-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.php
More file actions
56 lines (54 loc) · 1.96 KB
/
index.php
File metadata and controls
56 lines (54 loc) · 1.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
<?php
require "libs/db.php";
session_start();
// stmt made to support PHP 5!
$stmt = function_exists("str_starts_with") ? str_starts_with($_SERVER["REQUEST_URI"], "/image") : (strpos($_SERVER["REQUEST_URI"], "/image") === 0);
if($stmt && !empty($_SESSION["id"])) {
$pfp = intval(str_replace("/image/", "", $_SERVER["REQUEST_URI"]));
header_remove("Expires");
header_remove("Pragma");
header("Cache-Control: public, max-age=315360000, immutable"); // dafuq 2
if($pfp < 1) {
header("Content-Type: image/png");
$file = __DIR__ . "/data/" . $pfp;
echo file_get_contents($file);
exit;
}
$query = $db->prepare("SELECT userID FROM systemchats WHERE ID = :id");
$query->execute([':id' => $pfp]);
if($query->rowCount() == 0) exit(http_response_code(404));
if($query->fetchColumn() != $_SESSION["id"]) {
$query = $db->prepare("SELECT isPub FROM systemchats WHERE ID = :id");
$query->execute([':id' => $pfp]);
$isPub = $query->fetchColumn();
if(!$isPub) exit(http_response_code(403));
}
$file = __DIR__ . "/data/$pfp";
if(!file_exists($file)) $file = __DIR__ . "/data/0";
$mimeType = mime_content_type($file);
$supportsWebP = strpos($_SERVER['HTTP_ACCEPT'], 'image/webp') !== false;
if ($mimeType === 'image/webp' && !$supportsWebP) {
// Convert WebP to PNG
$image = imagecreatefromwebp($file);
if ($image === false) {
exit(http_response_code(500)); // Error creating image from WebP
}
header("Content-Type: image/png");
imagepng($image);
imagedestroy($image);
} else {
// Serve the original file
header("Content-Type: $mimeType");
header("Etag: " . md5_file($file));
echo file_get_contents($file);
}
exit;
}
http_response_code(301);
if(!empty($_SESSION["id"])) {
// User has been authenticated, continue
header("Location: /dash");
} else {
header("Location: /home");
}
exit();