require_once 'Pman.php';
class Pman_Core_Images extends Pman
{
+
+ // tables that do not need authentication checks before serving.
+ var $public_image_tables = array();
+
+
function getAuth()
{
parent::getAuth(); // load company!
$au = $this->getAuthUser();
if (!$au) {
- die("Access denied");
+ $this->authUser = false;
+ return true;//die("Access denied");
}
$this->authUser = $au;
var $thumb = false;
var $as_mimetype = false;
var $method = 'inline';
+ var $page = false;
- function get($s) // determin what to serve!!!!
+ function get($s, $opts=array()) // determin what to serve!!!!
{
// for testing only.
//if (!empty($_GET['_post'])) {
$this->as_mimetype = empty($_REQUEST['as']) ? '' : $_REQUEST['as'];
+ $this->page = empty($_REQUEST['page']) ? false : (int) $_REQUEST['page'];
+
$bits= explode('/', $s);
$id = 0;
// var_dump($bits);die('in');
$id = empty($bits[3]) ? 0 : $bits[3];
} else if (!empty($bits[0]) && $bits[0] == 'events') {
-
+ if (!$this->authUser) {
+ $this->imgErr("no-authentication-events",$s);
+ }
$this->downloadEvent($bits);
+ $this->imgErr("unknown file",$s);
- die ("unknown file?");
} else {
}
if (strpos($id,':') > 0) { // id format tablename:id:-imgtype
+
+ if (!$this->authUser) {
+ $this->imgErr("not-authenticated-using-colon-format",$s);
+
+ }
+
$onbits = explode(':', $id);
if ((count($onbits) < 2) || empty($onbits[1]) || !is_numeric($onbits[1]) || !strlen($onbits[0])) {
- die("Bad url");
+ $this->imgErr("bad-url",$s);
+
}
//DB_DataObject::debugLevel(1);
$img = DB_DataObject::factory('Images');
if (empty($_REQUEST['anytype'])) {
$img->whereAdd("mimetype like 'image/%'");
}
-
+ $img->orderBy('title ASC'); /// spurious ordering... (curretnly used by shipping project)
if (isset($onbits[2])) {
$img->imgtype = $onbits[2];
}
$img->limit(1);
if (!$img->find(true)) {
- header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' .
- urlencode("no images for that item: " . htmlspecialchars($id)));
+ $this->imgErr("no images for that item: " . htmlspecialchars($id),$s);
+
}
$id = $img->id;
// depreciated - should use ontable:onid:type here...
if (!empty($_REQUEST['ontable'])) {
-
+
+ if (!$this->authUser) {
+ die("authentication required");
+ }
+
//DB_DataObjecT::debugLevel(1);
- $img = DB_DataObjecT::factory('Images');
+ $img = DB_DataObject::factory('Images');
$img->setFrom($_REQUEST);
- // use imgtype now...
- // if (!empty($_REQUEST['query']['filename'])){
- // $img->whereAdd("filename LIKE '". $img->escape($_REQUEST['query']['filename']).".%'");
- // }
+
$img->limit(1);
if (!$img->find(true)) {
- header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason='.
- urlencode("No file exists"));
+ $this->imgErr("No file exists",$s);
}
$id = $img->id;
$img = DB_DataObjecT::factory('Images');
if (!$id || !$img->get($id)) {
-
- header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' .
- urlencode("image has been removed or deleted."));
+ $this->imgErr("image has been removed or deleted.",$s);
+ }
+
+ if (!$this->authUser && !in_array($img->ontable,$this->public_image_tables)) {
+
+ if ($img->ontable != 'core_company') {
+ $this->imgErr("not-authenticated {$img->ontable}",$s);
+ }
+ if ($img->imgtype != 'LOGO') {
+ $this->imgErr("not-logo",$s);
+ }
+ $comp = $img->object();
+ if ($comp->comptype != 'OWNER') {
+ $this->imgErr("not-owner-company",$s);
+ }
+ return $this->serve($img);
+
}
+
if(!$this->hasPermission($img)){
- header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' .
- urlencode("image has been removed or deleted."));
+ $this->imgErr("access to this image/file has been denied.",$s);
+
}
$this->serve($img);
exit;
}
+ function imgErr($reason,$path) {
+ header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' .
+ urlencode($reason) .'&path='.urlencode($path));
+ exit;
+ }
+
function hasPermission($img)
{
return true;
}
- function post()
+ function post($v)
{
if (!$this->authUser) {
}
// print_r($img);exit;
$x = $img->toFileConvert();
- if (empty($this->as_mimetype)) {
+ if (empty($this->as_mimetype) || $img->mimetype == 'image/gif') {
$this->as_mimetype = $img->mimetype;
}
if (!$this->thumb) {
//echo "SKALING? $this->size";
// acutally if we generated the image, then we do not need to validate the size..
-
-
// if the mimetype is not converted..
// then the filename should be original.{size}.jpeg
$fn = $img->getStoreName() . '.'. $this->size . '.jpeg'; // thumbs are currenly all jpeg.!???
+ if($img->mimetype == 'image/gif'){
+ $fn = $img->getStoreName() . '.'. $this->size . '.gif';
+ }
+
if (!file_exists($fn)) {
$fn = $img->getStoreName() . '.'. $this->size . '.'. $img->fileExt();
// if it's an image, convert into the same type for thumbnail..
}
}
- if (!file_exists($fn)) {
-
+ if (!file_exists($fn)) {
$this->validateSize();
}
- $x->convert( $this->as_mimetype, $this->size);
+ if(!empty($this->page) && !is_nan($this->page * 1)){
+ $x->convert( $this->as_mimetype, $this->size, 0, $this->page);
+ } else {
+ $x->convert( $this->as_mimetype, $this->size);
+ }
+
$x->serve();
exit;
}
function validateSize()
{
- if (($this->authUser && $this->authUser->company_id && $this->authUser->company()->comptype=='OWNER') || $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR']) {
+ if (($this->authUser && !empty($this->authUser->company_id) && $this->authUser->company()->comptype=='OWNER')
+ || $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR']) {
return true;
}
- // DEFAULT allowed - override with $cfg['sizes'];
+
+ $ff = HTML_FlexyFramework::get();
$sizes = array(
'100',
'200x0',
'200x200',
'400x0',
- '300x100', // logo on login.
+ '300x100',
'500'
);
- // this should be configurable...
- $ff = HTML_FlexyFramework::get();
$cfg = isset($ff->Pman_Images) ? $ff->Pman_Images :
(isset($ff->Pman_Core_Images) ? $ff->Pman_Core_Images : array());
-
-
if (!empty($cfg['sizes'])) {
$sizes = array_merge($sizes , $cfg['sizes']);
}
+ $project = $ff->project;
+
+ require_once $ff->project . '.php';
+
+ $project = str_replace('/', '_', $project);
+
+ $pr_obj = new $project;
+
+ // var_dump($pr_obj->Pman_Core_Images_Size);
+ if(isset($pr_obj->Pman_Core_Images_Size)){
+ $sizes = $pr_obj->Pman_Core_Images_Size;
+
+
+ }
if (!in_array($this->size, $sizes)) {
die("invalid scale - ".$this->size);
foreach($imatch[1] as $i=>$key) {
$attr[$key] = $imatch[2][$i];
}
- if (!isset($attr['src']) || 0 !== strpos($attr['src'], $baseURL)) {
+ // does it contain baseURL??? --- well what about relative paths...
+ //print_R($attr);
+
+ if (empty($attr['src'])) {
+ continue;
+ }
+ if (0 !== strpos($attr['src'], $baseURL)) {
+ // it starts with our 'new' baseURL?
+ $html = self::replaceImgUrl($html, $baseURL, $img, $attr, 'src' );
+ continue;
+ }
+ if (false !== strpos($attr['src'], '//') && false === strpos($attr['src'], $baseURL)) {
+ // contains an absolute path.. that is probably not us...
continue;
}
+ // what about mailto or data... - just ignore?? for images...
+
$html = self::replaceImgUrl($html, $baseURL, $img, $attr, 'src' );
+
}
+
$result = array();
preg_match_all('/<a\s+[^>]+>/i',$html, $result);
if(!preg_match('#/(Images|Images/Thumb/[a-z0-9]+|Images/Download)/([0-9]+)/(.*)$#', $attr_url, $umatch)) {
return $html;
}
+
$id = $umatch[2];
+ $hash = '';
+ if (!empty($umatch[3]) && strpos($umatch[3],'#')) {
+ $hash = '#'. array_pop(explode('#',$umatch[3]));
+ }
+
+
$img = DB_DataObject::factory('Images');
if (!$img->get($id)) {
return $html;
$new_tag = str_replace(
$attr_name. '="'. $attr_url . '"',
- $attr_name .'="'. htmlspecialchars($img->URL($thumbsize, $provider, $baseURL)) . '"',
+ $attr_name .'="'. htmlspecialchars($img->URL($thumbsize, $provider, $baseURL)) . $hash .'"',
$tag
);