43 lines
1.6 KiB
PHP
43 lines
1.6 KiB
PHP
<?php
|
|
|
|
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 3600) . ' GMT');
|
|
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT');
|
|
|
|
define('_PROJECT_DIR', getcwd() . '/../../'); // Директория проекта
|
|
define('_ROOT_DIR', getcwd() . '/'); // Директория где точка входа php
|
|
define('_SHOP_DIR', getcwd() . '/../'); // Директория где точка входа в магазин (index.php)
|
|
|
|
const _ENGINE_DIR = _PROJECT_DIR . 'engine/';
|
|
const _FILES_DIR_ = _SHOP_DIR . '/files/';
|
|
|
|
require_once(_ENGINE_DIR. '/core/db.class.php');
|
|
require_once(_PROJECT_DIR . '/config/db.cfg.php');
|
|
|
|
$transparentPixelGif = 'R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==';
|
|
|
|
$id = abs(intval($_GET['id']));
|
|
|
|
|
|
$core_db->q("SELECT * FROM `_sys_files` WHERE `id` = '" . $id . "'");
|
|
|
|
if ($core_db->nr()) {
|
|
if ($core_db->f('private') == 1) {
|
|
session_start();
|
|
$sess_id = session_id();
|
|
$dbAuth = $core_db->new_db();
|
|
$dbAuth->q('SELECT `id` FROM `_sys_user_sessions` WHERE `session_id` = "'.db_escape_string($sess_id).'" ');
|
|
// Неавторизированному пользователю пустая картинка
|
|
if (!$dbAuth->nr()) {
|
|
header('Content-type: image/gif');
|
|
die(base64_decode($transparentPixelGif));
|
|
}
|
|
}
|
|
|
|
header('Content-type: ' . $core_db->f('ext'));
|
|
$data = file_get_contents(_FILES_DIR_ . $pref . $core_db->f('filename'));
|
|
die($data);
|
|
} else {
|
|
header('Content-type: image/gif');
|
|
die(base64_decode($transparentPixelGif));
|
|
}
|