2 /***********************************************************************/
4 /***********************************************************************/
5 /* Copyright (c) 2002-2009 */
6 /* Adaptive Technology Resource Centre / Inclusive Design Institution */
9 /* This program is free software. You can redistribute it and/or */
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /***********************************************************************/
14 define('AT_INCLUDE_PATH', '../../include/');
16 header("Content-Encoding: none");
18 $_user_location = 'public';
20 require(AT_INCLUDE_PATH . 'vitals.inc.php');
21 require(AT_INCLUDE_PATH . 'lib/mime.inc.php');
22 include (AT_PA_INCLUDE.'classes/PhotoAlbum.class.php');
23 include (AT_PA_INCLUDE.'lib.inc.php');
25 $aid = intval($_GET['aid']); //album id
26 $pid = intval($_GET['pid']); //photo id
27 $ph = $_GET['ph']; //pid hash
29 //To increase security so users can't freely browse thru the album,
30 //add a block here to take in an extra $_GET variable that reads the pid_path
31 //check it against the PhotoFilePath here and see if it matches.
32 //if not, return a "File not found" image.
35 $pa = new PhotoAlbum($aid);
36 $album_info = $pa->getAlbumInfo();
37 $photo_info = $pa->getPhotoInfo($pid);
38 $album_file_path = getAlbumFilePath($album_info['id'], $album_info['created_date']);
39 if (isset($_GET['size']) && $_GET['size'] == 'o') {
41 $album_file_path .= DIRECTORY_SEPARATOR;
44 $album_file_path .= '_tn'.DIRECTORY_SEPARATOR;
46 $photo_file_path = getPhotoFilePath($photo_info['id'], $photo_info['name'], $photo_info['created_date']);
47 $photo_file_hash = getPhotoFilePath($photo_info['id'], '', $photo_info['created_date']);
49 $file = AT_PA_CONTENT_DIR . $album_file_path . $photo_file_path;
51 //if file does not exist, quit.
52 if (!file_exists($file)){
53 //TODO: Clean files silently, cleaned but garbaged link remains on page.
54 //Remove node from the DOM tree?
55 $pa->deletePhoto($pid);
56 header('HTTP/1.1 404 Not Found', TRUE);
59 //if hash doesn't match, then don't load the picture.
60 //to prevent trial and error on URL for photos
61 if ($ph !== $photo_file_hash){
62 header('HTTP/1.1 404 Not Found', TRUE);
66 $pathinfo = pathinfo($file);
67 $ext = $pathinfo['extension'];
69 $ext = 'application/octet-stream';
71 $ext = $mime[$ext][0];
74 $real = realpath($file);
76 if (file_exists($real) && (substr($real, 0, strlen(AT_CONTENT_DIR)) == AT_CONTENT_DIR)) {
78 header('Content-Disposition: filename="'.$photo_file_path.'"');
81 * although we can check if mod_xsendfile is installed in apache2
82 * we can't actually check if it's enabled. also, we can't check if
83 * it's enabled and installed in lighty, so instead we send the
84 * header anyway, if it works then the line after it will not
85 * execute. if it doesn't work, then the line after it will replace
86 * it so that the full server path is not exposed.
88 * x-sendfile is supported in apache2 and lighttpd 1.5+ (previously
89 * named x-send-file in lighttpd 1.4)
91 header('x-Sendfile: '.$real);
92 header('x-Sendfile: ', TRUE); // if we get here then it didn't work
94 header('Content-Type: '.$ext);
99 header('HTTP/1.1 404 Not Found', TRUE);