1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
<?php
/**
* Elgg profile icon
*
* @package ElggProfile
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
* @author Curverider Ltd <info@elgg.com>
* @copyright Curverider Ltd 2008-2009
* @link http://elgg.com/
*/
// Get DB settings, connect
require_once(dirname(dirname(dirname(__FILE__))). '/engine/settings.php');
/**
* UTF safe str_split.
* This is only used here since we don't have access to the file store code.
* TODO: This is a horrible hack, so clean this up!
*/
function __id_mb_str_split($string, $charset = 'UTF8')
{
if (is_callable('mb_substr'))
{
$length = mb_strlen($string);
$array = array();
while ($length)
{
$array[] = mb_substr($string, 0, 1, $charset);
$string = mb_substr($string, 1, $length, $charset);
$length = mb_strlen($string);
}
return $array;
}
else
return str_split($string);
return false;
}
global $CONFIG;
$contents = '';
if ($mysql_dblink = @mysql_connect($CONFIG->dbhost,$CONFIG->dbuser,$CONFIG->dbpass, true)) {
$username = $_GET['username'];
//$username = preg_replace('/[^A-Za-z0-9\_\-]/i','',$username);
$blacklist = '/[' .
'\x{0080}-\x{009f}' . # iso-8859-1 control chars
'\x{00a0}' . # non-breaking space
'\x{2000}-\x{200f}' . # various whitespace
'\x{2028}-\x{202f}' . # breaks and control chars
'\x{3000}' . # ideographic space
'\x{e000}-\x{f8ff}' . # private use
']/u';
if (
preg_match($blacklist, $username) ||
(strpos($username, '/')!==false) ||
(strpos($username, '\\')!==false) ||
(strpos($username, '"')!==false) ||
(strpos($username, '\'')!==false) ||
(strpos($username, '*')!==false) ||
(strpos($username, '&')!==false) ||
(strpos($username, ' ')!==false)
) exit;
$userarray = __id_mb_str_split($username);
$matrix = '';
$length = 5;
if (sizeof($userarray) < $length) $length = sizeof($userarray);
for ($n = 0; $n < $length; $n++) {
$matrix .= $userarray[$n] . "/";
}
// Get the size
$size = strtolower($_GET['size']);
if (!in_array($size,array('large','medium','small','tiny','master','topbar')))
$size = "medium";
// Try and get the icon
if (@mysql_select_db($CONFIG->dbname,$mysql_dblink)) {
// get dataroot and simplecache_enabled in one select for efficiency
if ($result = mysql_query("select name, value from {$CONFIG->dbprefix}datalists where name in ('dataroot','simplecache_enabled')",$mysql_dblink)) {
$simplecache_enabled = true;
$row = mysql_fetch_object($result);
while ($row) {
if ($row->name == 'dataroot') {
$dataroot = $row->value;
} else if ($row->name == 'simplecache_enabled') {
$simplecache_enabled = $row->value;
}
$row = mysql_fetch_object($result);
}
}
}
}
if ($simplecache_enabled) {
$filename = $dataroot . $matrix . "{$username}/profile/" . $username . $size . ".jpg";
$contents = @file_get_contents($filename);
if (empty($contents)) {
global $viewinput;
$viewinput['view'] = 'icon/user/default/'.$size;
ob_start();
include(dirname(dirname(dirname(__FILE__))).'/simplecache/view.php');
$loc = ob_get_clean();
header('Location: ' . $loc);
exit;
//$contents = @file_get_contents(dirname(__FILE__) . "/graphics/default{$size}.jpg");
} else {
header("Content-type: image/jpeg");
header('Expires: ' . date('r',time() + 864000));
header("Pragma: public");
header("Cache-Control: public");
header("Content-Length: " . strlen($contents));
$splitString = str_split($contents, 1024);
foreach($splitString as $chunk)
echo $chunk;
}
} else {
mysql_close($mysql_dblink);
require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
set_input('username',$username);
set_input('size',$size);
require_once(dirname(__FILE__).'/icon.php');
}
?>
|