wrote this file. As long as you retain this notice you * can do whatever you want with this stuff. If we meet some day, and you think * this stuff is worth it, you can buy me a beer in return. * * johnny ^_^ * ----------------------------------------------------------------------------- * */ /* * db cached image thumbnails * ======================= * based on ALDIWIP v1.2 * * @version 1.0 * @author johnny ^_^ * * version history: * ---------------- * * Mon Mar 3 22:23:32 CET 2008 * - thumb.php now works on entire filesystem (removed $root) * - added $allowed_path clausule * * Sat Oct 6 18:06:47 CEST 2007 * - file created (from ALDIWIP 1.2) * - added imagemessagebox support and error images * - added 'disable cache' option * */ define ('DB_HOST','localhost'); define ('DB_USER','user'); define ('DB_PASSWD','password'); define ('DB_NAME','database'); $allowed_path = array ( '/^(\/usr)*\/home\/([a-z0-9]+)\/public_html/', '/^(\/usr\/local)*\/www\/netvor\.sk\/mirror/', ); ///////////////////// /// END OF CONFIG /// ///////////////////// // enable/disable cache $cache = true; header ('content-type:image/gif'); $t = $_REQUEST['t']; if ($t == "none") $t = "loading.gif"; // fail, forbidden if (strstr($t,"..")!==FALSE || !preg_match("/\.(jpeg|jpg|gif|png|bmp)$/i",$t)) { imagegif(imagemessagebox('403 -- url')); die; } // adv. fail :) $ok = 0; foreach ($allowed_path as $expr) { if ($ok += preg_match($expr, $t)) break; } if (!$ok) { imagegif(imagemessagebox('403 -- path')); die; } if ($cache) { // db connection require_once ('dbMySQL.php'); $db = new dbMySQL(DB_HOST,DB_USER,DB_PASSWD,DB_NAME); $db->setDebugLevel(0); } // create hash_a and hash_b of path $hashA = sha1($t); $hashB = md5($t); if ($cache) { // check if we have this image cached $cacheRecord = $db->queryArray ("select `date`,`hits` from `image_cache` where `hash_a`='$hashA' and `hash_b`='$hashB'"); // if in cache, and still valid if (!empty ($cacheRecord) && @filemtime($t) < intval($cacheRecord['date'])) { // use cache $data = $db->queryValue ("select `data` from `image_cache` where `hash_a`='$hashA' and `hash_b`='$hashB'"); $db->query ("update `image_cache` set hits=hits+1 where `hash_a`='$hashA' and `hash_b`='$hashB'"); echo base64_decode ($data); die; } } // get image size list($width, $height) = @getimagesize($t); // if none, die (not image?) if ($width == 0 || $height == 0) { imagegif(imagemessagebox('403 -- file')); die; } // if we need to rescale it if ($width > 100 || $height > 100) { // compute scale ratio $ratio = 100 / (($height > $width) ? $height : $width); // create new image $dst = imagecreatetruecolor ($ratio*$width, $ratio*$height); // load original image $src = imageload ($t); // rescale it imagecopyresampled ($dst,$src,0,0,0,0,$width*$ratio,$height*$ratio,$width,$height); // and give result ob_start (); imagejpeg($dst,null,100); $data = base64_encode(ob_get_contents ()); ob_end_flush(); if ($cache) { $db->query ("delete from `image_cache` where `hash_a`='$hashA' and `hash_b`='$hashB'"); $db->query ("insert into `image_cache` (`hash_a`,`hash_b`,`date`,`data`,`hits`) values ('$hashA','$hashB',".time().",'$data',0)"); } } else { // just return existing file echo file_get_contents ($t); } // // the end function imageload ($src) { $what = @getimagesize($src); switch($what['mime']) { case 'image/png': $res = imagecreatefrompng($src); break; case 'image/jpeg': $res = imagecreatefromjpeg($src); break; case 'image/gif': $res = imagecreatefromgif($src); break; case 'image/bmp': case 'image/wbmp': $res = imagecreatefromwbmp($src); break; default: $res = imagemessagebox ($what['mime']); } return $res; } function imagemessagebox ($text,$w=100,$h=10) { global $cache; $im = imagecreate ($w,$h); $bc = imagecolorallocate($im, 255,255,255); $tc = imagecolorallocate($im, 32,32,32); imagestring($im,1,1,1,$text,$tc); // disable cache $cache = false; return $im; } ?>