-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathimage.php
62 lines (51 loc) · 2.35 KB
/
image.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
<?php
namespace piGallery;
/*Authenticating*/
require_once __DIR__."/model/AuthenticationManager.php";
require_once __DIR__."/db/entities/Role.php";
require_once __DIR__."/db/entities/AjaxError.php";
use piGallery\db\entities\AjaxError;
use piGallery\db\entities\Role;
use piGallery\model\AuthenticationManager;
/*Authentication need for images*/
$user = AuthenticationManager::authenticate(Role::RemoteGuest);
if(is_null($user)){
die(json_encode(array("error" => (new AjaxError(AjaxError::AUTHENTICATION_FAIL, "Authentication failed"))->getJsonData(), "data" => "")));
}
/*SITE*/
require_once __DIR__."/model/Helper.php";
require_once __DIR__."/config.php";
require_once __DIR__."/model/Logger.php";
use piGallery\model\Helper;
$imagePath= Helper::require_REQUEST("path");
if (Properties::$enableUTF8Encode) {
$imagePath= utf8_decode($imagePath);
}
$imagePath = Helper::toDirectoryPath($imagePath);
if($user->getPathRestriction() != null){
$dir = dirname($imagePath);
if($user->getPathRestriction()->isRecursive() == false && !Helper::isPathEqual($dir, $user->getPathRestriction()->getPath())){
die(json_encode(array("error" => (new AjaxError(AjaxError::GENERAL_ERROR, "Don't have rights for thr directory"))->getJsonData(), "data" => "")));
}else if(Helper::isSubPath($dir, $user->getPathRestriction()->getPath()) === FALSE){
die(json_encode(array("error" => (new AjaxError(AjaxError::GENERAL_ERROR, "Don't have rights for thr directory"))->getJsonData(), "data" => "")));
}
}
$imagePath = Helper::concatPath(Helper::getAbsoluteImageFolderPath(), $imagePath);
if(Properties::$enableImageCaching){
/*Enable caching*/
$time = 1280951171;
$lastmod = gmdate('D, d M Y H:i:s \G\M\T', $time);
$etag = "pigalleryimg-".md5($imagePath);
$ifmod = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? $_SERVER['HTTP_IF_MODIFIED_SINCE'] == $lastmod : null;
$iftag = isset($_SERVER['HTTP_IF_NONE_MATCH']) ? $_SERVER['HTTP_IF_NONE_MATCH'] == $etag : null;
if (($ifmod || $iftag) && ($ifmod !== false && $iftag !== false)) {
header('Not Modified',true,304);
} else {
header("Last-Modified: $lastmod");
header("ETag: $etag");
}
header('Cache-Control: max-age=31104000');
}
header('content-type: '. Helper::imageToMime($imagePath));
header("Content-Length: " . filesize($imagePath));
echo file_get_contents($imagePath);