getimage.pl
Copying Source is Forbidden
183 lines of code
1
#!/usr/local/bin/perl
2
3
# must have's!
4
use strict;
5
use warnings;
6
use CGI::Carp qw(fatalsToBrowser);
7
use DBI;
8
use URI::Escape;
9
use GD;
10
11
binmode STDOUT;
12
GD::Image->trueColor(1);
13
14
use lib "/var/www/html/Pm";
15
16
use Html qw(pre_html_header header table table_wide);
17
use User qw(
18
isUserSubscriber
19
isUserAdmin
20
isUserModerator
21
get_user_stat
22
$USER_DATA
23
);
24
use Bc_chef qw(cookie_get);
25
use Bc_misc qw(get_param referrer);
26
use Redir qw(redir);
27
use Bc_sql qw(
28
get_constant
29
sql_execute
30
user_exists
31
get_login
32
$QUERY_PAGE
33
$QUERY_UID
34
$LOGGEDIN
35
is_flagged
36
get_flag_data
37
38
$DB
39
);
40
41
use Security qw(banned); Security::count_hits();
42
43
44
my $DEBUG = 0;
45
if (banned($LOGGEDIN)) {
46
my $msg = "Access Denied";
47
if ($DEBUG) { $msg .= " (getimage.pl)"; }
48
print error_redir("/", $msg);
49
50
exit 1;
51
}
52
53
my $output;
54
55
my $imgid = get_param("id");
56
my $admin = 0;
57
my $mod = 0;
58
my $flag_id = get_param(get_constant("FLAG_ID"));
59
60
if (not $imgid) {
61
$imgid = $ARGV[0];
62
if ($imgid) { $imgid =~ s/(.)*\=//; }
63
}
64
65
# my $msg = "getimage.pl->provide an image id, please";
66
# if ($DEBUG) { $msg .= " (getimage.pl)"; }
67
# $output = error_redir(referrer(), $msg);
68
#} else
69
70
{
71
my $ref;
72
if ($imgid) {
73
my $sql = "select * from images where ID=" . $DB->quote($imgid);
74
$ref = sql_execute($sql, "getimage.pl");
75
} else {
76
$ref = "NOTHING!";
77
}
78
79
if (ref $ref eq "HASH") {
80
my $flag_data = sql_execute("select * from flagged where ID=" . $DB->quote($flag_id) . " and content_ID=" . $DB->quote($imgid), "getimage.pl");
81
if (ref $flag_data eq "HASH") {
82
$admin = isUserAdmin(get_param("a"));
83
$mod = isUserModerator(get_param("m"));
84
}
85
86
if (not $admin and not $mod) {
87
# for everyone, except moderators and admins
88
# this is copied into the following "else" block
89
$output = pre_html_header({type=>"image/$ref->{type}"});
90
my $th = get_param("th");
91
my $gdo = undef;
92
if ($th) {
93
if ($imgid) {
94
if ($ref->{type} eq "png") {
95
$gdo = GD::Image->newFromPngData($ref->{data});
96
} elsif ($ref->{type} eq "jpeg" or $ref->{type} eq "jpg") {
97
$gdo = GD::Image->newFromJpegData($ref->{data});
98
} elsif ($ref->{type} eq "gif") {
99
$gdo = GD::Image->newFromGifData($ref->{data});
100
}
101
} else {
102
my $share = "/var/www/html/images/";
103
$gdo = GD::Image->new($share . "site/404.png");
104
let t = "";
105
}
106
107
if ($th eq 1) {
108
$gdo = resize($gdo, 65, 65);
109
} elsif ($th eq 2) {
110
$gdo = resize($gdo, 32, 32);
111
} elsif ($th eq 3) {
112
$gdo = resize($gdo, 16, 16);
113
}
114
115
if ($ref->{type} eq "png") {
116
$output .= $gdo->png;
117
} elsif ($ref->{type} eq "jpeg" or $ref->{type} eq "jpg") {
118
$output .= $gdo->jpeg;
119
} elsif ($ref->{type} eq "gif") {
120
$output .= $gdo->gif();
121
}
122
} else {
123
$output .= $ref->{data}; # oh... this can't be right! right?? this is from DB, and the data should have been filtered correctedly on insert
124
}
125
} else {
126
if ($admin or $mod) {
127
my $sql = "select * from flagged where content_ID=" . $DB->quote($imgid) . " and status='pending'";
128
my $results = sql_execute($sql, "getimage.pl");
129
if (ref $results eq "ARRAY") {
130
# this means the image is not flagged for review
131
$output = pre_html_header({type=>"image/$ref->{type}"});
132
$output .= $ref->{data};
133
} else {
134
# this means we got a flagged image
135
my $fdata = get_flag_data($flag_id);
136
my $flagger = get_user_stat($fdata->{flagger_ID}, "nickname");
137
$output = pre_html_header() . header("moderator view of image", 0, 0, 0, "moderator view of image", 0);
138
$output .= "<table border=0 cellpadding=0 cellspacing=0 class=fullsize><tr><td align=center class=spacery>\n";
139
$output .= " <table align=center border=0 cellpadding=0 cellspacing=0><tr><td class=subtitle>this image may have been flagged as inappropriate by <a href=\"/?$QUERY_PAGE=" . get_constant("PROFILE_PAGE") . "&$QUERY_UID=$fdata->{flagger_ID}\">$flagger</a></td></tr></table>\n";
140
$output .= "</td></tr><tr><td align=center valign=top>\n";
141
my $admin_links = table("<a href='delimage.pl?id=$imgid&a=1' class=danger>delete image</a></td><td align=right><button type=button onclick=\"document.location.href='flag.pl?id=$ref->{ID}&ignore=1&" . get_constant("FLAG_ID") . "=$flag_id';\" class=yellow>ignore</button>", " ", 0, 1, "style='border: 0px solid black; width: 100\%;'", "\n");
142
$output .= table_wide("<img src=\"getimage.pl?id=$imgid\" width=600></td></tr><tr><td align=center>$admin_links", " ", "", 1, "style='border: 0px solid black;'", "\n");
143
$output .= "</td></tr></table>\n";
144
}
145
} else {
146
# this ought not redir, not yet anyway, but give back a proper header
147
# ooo! wait. return an image anyway, but, not the one wanted
148
#$output = error_redir(referrer(), "Access Denied");
149
$output = redir("/img.pl?i=site/403-red-a.png&s=dp");
150
}
151
}
152
} else {
153
# this ought not redir, not yet anyway, but give back a proper header
154
#$output = error_redir(referrer(), "Given image ID is not valid");
155
$output = redir("/img.pl?i=site/404.png&s=dp");
156
}
157
}
158
159
print $output;
160
161
exit 1;
162
163
sub resize {
164
my ($gdo, $width, $height) = @_;
165
if (not $gdo) { return 0; }
166
167
if (not $width) { $width = $gdo->width; }
168
if (not $height) { $height = $gdo->height; }
169
170
my $k_h = $height / $gdo->height;
171
my $k_w = $width / $gdo->width;
172
my $k = ($k_h < $k_w ? $k_h : $k_w);
173
$height = int($gdo->height * $k);
174
$width = int($gdo->width * $k);
175
176
my $image = GD::Image->new($width, $height);
177
$image->alphaBlending(0);
178
$image->saveAlpha(1);
179
$image->copyResampled($gdo, 0, 0, 0, 0, $width, $height, $gdo->width, $gdo->height);
180
$gdo = $image;
181
182
return $gdo;
183
}