2 /************************************************************************/
4 /************************************************************************/
5 /* Copyright (c) 2002-2008 by Greg Gay, Joel Kronenberg & Heidi Hazelton*/
6 /* Adaptive Technology Resource Centre / University of Toronto */
9 /* This program is free software. You can redistribute it and/or */
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /************************************************************************/
14 define('AT_INCLUDE_PATH', 'include/');
16 header("Content-Encoding: none");
18 $_user_location = 'public';
20 require(AT_INCLUDE_PATH . 'vitals.inc.php');
21 require(AT_INCLUDE_PATH . 'lib/mime.inc.php');
23 $id = intval($_GET['id']);
24 if (isset($_GET['size']) && $_GET['size'] == 'o') {
25 $size = 'originals'; //t (thumbnail) or o (original)
26 } elseif (isset($_GET['size']) && $_GET['size'] == 'p') {
27 $size = 'profile'; //p (profile)
32 $file = AT_CONTENT_DIR . 'profile_pictures/' . $size .'/'. $id .'.';
35 $extensions = array('gif', 'jpg', 'png');
37 foreach ($extensions as $extension) {
38 if (file_exists($file.$extension)) {
43 //if file does not exist, quit.
44 if (!file_exists($file)){
48 $pathinfo = pathinfo($file);
49 $ext = $pathinfo['extension'];
51 $ext = 'application/octet-stream';
53 $ext = $mime[$ext][0];
56 $real = realpath($file);
58 if (file_exists($real) && (substr($real, 0, strlen(AT_CONTENT_DIR)) == AT_CONTENT_DIR)) {
60 header('Content-Disposition: filename="'.$size.$id.'.'.$pathinfo['extension'].'"');
63 * although we can check if mod_xsendfile is installed in apache2
64 * we can't actually check if it's enabled. also, we can't check if
65 * it's enabled and installed in lighty, so instead we send the
66 * header anyway, if it works then the line after it will not
67 * execute. if it doesn't work, then the line after it will replace
68 * it so that the full server path is not exposed.
70 * x-sendfile is supported in apache2 and lighttpd 1.5+ (previously
71 * named x-send-file in lighttpd 1.4)
73 header('x-Sendfile: '.$real);
74 header('x-Sendfile: ', TRUE); // if we get here then it didn't work
76 header('Content-Type: '.$ext);
81 header('HTTP/1.1 404 Not Found', TRUE);