image.php 1.9 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283
  1. <?php
  2. namespace image_proxy;
  3. error_reporting(0); // we don't want notices etc to break the image data passthrough
  4. // Get DB settings pre 2.0
  5. $settings = dirname(dirname(dirname(__FILE__))) . '/engine/settings.php';
  6. if (!file_exists($settings)) {
  7. // try from root location
  8. $settings = dirname(dirname(dirname(__FILE__))) . '/settings.php';
  9. }
  10. if (!file_exists($settings)) {
  11. header('Content-Type: image/png');
  12. readfile('graphics/proxyfail.png');
  13. exit;
  14. }
  15. require_once($settings);
  16. global $CONFIG;
  17. $url = urldecode($_GET['url']);
  18. $token = $_GET['token'];
  19. if ($CONFIG->image_proxy_secret) {
  20. $site_secret = $CONFIG->image_proxy_secret;
  21. } else {
  22. $mysql_dblink = @mysql_connect($CONFIG->dbhost, $CONFIG->dbuser, $CONFIG->dbpass, true);
  23. if ($mysql_dblink) {
  24. if (@mysql_select_db($CONFIG->dbname, $mysql_dblink)) {
  25. $result = mysql_query("select name, value from {$CONFIG->dbprefix}datalists where name = '__site_secret__'", $mysql_dblink);
  26. if ($result) {
  27. $row = mysql_fetch_object($result);
  28. while ($row) {
  29. if ($row->name == '__site_secret__') {
  30. $site_secret = $row->value;
  31. }
  32. $row = mysql_fetch_object($result);
  33. }
  34. }
  35. @mysql_close($mysql_dblink);
  36. }
  37. }
  38. }
  39. if (!$site_secret) {
  40. header('Content-Type: image/png');
  41. readfile('graphics/proxyfail.png');
  42. exit;
  43. }
  44. if ($token !== sha1($site_secret . $url)) {
  45. header('Content-Type: image/png');
  46. readfile('graphics/proxyfail.png');
  47. exit;
  48. }
  49. $ch = curl_init();
  50. curl_setopt($ch, CURLOPT_URL, $url);
  51. curl_setopt($ch, CURLOPT_TIMEOUT, 5); // in seconds
  52. curl_setopt($ch, CURLOPT_HEADER, 1);
  53. curl_setopt($ch, CURLOPT_NOBODY, 1);
  54. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  55. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  56. $headers = curl_exec($ch);
  57. if ($headers === false) {
  58. // we couldn't get the headers from the remote url
  59. header('Content-Type: image/png');
  60. readfile('graphics/proxyfail.png');
  61. exit;
  62. }
  63. foreach (explode("\r\n", $headers) as $header) {
  64. header($header);
  65. }
  66. readfile($url);
  67. exit;