|
|
|
|
<?PHP
|
|
|
|
|
|
|
|
|
|
include ("./config.php");
|
|
|
|
|
include ("./error_handler.php");
|
|
|
|
|
include ("./config_db.php");
|
|
|
|
|
if( !isset($_SESSION)) session_start();
|
|
|
|
|
include ("./secure.php");
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Parameter check
|
|
|
|
|
if( !isset($_GET["UID"]) )
|
|
|
|
|
$_GET["UID"]= "-1";
|
|
|
|
|
|
|
|
|
|
$SQL= "SELECT * FROM `UserPicture` WHERE `UID`='". $_GET["UID"]. "'";
|
|
|
|
|
$res = mysql_query( $SQL, $con);
|
|
|
|
|
|
|
|
|
|
if( mysql_num_rows($res) == 1)
|
|
|
|
|
{
|
|
|
|
|
//gen<65>gend rechte
|
|
|
|
|
if( !isset($_SESSION['UID']) || $_SESSION['UID'] == -1)
|
|
|
|
|
{
|
|
|
|
|
header( "HTTP/1.0 403 Forbidden");
|
|
|
|
|
die( "403 Forbidden");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ist das bild sichtbar?
|
|
|
|
|
if( (mysql_result($res, 0, "show")=="N") AND
|
|
|
|
|
($_SESSION['UID']!=$_GET["UID"]) AND
|
|
|
|
|
($_SESSION['CVS'][ "admin/UserPicture.php" ] == "N"))
|
|
|
|
|
{
|
|
|
|
|
$SQL= "SELECT * FROM `UserPicture` WHERE `UID`='-1'";
|
|
|
|
|
$res = mysql_query( $SQL, $con);
|
|
|
|
|
if( mysql_num_rows($res) != 1)
|
|
|
|
|
{
|
|
|
|
|
header( 'HTTP/1.0 404 Not Found');
|
|
|
|
|
die( "404 Not Found");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// bild aus db auslesen
|
|
|
|
|
$bild = mysql_result($res, 0, "Bild");
|
|
|
|
|
|
|
|
|
|
// ausgabe bild
|
|
|
|
|
header( "Accept-Ranges: bytes");
|
|
|
|
|
header( "Content-Length: ". strlen($bild));
|
|
|
|
|
header( "Content-type: ". mysql_result($res, 0, "ContentType"));
|
|
|
|
|
header( "Cache-control: public");
|
|
|
|
|
header( "Cache-request-directive: min-fresh = 120");
|
|
|
|
|
header( "Cache-request-directive: max-age = 360");
|
|
|
|
|
echo $bild;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
header( 'HTTP/1.0 404 Not Found');
|
|
|
|
|
die( "404 Not Found");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
?>
|