Beehive PHP Cross Reference Discussion Forums

Source: /get_attachment.php - 121 lines - 4245 bytes - Summary - Text - Print

   1  <?php
   2  
   3  /*======================================================================
   4  Copyright Project Beehive Forum 2002
   5  
   6  This file is part of Beehive Forum.
   7  
   8  Beehive Forum is free software; you can redistribute it and/or modify
   9  it under the terms of the GNU General Public License as published by
  10  the Free Software Foundation; either version 3 of the License, or
  11  (at your option) any later version.
  12  
  13  Beehive Forum is distributed in the hope that it will be useful,
  14  but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  GNU General Public License for more details.
  17  
  18  You should have received a copy of the GNU General Public License
  19  along with Beehive; if not, write to the Free Software
  20  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
  21  USA
  22  ======================================================================*/
  23  
  24  // Bootstrap
  25  require_once  'boot.php';
  26  
  27  // Required includes
  28  require_once  BH_INCLUDE_PATH . 'attachments.inc.php';
  29  require_once  BH_INCLUDE_PATH . 'cache.inc.php';
  30  require_once  BH_INCLUDE_PATH . 'constants.inc.php';
  31  require_once  BH_INCLUDE_PATH . 'format.inc.php';
  32  require_once  BH_INCLUDE_PATH . 'forum.inc.php';
  33  require_once  BH_INCLUDE_PATH . 'header.inc.php';
  34  require_once  BH_INCLUDE_PATH . 'html.inc.php';
  35  require_once  BH_INCLUDE_PATH . 'session.inc.php';
  36  // End Required includes
  37  
  38  // Check we're logged in correctly, or have access to attachments.
  39  if (!session::logged_in() && !forum_get_setting('attachment_allow_guests', 'Y')) {
  40      html_guest_error();
  41  }
  42  
  43  // If the attachments directory is undefined we can't go any further
  44  if (!($attachment_dir = attachments_check_dir())) {
  45      html_draw_error(gettext("Attachments have been disabled by the forum owner."));
  46  }
  47  
  48  // Check we have a valid attachment hash.
  49  if (!isset($_GET['hash']) || !is_md5($_GET['hash'])) {
  50      html_draw_error(gettext('Missing or invalid attachment hash'));
  51  }
  52  
  53  // Get the hash from the URL query.
  54  $hash = $_GET['hash'];
  55  
  56  // Get the array of allowed attachment mime-types
  57  $attachment_mime_types = attachments_get_mime_types();
  58  
  59  // Get the attachment details.
  60  if (!($attachment_details = attachments_get_by_hash($hash))) {
  61      html_draw_error(gettext('Missing or invalid attachment hash'));
  62  }
  63  
  64  // If we're requesting an image attachment thumbnail then
  65  // we need to append .thumb to the filepath. If we're getting
  66  // the full image we increase the view count by one.
  67  if (isset($_GET['thumb'])) {
  68  
  69      // Check the forum has attachment thumbnails enabled.
  70      // If it doesn't simply send a 404 error and stop here.
  71      if (!forum_get_setting('attachment_thumbnails', 'Y')) {
  72  
  73          header_status('404', 'File Not Found');
  74          exit;
  75      }
  76  
  77      $file_path = "{$attachment_dir}/{$attachment_details['hash']}.thumb";
  78  
  79  } else {
  80  
  81      // Construct the attachment filepath.
  82      $file_path = "{$attachment_dir}/{$attachment_details['hash']}";
  83  
  84      // Increment the view count only if the attachment
  85      // isn't being used as an avatar or profile picture.
  86      if (!isset($_GET['profile_picture']) && !isset($_GET['avatar_picture'])) {
  87          attachments_inc_download_count($hash);
  88      }
  89  }
  90  
  91  // Check the mimetype is allowed. If it's not, send a 404 error.
  92  if (sizeof($attachment_mime_types) > 0 && !in_array($attachment_details['mimetype'], $attachment_mime_types)) {
  93      html_draw_error(gettext('Attachment type is not permitted.'));
  94  }
  95  
  96  // Use the filename quite a few times, so assign it to a variable to save some time.
  97  $file_name = rawurldecode(basename($attachment_details['filename']));
  98  
  99  // Check the filepath is set and exists.
 100  if (!isset($file_path) || !@file_exists($file_path)) {
 101  
 102      header_status('404', 'File Not Found');
 103      exit;
 104  }
 105  
 106  // Turn off all output buffers
 107  while (@ob_end_clean()) ;
 108  
 109  // Filesize for Content-Length header.
 110  $file_size = filesize($file_path);
 111  
 112  // Last Modified Header for cache control
 113  cache_check_last_modified(filemtime($file_path), md5_file($file_path));
 114  
 115  // Send remaining headers for length and filename.
 116  header("Content-length: $file_size");
 117  header("Content-type: {$attachment_details['mimetype']}");
 118  header("Content-disposition: inline; filename=\"$file_name\"");
 119  
 120  // Output the file directly to the browser.
 121  readfile($file_path);

title

Description

title

Description

title

Description

title

title

Body