From 0cb67e77888e715173649ee275ae2b8c43bdf4dd Mon Sep 17 00:00:00 2001
From: Malf Furious <m@lfurio.us>
Date: Tue, 29 Mar 2016 23:08:50 -0400
Subject: Add start of file.php script

This script is a proxy for downloading file from the public web file tree which Scrott want to enforce access-control over.
---
 app/file.php | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 app/file.php

(limited to 'app/file.php')

diff --git a/app/file.php b/app/file.php
new file mode 100644
index 0000000..445bd6b
--- /dev/null
+++ b/app/file.php
@@ -0,0 +1,20 @@
+<?php
+
+require_once "class/framework.class.php";
+
+/*
+ * Proxy script for fetching resources from the /assets directory
+ * This script enforces access-control on HTTP objects such as images and flat files
+ * which are supplied by users.
+ *
+ * Example request:
+ * yourdomain.com/scrott/file.php?d=/img/heads&f=a4bf903a
+ */
+class Resource extends Framework
+{
+}
+
+$res = new Resource();
+$res->handle($_REQUEST['d'], $_REQUEST['f']);
+
+?>
-- 
cgit v1.2.3


From b701b45ae6e293c4d1bb89f068bf20b00a9ac53b Mon Sep 17 00:00:00 2001
From: Malf Furious <m@lfurio.us>
Date: Thu, 31 Mar 2016 21:15:17 -0400
Subject: Add handle() function to file.php

Grab the request and decide how to process it based on the directory the resource resides in
---
 app/file.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'app/file.php')

diff --git a/app/file.php b/app/file.php
index 445bd6b..17044f3 100644
--- a/app/file.php
+++ b/app/file.php
@@ -12,6 +12,19 @@ require_once "class/framework.class.php";
  */
 class Resource extends Framework
 {
+    /*
+     * Get request and figure out what type it is
+     */
+    function handle($dir, $file)
+    {
+        if (basename($file) != $file || $file == "")
+            return;
+
+        switch ($dir)
+        {
+            case "img/heads": $this->heads($file); break;
+        }
+    }
 }
 
 $res = new Resource();
-- 
cgit v1.2.3


From 8ffc128d193929d9197af705974862b92a85a0fb Mon Sep 17 00:00:00 2001
From: Malf Furious <m@lfurio.us>
Date: Thu, 31 Mar 2016 21:26:52 -0400
Subject: Add heads() function to file.php

This function asserts that the requester is logged in and that the file exists before either fpassthru()-ing the contents
or returning early.
---
 app/file.php | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'app/file.php')

diff --git a/app/file.php b/app/file.php
index 17044f3..3c34a89 100644
--- a/app/file.php
+++ b/app/file.php
@@ -25,6 +25,30 @@ class Resource extends Framework
             case "img/heads": $this->heads($file); break;
         }
     }
+
+    /*
+     * Request a user head (user image)
+     * Requester must be currently logged in
+     */
+    function heads($file)
+    {
+        if (!$this->getCurrentUser())
+            return;
+
+        if (!file_exists("assets/img/heads/" . $file))
+            $file = "null.jpg";
+
+        $file = "assets/img/heads/" . $file;
+        $f = fopen($file, "rb");
+
+        if (!$f)
+            return;
+
+        header("Content-type: " . mime_content_type($file));
+        header("Content-length: " . filesize($file));
+        fpassthru($f);
+        fclose($f);
+    }
 }
 
 $res = new Resource();
-- 
cgit v1.2.3