2019-02-27 15:46:18 +01:00
|
|
|
<?php
|
2019-09-29 00:43:51 +02:00
|
|
|
namespace Misuzu;
|
|
|
|
|
|
2019-12-04 00:45:34 +01:00
|
|
|
use Misuzu\Imaging\Image;
|
2020-05-14 22:18:39 +00:00
|
|
|
use Misuzu\Users\User;
|
2020-05-18 21:27:34 +00:00
|
|
|
use Misuzu\Users\UserNotFoundException;
|
2019-10-02 21:02:22 +02:00
|
|
|
|
2019-03-18 23:02:30 +01:00
|
|
|
$userAssetsMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : '';
|
2019-02-27 15:46:18 +01:00
|
|
|
$misuzuBypassLockdown = $userAssetsMode === 'avatar';
|
|
|
|
|
|
|
|
|
|
require_once '../misuzu.php';
|
|
|
|
|
|
2020-05-18 21:27:34 +00:00
|
|
|
try {
|
|
|
|
|
$userInfo = User::byId((int)filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT));
|
|
|
|
|
$userExists = true;
|
|
|
|
|
} catch(UserNotFoundException $ex) {
|
|
|
|
|
$userExists = false;
|
|
|
|
|
}
|
|
|
|
|
$userId = $userExists ? $userInfo->getId() : 0;
|
2019-02-27 15:46:18 +01:00
|
|
|
|
|
|
|
|
$canViewImages = !$userExists
|
2020-06-01 00:33:16 +00:00
|
|
|
|| !$userInfo->isBanned()
|
2019-02-27 15:46:18 +01:00
|
|
|
|| (
|
2019-02-28 22:52:39 +01:00
|
|
|
parse_url($_SERVER['HTTP_REFERER'] ?? '', PHP_URL_PATH) === url('user-profile')
|
2020-05-25 19:58:06 +00:00
|
|
|
&& perms_check_user(MSZ_PERMS_USER, User::hasCurrent() ? User::getCurrent()->getId() : 0, MSZ_PERM_USER_MANAGE_USERS)
|
2019-02-27 15:46:18 +01:00
|
|
|
);
|
|
|
|
|
|
2020-06-05 15:14:08 +00:00
|
|
|
$isFound = true;
|
|
|
|
|
|
2019-06-10 19:04:53 +02:00
|
|
|
switch($userAssetsMode) {
|
2019-02-27 15:46:18 +01:00
|
|
|
case 'avatar':
|
2020-06-05 15:14:08 +00:00
|
|
|
$isFound = false;
|
2019-06-10 19:04:53 +02:00
|
|
|
if(!$canViewImages) {
|
2020-06-05 15:14:08 +00:00
|
|
|
$filename = Config::get('avatar.banned', Config::TYPE_STR, '/images/banned-avatar.png');
|
2019-02-27 15:46:18 +01:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-05 15:14:08 +00:00
|
|
|
$filename = Config::get('avatar.default', Config::TYPE_STR, '/images/no-avatar.png');
|
2019-02-27 15:46:18 +01:00
|
|
|
|
2020-06-05 13:09:06 +00:00
|
|
|
if(!$userExists)
|
2019-02-27 15:46:18 +01:00
|
|
|
break;
|
|
|
|
|
|
2019-03-25 21:11:31 +01:00
|
|
|
$dimensions = MSZ_USER_AVATAR_RESOLUTION_DEFAULT;
|
2020-06-05 13:09:06 +00:00
|
|
|
if(isset($_GET['r']) && is_string($_GET['r']) && ctype_digit($_GET['r']))
|
2019-03-25 21:11:31 +01:00
|
|
|
$dimensions = user_avatar_resolution_closest((int)$_GET['r']);
|
|
|
|
|
|
2019-02-27 15:46:18 +01:00
|
|
|
$avatarFilename = sprintf('%d.msz', $userId);
|
2019-03-25 21:11:31 +01:00
|
|
|
$avatarOriginal = sprintf('%s/avatars/original/%s', MSZ_STORAGE, $avatarFilename);
|
|
|
|
|
|
2019-06-10 19:04:53 +02:00
|
|
|
if($dimensions === MSZ_USER_AVATAR_RESOLUTION_ORIGINAL) {
|
2019-03-25 21:11:31 +01:00
|
|
|
$filename = $avatarOriginal;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-27 15:46:18 +01:00
|
|
|
$avatarStorage = sprintf('%1$s/avatars/%2$dx%2$d', MSZ_STORAGE, $dimensions);
|
|
|
|
|
$avatarCropped = sprintf('%s/%s', $avatarStorage, $avatarFilename);
|
2020-06-05 13:09:06 +00:00
|
|
|
$fileDisposition = sprintf('avatar-%d-%2$dx%2$d', $userId, $dimensions);
|
2019-02-27 15:46:18 +01:00
|
|
|
|
2019-06-10 19:04:53 +02:00
|
|
|
if(is_file($avatarCropped)) {
|
2020-06-05 15:20:07 +00:00
|
|
|
$isFound = true;
|
2019-02-27 15:46:18 +01:00
|
|
|
$filename = $avatarCropped;
|
|
|
|
|
} else {
|
2019-06-10 19:04:53 +02:00
|
|
|
if(is_file($avatarOriginal)) {
|
2020-06-05 15:20:07 +00:00
|
|
|
$isFound = true;
|
2019-02-27 15:46:18 +01:00
|
|
|
try {
|
|
|
|
|
mkdirs($avatarStorage, true);
|
|
|
|
|
|
2019-12-04 00:45:34 +01:00
|
|
|
$avatarImage = Image::create($avatarOriginal);
|
|
|
|
|
$avatarImage->squareCrop($dimensions);
|
|
|
|
|
$avatarImage->save($filename = $avatarCropped);
|
2019-06-10 19:04:53 +02:00
|
|
|
} catch(Exception $ex) {}
|
2019-02-27 15:46:18 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'background':
|
2020-06-05 13:09:06 +00:00
|
|
|
if(!$canViewImages && !$userExists)
|
2019-02-27 15:46:18 +01:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
$backgroundStorage = sprintf('%s/backgrounds/original', MSZ_STORAGE);
|
2020-06-05 13:09:06 +00:00
|
|
|
$fileDisposition = sprintf('background-%d', $userId);
|
2019-02-27 15:46:18 +01:00
|
|
|
$filename = sprintf('%s/%d.msz', $backgroundStorage, $userId);
|
|
|
|
|
mkdirs($backgroundStorage, true);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-05 15:14:08 +00:00
|
|
|
if($isFound && (empty($filename) || !is_file($filename))) {
|
2019-02-27 15:46:18 +01:00
|
|
|
http_response_code(404);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-05 15:14:08 +00:00
|
|
|
$contentType = mime_content_type($isFound ? $filename : (MSZ_ROOT . '/public' . $filename));
|
2019-03-25 21:20:35 +01:00
|
|
|
|
2020-06-05 13:09:06 +00:00
|
|
|
header(sprintf('X-Accel-Redirect: %s', str_replace(MSZ_STORAGE, '/msz-storage', $filename)));
|
|
|
|
|
header(sprintf('Content-Type: %s', $contentType));
|
|
|
|
|
if(isset($fileDisposition))
|
|
|
|
|
header(sprintf('Content-Disposition: inline; filename="%s.%s"', $fileDisposition, explode('/', $contentType)[1]));
|
