From 1851c3a180eafb4563a9f6e4dd40fcc5e925896a Mon Sep 17 00:00:00 2001
From: Horus3
Date: Sun, 5 Oct 2014 22:00:36 +0200
Subject: Experimental support for image uploading.

---
 foto/protected.php | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 foto/protected.php

(limited to 'foto/protected.php')

diff --git a/foto/protected.php b/foto/protected.php
new file mode 100644
index 0000000..c70772d
--- /dev/null
+++ b/foto/protected.php
@@ -0,0 +1,25 @@
+<?php
+
+lredirect("index");
+
+if ( ! isset($_GET["type"]) || ! isset($_GET["id"]) )
+	exit;
+
+switch($_GET["type"]){
+	case("image"):
+		$sql = $db->prepare("SELECT name, mime, size, hash FROM " . DBPREFIX . "image WHERE id = %s;", $_GET["id"]);
+		$result = $db->doQuery($sql);
+		$f = $result->fetch_array(MYSQLI_ASSOC);
+		if ( ! file_exists(IMAGE_PATH . $f["hash"] . ".gz") ){
+			header($_SERVER["HTTP_PROTOCOL"] . " 404 Not Found");
+		} else {
+			header("Content-Type: " . $f["mime"]);
+			header("Content-Disposition: inline; filename=".$f["name"]);
+			header("Content-Length: " . $f["size"]);
+
+			readgzfile(IMAGE_PATH . $f["hash"] . ".gz");
+		}
+		break;
+	default:
+		header($_SERVER["HTTP_PROTOCOL"] . " 404 Not Found");
+}
-- 
cgit v1.2.3