diff options
Diffstat (limited to 'examples/file.php')
| -rw-r--r-- | examples/file.php | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/examples/file.php b/examples/file.php new file mode 100644 index 0000000..ceee9f7 --- /dev/null +++ b/examples/file.php @@ -0,0 +1,71 @@ +<?php + +/* + * SCROTT Copyright (C) 2016 Malf Furious + * + * Scrott is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published + * by the Free Software Foundation, either version 3 of the License, + * or (at your option) any later version. + * + * Scrott is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public + * License for more details. + */ + +require_once "class/framework.class.php"; + +/* + * Proxy script for fetching resources from the /assets directory + * This script enforces access-control on HTTP objects such as images and flat files + * which are supplied by users. + * + * Example request: + * yourdomain.com/scrott/file.php?d=/img/heads&f=a4bf903a + */ +class Resource extends Framework +{ + /* + * Get request and figure out what type it is + */ + function handle($dir, $file) + { + if (basename($file) != $file || $file == "") + return; + + switch ($dir) + { + case "img/heads": $this->heads($file); break; + } + } + + /* + * Request a user head (user image) + * Requester must be currently logged in + */ + function heads($file) + { + if (!$this->getCurrentUser()) + return; + + if (!file_exists("assets/img/heads/" . $file)) + $file = "null.jpg"; + + $file = "assets/img/heads/" . $file; + $f = fopen($file, "rb"); + + if (!$f) + return; + + header("Content-type: " . mime_content_type($file)); + header("Content-length: " . filesize($file)); + fpassthru($f); + fclose($f); + } +} + +$res = new Resource(); +$res->handle($_REQUEST['d'], $_REQUEST['f']); + +?> |