2 /************************************************************************/
4 /************************************************************************/
5 /* Copyright (c) 2002-2010 */
6 /* Inclusive Design Institute */
8 /* This program is free software. You can redistribute it and/or */
9 /* modify it under the terms of the GNU General Public License */
10 /* as published by the Free Software Foundation. */
11 /************************************************************************/
12 // $Id: get_profile_img.php 6979 2007-06-20 17:35:02Z greg$
13 define('AT_INCLUDE_PATH', 'include/');
15 header("Content-Encoding: none");
17 $_user_location = 'public';
19 require(AT_INCLUDE_PATH . 'vitals.inc.php');
22 require(AT_INCLUDE_PATH . 'lib/mime.inc.php');
24 $id = intval($_GET['id']);
25 $sql="SELECT icon from ".TABLE_PREFIX."courses WHERE course_id='$id'";
26 $result = mysql_query($sql, $db);
27 while($row=mysql_fetch_assoc($result)){
28 $filename = $row['icon'];
31 $file = AT_CONTENT_DIR .$id.'/custom_icons/'.$filename;
33 $extensions = array('gif', 'jpg', 'png');
34 $pathinfo = pathinfo($file);
35 $ext = strtolower($pathinfo['extension']);
37 $ext = 'application/octet-stream';
39 $ext = $mime[$ext][0];
42 $real = realpath($file);
44 if (file_exists($real) && (substr($real, 0, strlen(AT_CONTENT_DIR)) == AT_CONTENT_DIR)) {
46 header('Content-Disposition: filename="'.$size.$id.'.'.$pathinfo['extension'].'"');
49 * although we can check if mod_xsendfile is installed in apache2
50 * we can't actually check if it's enabled. also, we can't check if
51 * it's enabled and installed in lighty, so instead we send the
52 * header anyway, if it works then the line after it will not
53 * execute. if it doesn't work, then the line after it will replace
54 * it so that the full server path is not exposed.
56 * x-sendfile is supported in apache2 and lighttpd 1.5+ (previously
57 * named x-send-file in lighttpd 1.4)
59 header('x-Sendfile: '.$real);
60 header('x-Sendfile: ', TRUE); // if we get here then it didn't work
62 header('Content-Type: '.$ext);
67 header('HTTP/1.1 404 Not Found', TRUE);