changed git call from https to git readonly

[atutor.git] / mods / photo_album / get_pa.php

<?php\r
/*==============================================================\r
  Photo Album\r
 ==============================================================\r
  This program is free software. You can redistribute it and/or\r
  modify it under the terms of the GNU General Public License  \r
  as published by the Free Software Foundation.                \r
 ==============================================================\r
 */\r
// $Id:\r
\r
/**\r
 * @desc        This script gets files like get.php, but without the course id as default folder\r
 * @author      ATutor Authors\r
 * @copyright   2006, ATRC, University of Toronto\r
 * @link        http://www.atutor.ca/                                  \r
 * @license GNU\r
 */\r
\r
define('AT_INCLUDE_PATH', '../../include/');\r
if (isset($_GET['test'])) {\r
        header('HTTP/1.1 200 OK', TRUE);\r
        header('ATutor-Get: OK');\r
        exit;\r
}\r
$in_get = TRUE;\r
\r
require(AT_INCLUDE_PATH . 'vitals.inc.php');\r
\r
\r
$mime['ez']    = 'application/andrew-inset';\r
$mime['hqx']   = 'application/mac-binhex40';\r
$mime['cpt']   = 'application/mac-compactpro';\r
$mime['doc']   = 'application/msword';\r
$mime['bin']   = 'application/octet-stream';\r
$mime['dms']   = 'application/octet-stream';\r
$mime['lha']   = 'application/octet-stream';\r
$mime['lzh']   = 'application/octet-stream';\r
$mime['exe']   = 'application/octet-stream';\r
$mime['class'] = 'application/octet-stream';\r
$mime['oda']   = 'application/oda';\r
$mime['pdf']   = 'application/pdf';\r
$mime['ai']    = 'application/postscript';\r
$mime['eps']   = 'application/postscript';\r
$mime['ps']    = 'application/postscript';\r
$mime['rtf']   = 'application/rtf';\r
$mime['smi']   = 'application/smil';\r
$mime['smil']  = 'application/smil';\r
$mime['mif']   = 'application/vnd.mif';\r
$mime['ppt']   = 'application/vnd.ms-powerpoint';\r
$mime['slc']   = 'application/vnd.wap.slc';\r
$mime['sic']   = 'application/vnd.wap.sic';\r
$mime['wmlc']  = 'application/vnd.wap.wmlc';\r
$mime['wmlsc'] = 'application/vnd.wap.wmlscriptc';\r
$mime['bcpio'] = 'application/x-bcpio';\r
$mime['bz2']   = 'application/x-bzip2';\r
$mime['vcd']   = 'application/x-cdlink';\r
$mime['pgn']   = 'application/x-chess-pgn';\r
$mime['cpio']  = 'application/x-cpio';\r
$mime['csh']   = 'application/x-csh';\r
$mime['dcr']   = 'application/x-director';\r
$mime['dir']   = 'application/x-director';\r
$mime['dxr']   = 'application/x-director';\r
$mime['dvi']   = 'application/x-dvi';\r
$mime['spl']   = 'application/x-futuresplash';\r
$mime['gtar']  = 'application/x-gtar';\r
$mime['gz']    = 'application/x-gzip';\r
$mime['tgz']   = 'application/x-gzip';\r
$mime['hdf']   = 'application/x-hdf';\r
$mime['js']    = 'application/x-javascript';\r
$mime['kwd']   = 'application/x-kword';\r
$mime['kwt']   = 'application/x-kword';\r
$mime['ksp']   = 'application/x-kspread';\r
$mime['kpr']   = 'application/x-kpresenter';\r
$mime['kpt']   = 'application/x-kpresenter';\r
$mime['chrt']  = 'application/x-kchart';\r
$mime['kil']   = 'application/x-killustrator';\r
$mime['skp']   = 'application/x-koan';\r
$mime['skd']   = 'application/x-koan';\r
$mime['skt']   = 'application/x-koan';\r
$mime['skm']   = 'application/x-koan';\r
$mime['latex'] = 'application/x-latex';\r
$mime['nc']    = 'application/x-netcdf';\r
$mime['cdf']   = 'application/x-netcdf';\r
$mime['rpm']   = 'application/x-rpm';\r
$mime['sh']    = 'application/x-sh';\r
$mime['shar']  = 'application/x-shar';\r
$mime['swf']   = 'application/x-shockwave-flash';\r
$mime['sit']   = 'application/x-stuffit';\r
$mime['sv4cpio'] = 'application/x-sv4cpio';\r
$mime['sv4crc']  = 'application/x-sv4crc';\r
$mime['tar']   = 'application/x-tar';\r
$mime['tcl']   = 'application/x-tcl';\r
$mime['tex']   = 'application/x-tex';\r
$mime['texinfo'] = 'application/x-texinfo';\r
$mime['texi']  = 'application/x-texinfo';\r
$mime['t']     = 'application/x-troff';\r
$mime['tr']    = 'application/x-troff';\r
$mime['roff']  = 'application/x-troff';\r
$mime['man']   = 'application/x-troff-man';\r
$mime['me']    = 'application/x-troff-me';\r
$mime['ms']    = 'application/x-troff-ms';\r
$mime['ustar'] = 'application/x-ustar';\r
$mime['src']   = 'application/x-wais-source';\r
$mime['zip']   = 'application/zip';\r
$mime['au']    = 'audio/basic';\r
$mime['snd']   = 'audio/basic';\r
$mime['mid']   = 'audio/midi';\r
$mime['midi']  = 'audio/midi';\r
$mime['kar']   = 'audio/midi';\r
$mime['mpga']  = 'audio/mpeg';\r
$mime['mp2']   = 'audio/mpeg';\r
$mime['mp3']   = 'audio/mpeg';\r
$mime['aif']   = 'audio/x-aiff';\r
$mime['aiff']  = 'audio/x-aiff';\r
$mime['aifc']  = 'audio/x-aiff';\r
$mime['ram']   = 'audio/x-pn-realaudio';\r
$mime['rm']    = 'audio/x-pn-realaudio';\r
$mime['ra']    = 'audio/x-realaudio';\r
$mime['wav']   = 'audio/x-wav';\r
$mime['pdb']   = 'chemical/x-pdb';\r
$mime['xyz']   = 'chemical/x-pdb';\r
$mime['gif']   = 'image/gif';\r
$mime['ief']   = 'image/ief';\r
$mime['jpeg']  = 'image/jpeg';\r
$mime['jpg']   = 'image/jpeg';\r
$mime['jpe']   = 'image/jpeg';\r
$mime['png']   = 'image/png';\r
$mime['tiff']  = 'image/tiff';\r
$mime['tif']   = 'image/tiff';\r
$mime['wbmp']  = 'image/vnd.wap.wbmp';\r
$mime['ras']   = 'image/x-cmu-raster';\r
$mime['pnm']   = 'image/x-portable-anymap';\r
$mime['pbm']   = 'image/x-portable-bitmap';\r
$mime['pgm']   = 'image/x-portable-graymap';\r
$mime['ppm']   = 'image/x-portable-pixmap';\r
$mime['rgb']   = 'image/x-rgb';\r
$mime['xbm']   = 'image/x-xbitmap';\r
$mime['xpm']   = 'image/x-xpixmap';\r
$mime['xwd']   = 'image/x-xwindowdump';\r
$mime['igs']   = 'model/iges';\r
$mime['iges']  = 'model/iges';\r
$mime['msh']   = 'model/mesh';\r
$mime['mesh']  = 'model/mesh';\r
$mime['silo']  = 'model/mesh';\r
$mime['wrl']   = 'model/vrml';\r
$mime['vrml']  = 'model/vrml';\r
$mime['css']   = 'text/css';\r
$mime['asc']   = 'text/plain';\r
$mime['txt']   = 'text/plain';\r
$mime['rtx']   = 'text/richtext';\r
$mime['rtf']   = 'text/rtf';\r
$mime['sgml']  = 'text/sgml';\r
$mime['sgm']   = 'text/sgml';\r
$mime['tsv']   = 'text/tab-separated-values';\r
$mime['sl']    = 'text/vnd.wap.sl';\r
$mime['si']    = 'text/vnd.wap.si';\r
$mime['wml']   = 'text/vnd.wap.wml';\r
$mime['wmls']  = 'text/vnd.wap.wmlscript';\r
$mime['etx']   = 'text/x-setext';\r
$mime['xml']   = 'text/xml';\r
$mime['mpeg']  = 'video/mpeg';\r
$mime['mpg']   = 'video/mpeg';\r
$mime['mpe']   = 'video/mpeg';\r
$mime['qt']    = 'video/quicktime';\r
$mime['mov']   = 'video/quicktime';\r
$mime['avi']   = 'video/x-msvideo';\r
$mime['movie'] = 'video/x-sgi-movie';\r
$mime['ice']   = 'x-conference/x-cooltalk';\r
$mime['html']  = 'text/html';\r
$mime['htm']   = 'text/html';\r
$mime['xls']   = 'application/vnd.ms-excel';\r
$mime['log']   = 'text/plain';\r
\r
$force_download = false;\r
\r
//get path to file\r
if (defined('AT_FORCE_GET_FILE') && AT_FORCE_GET_FILE) {\r
        if (!empty($_SERVER['PATH_INFO'])) {\r
        $current_file = $_SERVER['PATH_INFO'];\r
        } else if (!empty($_SERVER['REQUEST_URI'])) {\r
                $current_file = $_SERVER['REQUEST_URI'];\r
    } else if (!empty($_SERVER['PHP_SELF'])) {\r
                if (!empty($_SERVER['QUERY_STRING'])) {\r
            $current_file = $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'];\r
        } else {\r
                $current_file = $_SERVER['PHP_SELF'];\r
                }\r
    } else if (!empty($_SERVER['SCRIPT_NAME'])) {\r
                if (!empty($_SERVER['QUERY_STRING'])) {\r
            $current_file = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];\r
        } else {\r
                $current_file = $_SERVER['SCRIPT_NAME'];\r
                }\r
    } else if (!empty($_SERVER['URL'])) {\r
        if (!empty($_SERVER['QUERY_STRING'])) {\r
            $current_file = $_SERVER['URL'] . '?' . $_SERVER['QUERY_STRING'];\r
        }\r
        $current_file = $_SERVER['URL'];\r
        }\r
\r
        if (($pos = strpos($current_file, '/get_pa.php/')) !== FALSE) {\r
                $current_file = substr($current_file, $pos + strlen('/get_pa.php/'));\r
        }\r
        \r
        if (substr($current_file, 0, 2) == '/@') {\r
                $force_download = true;\r
                $current_file = substr($current_file, 2);\r
        }\r
\r
} else {\r
        $current_file = $_GET['f'];\r
\r
        if (substr($current_file, 0, 2) == '/@') {\r
                $force_download = true;\r
                $current_file = substr($current_file, 2);\r
        }\r
}\r
\r
$file_name = pathinfo($current_file);\r
$file_name = $file_name['basename'];\r
\r
$file = AT_CONTENT_DIR . $current_file;\r
\r
//send header mime type\r
$ext = pathinfo($file);\r
$ext = $ext['extension'];\r
if ($ext == '') {\r
        $ext = 'application/octet-stream';\r
} else {\r
        $ext = $mime[$ext];\r
}\r
\r
//check that this file is within the content directory & exists\r
\r
// NOTE!! for some reason realpath() is not returning FALSE when the file doesn't exist! NOTE!!\r
$real = realpath($file);\r
\r
if (file_exists($real) && (substr($real, 0, strlen(AT_CONTENT_DIR)) == AT_CONTENT_DIR)) {\r
        if ($force_download) {\r
                header('Content-Type: application/force-download');\r
                header('Content-transfer-encoding: binary'); \r
                header('Content-Disposition: attachment; filename="'.$file_name.'"');\r
        }\r
\r
        header('Content-Type: '.$ext);\r
\r
        echo @file_get_contents($real);\r
        exit;\r
} else {\r
        header('HTTP/1.1 404 Not Found', TRUE);\r
        exit;\r
}\r
?>