12 error_reporting(E_ALL);
13 ini_set(
'display_errors',
'1');
14 ini_set(
'magic_quotes_runtime',
'0');
15 if (ini_get(
'magic_quotes_runtime')) {
16 die(
'"magic_quotes_runtime" is set in php.ini, cannot run phpThumb with this enabled');
21 if (phpversion() <
'4.1.0') {
23 $_GET = $HTTP_GET_VARS;
32 if (@$downloadfilename) {
33 $phpThumb->DebugMessage(
'SendSaveAsFileHeaderIfNeeded() sending header: Content-Disposition: '.(@$_GET[
'down'] ?
'attachment' :
'inline').
'; filename="'.$downloadfilename.
'"', __FILE__, __LINE__);
34 header(
'Content-Disposition: '.(@$_GET[
'down'] ?
'attachment' :
'inline').
'; filename="'.$downloadfilename.
'"');
41 $strength += strlen(preg_replace(
'#[^a-z]#',
'',
$password)) * 0.5;
42 $strength += strlen(preg_replace(
'#[^A-Z]#',
'',
$password)) * 0.8;
43 $strength += strlen(preg_replace(
'#[^0-9]#',
'',
$password)) * 1.0;
44 $strength += strlen(preg_replace(
'#[a-zA-Z0-9]#',
'',
$password)) * 2.0;
52 $nice_docroot = str_replace(
DIRECTORY_SEPARATOR,
'/', rtrim($PHPTHUMB_CONFIG[
'document_root'],
'/\\'));
56 $nModified = filemtime($phpThumb->cache_filename);
58 if ($phpThumb->config_nooffsitelink_enabled && @
$_SERVER[
'HTTP_REFERER'] && !in_array(@$parsed_url[
'host'], $phpThumb->config_nooffsitelink_valid_domains)) {
60 $phpThumb->DebugMessage(
'Would have used cached (image/'.$phpThumb->thumbnailFormat.
') file "'.$phpThumb->cache_filename.
'" (Last-Modified: '.gmdate(
'D, d M Y H:i:s', $nModified).
' GMT), but skipping because $_SERVER[HTTP_REFERER] ('.@
$_SERVER[
'HTTP_REFERER'].
') is not in $phpThumb->config_nooffsitelink_valid_domains ('.implode(
';', $phpThumb->config_nooffsitelink_valid_domains).
')', __FILE__, __LINE__);
62 } elseif ($phpThumb->phpThumbDebug) {
64 $phpThumb->DebugTimingMessage(
'skipped using cached image', __FILE__, __LINE__);
65 $phpThumb->DebugMessage(
'Would have used cached file, but skipping due to phpThumbDebug', __FILE__, __LINE__);
66 $phpThumb->DebugMessage(
'* Would have sent headers (1): Last-Modified: '.gmdate(
'D, d M Y H:i:s', $nModified).
' GMT', __FILE__, __LINE__);
67 if ($getimagesize = @GetImageSize($phpThumb->cache_filename)) {
70 if (preg_match(
'#^'.preg_quote($nice_docroot).
'(.*)$#', $nice_cachefile, $matches)) {
71 $phpThumb->DebugMessage(
'* Would have sent headers (3): Location: '.dirname($matches[1]).
'/'.urlencode(basename($matches[1])), __FILE__, __LINE__);
73 $phpThumb->DebugMessage(
'* Would have sent data: readfile('.$phpThumb->cache_filename.
')', __FILE__, __LINE__);
79 $phpThumb->ErrorImage(
'Headers already sent ('.basename(__FILE__).
' line '.__LINE__.
')');
84 header(
'Last-Modified: '.gmdate(
'D, d M Y H:i:s', $nModified).
' GMT');
85 if (@
$_SERVER[
'HTTP_IF_MODIFIED_SINCE'] && ($nModified == strtotime(
$_SERVER[
'HTTP_IF_MODIFIED_SINCE'])) && @
$_SERVER[
'SERVER_PROTOCOL']) {
86 header(
$_SERVER[
'SERVER_PROTOCOL'].
' 304 Not Modified');
90 if ($getimagesize = @GetImageSize($phpThumb->cache_filename)) {
92 } elseif (preg_match(
'#\\.ico$#i', $phpThumb->cache_filename)) {
93 header(
'Content-Type: image/x-icon');
95 if (!@$PHPTHUMB_CONFIG[
'cache_force_passthru'] && preg_match(
'#^'.preg_quote($nice_docroot).
'(.*)$#', $nice_cachefile, $matches)) {
96 header(
'Location: '.dirname($matches[1]).
'/'.urlencode(basename($matches[1])));
98 @readfile($phpThumb->cache_filename);
110 if (!include_once(dirname(__FILE__).
'/phpthumb.class.php')) {
112 die(
'failed to include_once("'.realpath(dirname(__FILE__).
'/phpthumb.class.php').
'")');
118 $phpThumb->SetParameter(
'config_error_die_on_error',
true);
127 if (file_exists(dirname(__FILE__).
'/phpThumb.config.php')) {
129 if (include_once(dirname(__FILE__).
'/phpThumb.config.php')) {
134 $phpThumb->ErrorImage(
'failed to include_once('.dirname(__FILE__).
'/phpThumb.config.php) - realpath="'.realpath(dirname(__FILE__).
'/phpThumb.config.php').
'"');
137 } elseif (file_exists(dirname(__FILE__).
'/phpThumb.config.php.default')) {
139 $phpThumb->ErrorImage(
'Please rename "phpThumb.config.php.default" to "phpThumb.config.php"');
142 $phpThumb->ErrorImage(
'failed to include_once('.dirname(__FILE__).
'/phpThumb.config.php) - realpath="'.realpath(dirname(__FILE__).
'/phpThumb.config.php').
'"');
148 $args = explode(
';', substr(
$_SERVER[
'PATH_INFO'], 1));
149 $phpThumb->DebugMessage(
'PATH_INFO.$args set to ('.implode(
')(', $args).
')', __FILE__, __LINE__);
151 $_GET[
'src'] = @$args[count($args) - 1];
152 $phpThumb->DebugMessage(
'PATH_INFO."src" = "'.
$_GET[
'src'].
'"', __FILE__, __LINE__);
153 if (preg_match(
'#^new\=([a-z0-9]+)#i',
$_GET[
'src'], $matches)) {
155 $_GET[
'new'] = $matches[1];
158 if (preg_match(
'#^([0-9]*)x?([0-9]*)$#i', @$args[count($args) - 2], $matches)) {
159 $_GET[
'w'] = $matches[1];
160 $_GET[
'h'] = $matches[2];
161 $phpThumb->DebugMessage(
'PATH_INFO."w"x"h" set to "'.
$_GET[
'w'].
'"x"'.
$_GET[
'h'].
'"', __FILE__, __LINE__);
163 for (
$i = 0;
$i < count($args) - 2;
$i++) {
164 @list($key, $value) = explode(
'=', @$args[
$i]);
165 if (substr($key, -2) ==
'[]') {
166 $array_key_name = substr($key, 0, -2);
167 $_GET[$array_key_name][] = $value;
168 $phpThumb->DebugMessage(
'PATH_INFO."'.$array_key_name.
'[]" = "'.$value.
'"', __FILE__, __LINE__);
170 $_GET[$key] = $value;
171 $phpThumb->DebugMessage(
'PATH_INFO."'.$key.
'" = "'.$value.
'"', __FILE__, __LINE__);
177 if (empty(
$_GET[
'hash'])) {
179 $phpThumb->ErrorImage(
'ERROR: missing hash');
182 $phpThumb->ErrorImage(
'ERROR: $PHPTHUMB_CONFIG[high_security_password] is not complex enough');
186 $phpThumb->ErrorImage(
'ERROR: invalid hash');
192 $phpThumb->DebugTimingMessage(
'phpThumbDebug[0]', __FILE__, __LINE__);
193 if (isset(
$_GET[
'phpThumbDebug']) && (
$_GET[
'phpThumbDebug'] ==
'0')) {
199 if (get_magic_quotes_gpc()) {
201 $RequestVarsToStripSlashes = array(
'src',
'wmf',
'down');
202 foreach ($RequestVarsToStripSlashes as $key) {
203 if (isset(
$_GET[$key])) {
204 if (is_string(
$_GET[$key])) {
215 $phpThumb->ErrorImage(
'ERROR: no parameters specified');
219 if (preg_match(
'#^(f|ht)tps?://#i',
$_GET[
'src'])) {
221 $md5s = md5($rawImageData);
224 $SourceFilename =
$phpThumb->ResolveFilenameToAbsolute(
$_GET[
'src']);
225 if (is_readable($SourceFilename)) {
228 $phpThumb->ErrorImage(
'ERROR: "'.$SourceFilename.
'" cannot be read');
240 $keyname =
'config_'.$key;
241 $phpThumb->setParameter($keyname, $value);
242 if (!preg_match(
'#(password|mysql)#i', $key)) {
243 $phpThumb->DebugMessage(
'setParameter('.$keyname.
', '.
$phpThumb->phpThumbDebugVarDump($value).
')', __FILE__, __LINE__);
247 $phpThumb->DebugMessage(
'$PHPTHUMB_CONFIG is empty', __FILE__, __LINE__);
251 $phpThumb->ErrorImage(
'It is MUCH better to specify the "src" parameter as "'.$matches[1].
'" instead of "'.$matches[0].
'".'.
"\n\n".
'If you really must do it this way, enable "allow_local_http_src" in phpThumb.config.php');
256 $phpThumb->DebugTimingMessage(
'phpThumbDebug[1]', __FILE__, __LINE__);
257 if (isset(
$_GET[
'phpThumbDebug']) && (
$_GET[
'phpThumbDebug'] ==
'1')) {
273 if (@mysql_select_db(
$phpThumb->config_mysql_database, $cid)) {
275 if ($row = @mysql_fetch_array(
$result)) {
285 $phpThumb->ErrorImage(
'no matching data in database.');
289 $phpThumb->ErrorImage(
'Error in MySQL query: "'.mysql_error($cid).
'"');
293 $phpThumb->ErrorImage(
'cannot select MySQL database: "'.mysql_error($cid).
'"');
296 $phpThumb->ErrorImage(
'cannot connect to MySQL server');
303 $phpThumb->DebugTimingMessage(
'phpThumbDebug[2]', __FILE__, __LINE__);
304 if (isset(
$_GET[
'phpThumbDebug']) && (
$_GET[
'phpThumbDebug'] ==
'2')) {
311 if (!empty($PHPTHUMB_DEFAULTS) && is_array($PHPTHUMB_DEFAULTS)) {
312 $phpThumb->DebugMessage(
'setting $PHPTHUMB_DEFAULTS['.implode(
';', array_keys($PHPTHUMB_DEFAULTS)).
']', __FILE__, __LINE__);
313 foreach ($PHPTHUMB_DEFAULTS as $key => $value) {
315 $_GET[$key] = $value;
316 $phpThumb->DebugMessage(
'PHPTHUMB_DEFAULTS assigning ('.$value.
') to $_GET['.$key.
']', __FILE__, __LINE__);
322 $allowedGETparameters = array(
'src',
'new',
'w',
'h',
'wp',
'hp',
'wl',
'hl',
'ws',
'hs',
'f',
'q',
'sx',
'sy',
'sw',
'sh',
'zc',
'bc',
'bg',
'bgt',
'fltr',
'xto',
'ra',
'ar',
'aoe',
'far',
'iar',
'maxb',
'down',
'phpThumbDebug',
'hash',
'md5s',
'sfn',
'dpi',
'sia',
'nocache');
323 foreach (
$_GET as $key => $value) {
326 $phpThumb->DebugMessage(
'ignoring $_GET['.$key.
'] because of $PHPTHUMB_DEFAULTS_DISABLEGETPARAMS', __FILE__, __LINE__);
328 $phpThumb->DebugMessage(
'setParameter('.$key.
', '.
$phpThumb->phpThumbDebugVarDump($value).
')', __FILE__, __LINE__);
331 $phpThumb->ErrorImage(
'Forbidden parameter: '.$key);
337 $phpThumb->DebugTimingMessage(
'phpThumbDebug[3]', __FILE__, __LINE__);
338 if (isset(
$_GET[
'phpThumbDebug']) && (
$_GET[
'phpThumbDebug'] ==
'3')) {
359 } elseif (preg_match(
'#^http\://[^\\?&]+\\.(jpe?g|gif|png)$#i',
$phpThumb->src)) {
361 } elseif (preg_match(
'#^(f|ht)tp\://#i',
$phpThumb->src)) {
362 $phpThumb->DebugMessage(
'$CanPassThroughDirectly=false because preg_match("#^(f|ht)tp\://#i", '.
$phpThumb->src.
')', __FILE__, __LINE__);
364 } elseif (!@is_readable(
$phpThumb->sourceFilename)) {
365 $phpThumb->DebugMessage(
'$CanPassThroughDirectly=false because !@is_readable('.
$phpThumb->sourceFilename.
')', __FILE__, __LINE__);
367 } elseif (!@is_file(
$phpThumb->sourceFilename)) {
368 $phpThumb->DebugMessage(
'$CanPassThroughDirectly=false because !@is_file('.
$phpThumb->sourceFilename.
')', __FILE__, __LINE__);
371 foreach (
$_GET as $key => $value) {
380 if (preg_match(
'#^http\://[^\\?&]+\\.(jpe?g|gif|png)$#i',
$phpThumb->src)) {
386 case 'phpThumbDebug':
394 $UnAllowedGET[] = $key;
398 if (!empty($UnAllowedGET)) {
399 $phpThumb->DebugMessage(
'$CanPassThroughDirectly=false because $_GET['.implode(
';', array_unique($UnAllowedGET)).
'] are set', __FILE__, __LINE__);
404 $phpThumb->DebugTimingMessage(
'phpThumbDebug[4]', __FILE__, __LINE__);
405 if (isset(
$_GET[
'phpThumbDebug']) && (
$_GET[
'phpThumbDebug'] ==
'4')) {
414 if (preg_match(
'#^http\://[^\\?&]+\.(jpe?g|gif|png)$#i',
$phpThumb->src)) {
415 $phpThumb->DebugMessage(
'Passing HTTP source through directly as Location: redirect ('.
$phpThumb->src.
')', __FILE__, __LINE__);
423 if (
$phpThumb->getimagesizeinfo = @GetImageSize($SourceFilename)) {
424 $phpThumb->DebugMessage(
'Direct passthru GetImageSize() returned [w='.
$phpThumb->getimagesizeinfo[0].
';h='.
$phpThumb->getimagesizeinfo[1].
';t='.
$phpThumb->getimagesizeinfo[2].
']', __FILE__, __LINE__);
428 $phpThumb->DebugMessage(
'Passing "'.$SourceFilename.
'" through directly, no resizing required ("'.
$phpThumb->getimagesizeinfo[0].
'"x"'.
$phpThumb->getimagesizeinfo[1].
'")', __FILE__, __LINE__);
431 $phpThumb->DebugMessage(
'Passing "'.$SourceFilename.
'" through directly, no resizing required ("'.
$phpThumb->getimagesizeinfo[0].
'"x"'.
$phpThumb->getimagesizeinfo[1].
'" fits inside "'.@
$_GET[
'w'].
'"x"'.@
$_GET[
'h'].
'")', __FILE__, __LINE__);
433 $phpThumb->DebugMessage(
'Not passing "'.$SourceFilename.
'" through directly because resizing required (from "'.
$phpThumb->getimagesizeinfo[0].
'"x"'.
$phpThumb->getimagesizeinfo[1].
'" to "'.@
$_GET[
'w'].
'"x"'.@
$_GET[
'h'].
'")', __FILE__, __LINE__);
436 switch (
$phpThumb->getimagesizeinfo[2]) {
444 $phpThumb->DebugMessage(
'Not passing "'.$SourceFilename.
'" through directly because $phpThumb->getimagesizeinfo[2] = "'.
$phpThumb->getimagesizeinfo[2].
'"', __FILE__, __LINE__);
448 $ImageCreateFunctions = array(1=>
'ImageCreateFromGIF', 2=>
'ImageCreateFromJPEG', 3=>
'ImageCreateFromPNG');
449 $theImageCreateFunction = @$ImageCreateFunctions[
$phpThumb->getimagesizeinfo[2]];
450 if (
$phpThumb->config_disable_onlycreateable_passthru || (function_exists($theImageCreateFunction) && ($dummyImage = @$theImageCreateFunction($SourceFilename)))) {
453 if (@is_resource($dummyImage)) {
457 if (headers_sent()) {
458 $phpThumb->ErrorImage(
'Headers already sent ('.basename(__FILE__).
' line '.__LINE__.
')');
461 if (@
$_GET[
'phpThumbDebug']) {
462 $phpThumb->DebugTimingMessage(
'skipped direct $SourceFilename passthru', __FILE__, __LINE__);
463 $phpThumb->DebugMessage(
'Would have passed "'.$SourceFilename.
'" through directly, but skipping due to phpThumbDebug', __FILE__, __LINE__);
468 header(
'Last-Modified: '.gmdate(
'D, d M Y H:i:s', @filemtime($SourceFilename)).
' GMT');
470 header(
'Content-Type: '.$contentType);
472 @readfile($SourceFilename);
476 $phpThumb->DebugMessage(
'Not passing "'.$SourceFilename.
'" through directly because ($phpThumb->config_disable_onlycreateable_passthru = "'.
$phpThumb->config_disable_onlycreateable_passthru.
'") and '.$theImageCreateFunction.
'() failed', __FILE__, __LINE__);
481 $phpThumb->DebugMessage(
'Not passing "'.$SourceFilename.
'" through directly because GetImageSize() failed', __FILE__, __LINE__);
489 $phpThumb->DebugTimingMessage(
'phpThumbDebug[5]', __FILE__, __LINE__);
490 if (isset(
$_GET[
'phpThumbDebug']) && (
$_GET[
'phpThumbDebug'] ==
'5')) {
497 if (@is_readable(
$phpThumb->cache_filename)) {
500 $phpThumb->DebugMessage(
'Cached file "'.
$phpThumb->cache_filename.
'" does not exist, processing as normal', __FILE__, __LINE__);
505 $phpThumb->DebugTimingMessage(
'phpThumbDebug[6]', __FILE__, __LINE__);
506 if (isset(
$_GET[
'phpThumbDebug']) && (
$_GET[
'phpThumbDebug'] ==
'6')) {
515 } elseif (!empty(
$_GET[
'new'])) {
519 $phpThumb->ErrorImage(
'"w" and "h" parameters required for "new"');
521 @list($bghexcolor, $opacity) = explode(
'|',
$_GET[
'new']);
523 $phpThumb->ErrorImage(
'BGcolor parameter for "new" is not valid');
525 $opacity = (strlen($opacity) ? $opacity : 100);
527 $alpha = (100 - min(100, max(0, $opacity))) * 1.27;
529 $phpThumb->setParameter(
'is_alpha',
true);
530 ImageAlphaBlending(
$phpThumb->gdimg_source,
false);
531 ImageSaveAlpha(
$phpThumb->gdimg_source,
true);
541 $phpThumb->ErrorImage(
'Usage: '.
$_SERVER[
'PHP_SELF'].
'?src=/path/and/filename.jpg'.
"\n".
'read Usage comments for details');
543 } elseif (preg_match(
'#^(f|ht)tp\://#i',
$phpThumb->src)) {
545 $phpThumb->DebugMessage(
'$phpThumb->src ('.
$phpThumb->src.
') is remote image, attempting to download', __FILE__, __LINE__);
547 $phpThumb->DebugMessage(
'Setting "user_agent" to "'.
$phpThumb->config_http_user_agent.
'"', __FILE__, __LINE__);
548 ini_set(
'user_agent',
$phpThumb->config_http_user_agent);
551 $phpThumb->DebugMessage(
'CleanUpURLencoding('.
$phpThumb->src.
') returned "'.$cleanedupurl.
'"', __FILE__, __LINE__);
553 unset($cleanedupurl);
555 $phpThumb->DebugMessage(
'SafeURLread('.
$phpThumb->src.
') succeeded'.(
$error ?
' with messsages: "'.$error.
'"' :
''), __FILE__, __LINE__);
556 $phpThumb->DebugMessage(
'Setting source data from URL "'.
$phpThumb->src.
'"', __FILE__, __LINE__);
565 $phpThumb->DebugTimingMessage(
'phpThumbDebug[7]', __FILE__, __LINE__);
566 if (isset(
$_GET[
'phpThumbDebug']) && (
$_GET[
'phpThumbDebug'] ==
'7')) {
575 $phpThumb->DebugTimingMessage(
'phpThumbDebug[8]', __FILE__, __LINE__);
576 if (isset(
$_GET[
'phpThumbDebug']) && (
$_GET[
'phpThumbDebug'] ==
'8')) {
588 if (is_writable(dirname(
$phpThumb->cache_filename)) || (file_exists(
$phpThumb->cache_filename) && is_writable(
$phpThumb->cache_filename))) {
595 $phpThumb->DebugMessage(
'Failed: RenderToFile('.
$phpThumb->cache_filename.
')', __FILE__, __LINE__);
600 $phpThumb->DebugMessage(
'Cannot write to $phpThumb->cache_filename ('.
$phpThumb->cache_filename.
') because that directory ('.dirname(
$phpThumb->cache_filename).
') is not writable', __FILE__, __LINE__);
608 $phpThumb->DebugTimingMessage(
'phpThumbDebug[9]', __FILE__, __LINE__);
609 if (isset(
$_GET[
'phpThumbDebug']) && (
$_GET[
'phpThumbDebug'] ==
'9')) {
620 $phpThumb->DebugTimingMessage(
'phpThumbDebug[10]', __FILE__, __LINE__);
621 if (isset(
$_GET[
'phpThumbDebug']) && (
$_GET[
'phpThumbDebug'] ==
'10')) {