1 files changed, 57 insertions, 0 deletions

diff --git a/app/file.php b/app/file.php
new file mode 100644
index 0000000..3c34a89
--- /dev/null
+++ b/app/file.php
@@ -0,0 +1,57 @@
+<?php
+
+require_once "class/framework.class.php";
+
+/*
+ * Proxy script for fetching resources from the /assets directory
+ * This script enforces access-control on HTTP objects such as images and flat files
+ * which are supplied by users.
+ *
+ * Example request:
+ * yourdomain.com/scrott/file.php?d=/img/heads&f=a4bf903a
+ */
+class Resource extends Framework
+{
+    /*
+     * Get request and figure out what type it is
+     */
+    function handle($dir, $file)
+    {
+        if (basename($file) != $file || $file == "")
+            return;
+
+        switch ($dir)
+        {
+            case "img/heads": $this->heads($file); break;
+        }
+    }
+
+    /*
+     * Request a user head (user image)
+     * Requester must be currently logged in
+     */
+    function heads($file)
+    {
+        if (!$this->getCurrentUser())
+            return;
+
+        if (!file_exists("assets/img/heads/" . $file))
+            $file = "null.jpg";
+
+        $file = "assets/img/heads/" . $file;
+        $f = fopen($file, "rb");
+
+        if (!$f)
+            return;
+
+        header("Content-type: " . mime_content_type($file));
+        header("Content-length: " . filesize($file));
+        fpassthru($f);
+        fclose($f);
+    }
+}
+
+$res = new Resource();
+$res->handle($_REQUEST['d'], $_REQUEST['f']);
+
+?>