-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathimage.php
61 lines (38 loc) · 1.1 KB
/
image.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
<?php
require_once(__DIR__.DIRECTORY_SEPARATOR.'includes'.DIRECTORY_SEPARATOR.'functions.php');
loggedinorreturn();
if (!isset($_GET['type'])) {
die();
}
$type = (isset($_GET['type'])?safe($_GET['type']):'');
if (isset($_GET['type']) && $type == "") {
die();
}
if (!isset($_GET['id'])) {
die();
}
$id = (isset($_GET['id'])?safe($_GET['id']):'');
if (isset($_GET['id']) && $id == "") {
die();
}
if (!is_valid_id($id))
die('not valid id');
if ($type == '' || $id == '')
die('type or id empty');
$types = array('jpg','cover');
if (!in_array($type, $types))
die('invalid type');
$whichdb = array('jpg' => 'jpg','cover' => 'cover');
$t = $whichdb[$type];
$tt = 'rel_'.$t;
$req = mysql_query("SELECT UNCOMPRESS(`" .$tt. "`) AS " .$tt. ", rel_filename, rel_name FROM " .$t. " WHERE id = '" . $id . "'") or die( mysql_error());
$res = mysql_fetch_assoc($req);
if($res[$tt] != "") {
//header('Content-Disposition: attachment; filename='.$res['rel_filename'].'');
header('Content-Type: image/jpeg');
//header('Content-Length: '.$res['size']);
echo $res[$tt];
} else {
die('empty '.$tt);
}
?>