pic_id = '$pic_id'";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not query pic information', '', __LINE__, __FILE__, $sql);
}
$thispic = $db->sql_fetchrow($result);
$cat_id = $thispic['pic_cat_id'];
$user_id = $thispic['pic_user_id'];
$pic_filetype = substr($thispic['pic_filename'], strlen($thispic['pic_filename']) - 4, 4);
$pic_filename = $thispic['pic_filename'];
$pic_thumbnail = $thispic['pic_thumbnail'];
if( empty($thispic) or !file_exists(ALBUM_UPLOAD_PATH . $pic_filename) )
{
die($lang['Pic_not_exist']);
}
if ($cat_id != PERSONAL_GALLERY)
{
$sql = "SELECT *
FROM ". ALBUM_CAT_TABLE ."
WHERE cat_id = '$cat_id'";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not query category information', '', __LINE__, __FILE__, $sql);
}
$thiscat = $db->sql_fetchrow($result);
}
else
{
$thiscat = init_personal_gallery_cat($user_id);
}
if (empty($thiscat))
{
die($lang['Category_not_exist']);
}
$album_user_access = album_user_access($cat_id, $thiscat, 1, 0, 0, 0, 0, 0); // VIEW
if ($album_user_access['view'] == 0)
{
die($lang['Not_Authorised']);
}
if ($userdata['user_level'] != ADMIN)
{
if( ($thiscat['cat_approval'] == ADMIN) or (($thiscat['cat_approval'] == MOD) and !$album_user_access['moderator']) )
{
if ($thispic['pic_approval'] != 1)
{
die($lang['Not_Authorised']);
}
}
}
if( ($album_config['hotlink_prevent'] == 1) and (isset($HTTP_SERVER_VARS['HTTP_REFERER'])) )
{
$check_referer = explode('?', $HTTP_SERVER_VARS['HTTP_REFERER']);
$check_referer = trim($check_referer[0]);
$good_referers = array();
if ($album_config['hotlink_allowed'] != '')
{
$good_referers = explode(',', $album_config['hotlink_allowed']);
}
$good_referers[] = $board_config['server_name'] . $board_config['script_path'];
$errored = TRUE;
for ($i = 0; $i < count($good_referers); $i++)
{
$good_referers[$i] = trim($good_referers[$i]);
if( (strstr($check_referer, $good_referers[$i])) and ($good_referers[$i] != '') )
{
$errored = FALSE;
}
}
if ($errored)
{
die($lang['Not_Authorised']);
}
}
$sql = "UPDATE ". ALBUM_TABLE ."
SET pic_view_count = pic_view_count + 1
WHERE pic_id = '$pic_id'";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update pic information', '', __LINE__, __FILE__, $sql);
}
switch ( $pic_filetype )
{
case '.png':
header('Content-type: image/png');
break;
case '.gif':
header('Content-type: image/gif');
break;
case '.jpg':
header('Content-type: image/jpeg');
break;
default:
die('The filename data in the DB was corrupted');
}
readfile(ALBUM_UPLOAD_PATH . $thispic['pic_filename']);
exit;
?>