mpalasis, osC2.3.1 product_thumb.php from contrib 8104

<?php

// This is "On the Fly Thumbnailer with Caching Option" by Pallieter Koopmans.
// Based on Marcello Colaruotolo (1.5.1) which builds upon Nathan Welch (1.5)
// and Roberto Ghizzi. With improvements by @Quest WebDesign, http://atQuest.nl/,
// Martijn Loeffen (browser-caching and thumbnail-cache-dir) and Richard Burford
// aka psynaptic (admin control and documentation)
//
// Modified 2012-05-02 by mpalasis. (block '..' in paths, lock users into the DIR_WS_IMAGES folder,
// make varnames clearer, modify modify_tn_path, remove unneeded calls to modify_tn_path)
//
// Scales product images dynamically, resulting in smaller file sizes, and keeps
// proper image ratio.
//
// Used in conjunction with modified tep_image in html_output.php (see: readme.html).
// get config values from the database
require('includes/configure.php'); // include server parameters
$server = DB_SERVER;
$username = DB_SERVER_USERNAME;
$password = DB_SERVER_PASSWORD;
$database = DB_DATABASE;
$connect = @mysql_connect($server, $username, $password) or http_headers('', 'Error,Database Connection');
@mysql_select_db($database, $connect) or http_headers('', 'Error,Database Connection');
$query = "select configuration_key as cfgKey, configuration_value as cfgValue from configuration where configuration_group_id='100'";
$output = @mysql_query($query, $connect) or http_headers('', 'Error,Database Connection');
while ($row = @mysql_fetch_array($output)) {
  define($row['cfgKey'], $row['cfgValue']);
}

// CONFIGURATION SETTINGS
//
// Server cache directory. Set the value below to true to generate resampled thumbnails
// resulting in smoother-looking images. Not supported in GD ver. < 2.01
$use_resampling = true;
if (THUMBNAIL_USE_RESAMPLING === 'false') {
  $use_resampling = false;
}
//
// Create True Color Thumbnails? Better quality overall but set to false if you
// have GD version < 2.01 or if creating transparent thumbnails.
$use_truecolor = true;
if (THUMBNAIL_TRUE_COLOUR === 'false') {
  $use_truecolor = false;
}
//
// Output GIFs as JPEGS? Set this option to true if you have GD version > 1.6
// and want to output GIF thumbnails as JPGs instead of GIFs or PNGs. Note that your
// GIF transparencies will not be retained in the thumbnail if you output them
// as JPGs. If you have GD Library < 1.6 with GIF create support, GIFs will
// be output as GIFs. Set the "matte" color below if setting this option to true.
$gif_as_jpeg = false;
if (THUMBNAIL_OUTPUT_JPEG === 'true') {
  $gif_as_jpeg = true;
}
//
// Cache Images on the server? Set to true if you want to save requested thumbnails
// on disk. This will add to disk space but will save your processor from having to
// create the thumbnail for every visitor.
$tn_server_cache = true;
if (THUMBNAIL_CACHE_SERVER === 'false') {
  $tn_server_cache = false;
}
//
// Thumbnail Path. If server-caching is enabled, specify a sub-directory
// where the thumbnails should be kept. Use '' for the default images-directory,
// which is /catalog/images/
// Note: Make sure this path actually exists as a subdirectory and is writeable!
$tn_path = THUMBNAIL_PATH; // The default is 'thumbnails/', should be chmod 777
//
// Cache Images in Browser-Cache? Set to true if you want browsers to be able to
// cache viewed thumbnails in their own cache. This will save bandwidth for every
// visitor that views the same thumbnail again. The default is true
$tn_browser_cache = true;
if (THUMBNAIL_CACHE_BROWSER === 'false') {
  $tn_browser_cache = false;
}
//
// Send a 404 http response when an image is not found
// If set to false, will show a small error-image (as in version < 2.0.0)
$use404 = true; // The default is true
//
// Define RGB Color Value for background matte color if outputting GIFs as JPEGs
// Example: white is r=255, b=255, g=255; black is r=0, b=0, g=0; red is r=255, b=0, g=0;
$tn_colours = explode(",", THUMBNAIL_BACKGROUND_MATTE);
$r = $tn_colours[0];
$g = $tn_colours[1];
$b = $tn_colours[2];
//
// Allow the creation of thumbnail images that are larger than the original images:
$allow_larger = false;
if (THUMBNAIL_ALLOW_LARGER === 'true') {
  $allow_larger = true;
}
//
// If allow_larger is set to false, you can opt to output the original image:
// Better leave it true if you want pixel_trans_* to work as expected
$show_original = true;
if (THUMBNAIL_SHOW_ORIGINAL == 'false') {
  $show_original = false;
}
//
// Set jpeg compression quality for resampled images.
$jpeg_quality = THUMBNAIL_JPEG_COMPRESSION; // The default is 100.
// END CONFIGURATION SETTINGS
//
// Note: In order to manually debug this script, you might want to comment
// some header() lines -- otherwise no output is shown.
// reverse strrchr(), taken from http://nl2.php.net/manual/en/function.strrchr.php

function reverse_strrchr($haystack, $needle) {
  return strrpos($haystack, $needle)
          ? substr($haystack, 0, strrpos($haystack, $needle) + 1)
          : false;
}

function modify_tn_path($file) {
  global $tn_path;

  if ($tn_path == '')
    return $file;
  else {
    return $tn_path . $file;
  }
}

function http_headers($file = '') {
  //
  // This function supports the use of browser-caching (optional)
  //
    // A 304 (Not Modified) will be sent when the thumbnail has not changed
  //       since the time it was last cached by the client
  // A 200 (OK) will be sent when the thumbnail was not cached by the client
  //       or when the thumbnail was cached but changed afterwards
  // A 404 (Not Found) will be sent when the thumbnail is not found (optional)
  global $use404, $tn_browser_cache, $jpeg_quality, $w, $h;

  if (isset($_SERVER["SERVER_PROTOCOL"]) && $_SERVER["SERVER_PROTOCOL"] == "HTTP/1.1")
    $httpProtocol = "HTTP/1.1";
  else
    $httpProtocol = "HTTP/1.0";

  if (is_readable($file)) {

    if (isset($_SERVER["HTTP_CACHE_CONTROL"])) {
      $tn_browser_cache = strtolower($_SERVER["HTTP_CACHE_CONTROL"]) == "no-cache"
              ? false
              : $tn_browser_cache;
    }

    //Build our entity tag, which is "inode-lastmodtime-filesize"
    $lastModified = filemtime($file);
    $lastModifiedGMT = $lastModified - date('Z');
    $lastModifiedHttpFormat = gmstrftime("%a, %d %b %Y %T %Z", $lastModified);
    // Don't use inode in eTag when you have multiple webservers, instead I use a dummy value (1fa44b7)
    $eTag = '"1fa44b7-' . dechex(filesize($file)) . "-" . dechex($lastModifiedGMT) . '"';

    if ($tn_browser_cache) {

      $lastModifiedFromHttp = "xxx";
      if (isset($_SERVER["HTTP_IF_MODIFIED_SINCE"])) {
        $lastModifiedFromHttp = ($_SERVER["HTTP_IF_MODIFIED_SINCE"] === "")
                ? "xxx"
                : $_SERVER["HTTP_IF_MODIFIED_SINCE"];
      }

      // Read sent eTag by browser
      $foundETag = "";
      if (isset($_SERVER["HTTP_IF_NONE_MATCH"])) {
        $foundETag = stripslashes($_SERVER["HTTP_IF_NONE_MATCH"]);
      }

      // Last Modification Time
      if ($lastModifiedFromHttp == $lastModifiedHttpFormat) {
        $sameLastModified = true;
      } elseif (strpos($lastModifiedFromHttp, $lastModifiedHttpFormat) !== false) {
        $sameLastModified = true;
      } else {
        $sameLastModified = false;
      }

      if (($eTag == $foundETag) && $sameLastModified) {
        // same eTag and Last Modification Time (e.g. with Firefox)
        $is304 = true;
      }
      else
      // no eTag supplied, but Last Modification Time is unchanged (e.g. with IE 6.0)
        $is304 = (($foundETag == "") && $sameLastModified);

      if ($is304) {
        //
        // They already have an up to date copy so tell them
        if ($lastModifiedGMT > 946080000) {        // 946080000 = Dec 24, 1999 4PM
          // only send if valid eTag
          header("ETag: " . $eTag);
        }
        header("Status: 304 Not Modified");
        header($httpProtocol . " 304 Not Modified");
        header("Connection: close");
        exit();
      }
    }

    //
    // We have to send them the whole page
    header('Pragma: ');
    header('Expires: ');
    if ($tn_browser_cache) {
      if ($lastModifiedGMT > 946080000) {        // 946080000 = Dec 24, 1999 4PM
        header('ETag: ' . $eTag);
      }
      header('Last-Modified: ' . $lastModifiedHttpFormat);
      header('Cache-Control: private');
    } else {
      header('Cache-Control: no-cache');
    }
  } else {
    if ($use404) {
      //
      // send them a 404 http response header
      header("TEST404: TEST404");
      header("Status: 404 Not Found");
      header($httpProtocol . " 404 Not Found");
      exit();
    } else {
      //
      // show a custom error-image (non-cacheable by the browser)
      header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in the past
      header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // Always modified
      header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1
      header("Cache-Control: post-check=0, pre-check=0", false);  // HTTP/1.1
      header("Pragma: no-cache");          // HTTP/1.0
      header('Content-type: image/jpeg');
      $src = imagecreate($w, $h);      // Create a blank image.
      $bgc = imagecolorallocate($src, 255, 255, 255);
      $tc = imagecolorallocate($src, 0, 0, 0);
      imagefilledrectangle($src, 0, 0, $w, $h, $bgc);
      imagestring($src, 1, 5, 5, 'Error', $tc);
      imagejpeg($src, '', $jpeg_quality);
      imagedestroy($src);
      exit();
    }
  }
}

/**
 * The FS path to...
 */
$FS_img = $_GET['img']; // the source image
$FS_thumb = ''; // the thumbnail
//paranoia is good.
$FS_img = str_replace ( "../", "/", $FS_img); // don't permit goind 'up' (replace '../' with '/')

/**
 * The WS path (relative to docroot?) to... (see also: $use_fs_paths)
 */
$WS_img = $FS_img; // the source image (this is sent to modify_tn_path)
$WS_thumb = ''; // the thumbnail

/* more paranoia:
 * allow usage of exact paths on the url, ie product_thumb.php?img=/images/foo/bar.jpg
 * but ONLY for the DIR_WS_IMAGES folder.
 * allow usage of relative paths on the url, ie product_thumb.php?img=images/foo/bar.jpg
 * but ONLY for the DIR_WS_IMAGES folder.
 * ignore any other requests.
 */
$use_fs_paths = true; //turn this into a configuration setting?...
if ($use_fs_paths) {
  if (substr_compare($FS_img, '/', 0, 1) === 0) {
    if (substr_compare($FS_img, DIR_WS_IMAGES, 1, strlen(DIR_WS_IMAGES)) !== 0) {
      exit(1);
    }
  } elseif (substr_compare($FS_img, DIR_WS_IMAGES, 0, strlen(DIR_WS_IMAGES)) !== 0) {
    exit(2);
  }

  $FS_img = DIR_FS_CATALOG . $FS_img;
}

$FS_img = preg_replace('/\/\//', '/', $FS_img); // cleanup consecutive slashes
$WS_img = preg_replace('/\/\//', '/', $WS_img); // cleanup consecutive slashes

$w = (int) $_GET['w'];
$h = (int) $_GET['h'];

// check that the file exists and is world-readable
if (!is_readable($FS_img) || !(fileperms($FS_img) & 0x0004)) { // http://php.net/manual/en/function.fileperms.php
  exit(3);
}

// Get the size of the image:
$image = @getimagesize($FS_img);

// Check the input variables and decide what to do:
if (empty($image) || empty($_GET['w']) || empty($_GET['h'])
        || (empty($allow_larger) && ($w > $image[0] || $h > $image[1]))) {
  if (empty($image) || empty($show_original)) {
    http_headers();
  } else {
    // 2Do: Return the original image w/o making a copy (as that is what we currently do):
//  $_GET['w'] = $image[0];
//  $_GET['h'] = $image[1];
  }
}


// Create appropriate image header:
if ($image[2] == 2 || ($image[2] == 1 && $gif_as_jpeg)) {
  header('Content-type: image/jpeg');
  if ($tn_server_cache)
    $WS_thumb = modify_tn_path($WS_img . '.thumb_' . $w . 'x' . $h . '.jpg');
}
elseif ($image[2] == 1 && function_exists('imagegif')) {
  header('Content-type: image/gif');
  if ($tn_server_cache)
    $WS_thumb = modify_tn_path($WS_img . '.thumb_' . $w . 'x' . $h . '.gif');
}
elseif ($image[2] == 3 || $image[2] == 1) {
  header('Content-type: image/png');
  if ($tn_server_cache)
    $WS_thumb = modify_tn_path($WS_img . '.thumb_' . $w . 'x' . $h . '.png');
}

if ($tn_server_cache) {
  $FS_thumb = $WS_thumb;
  if ($use_fs_paths) {
    $FS_thumb = DIR_FS_CATALOG . $FS_thumb;
  }
}

// If you are required to set the full path for file_exists(), set this:
// $filename = '/your/path/to/catalog/'.$filename;
// Protect against visitors resizing images at will and eating up your server resources (only allows images up to 4x the original).
if ($w < $image[0] * 4 && $h < $image[1] * 4) {

  if (is_readable($FS_thumb) && $tn_server_cache && filemtime($FS_thumb) > filemtime($FS_img)) {
    // Output Cache Headers
    http_headers($FS_thumb);

    ////// imagejpeg(), imagegif(), imagepng() will output the raw image stream if the second parameter is null
    if ($image[2] == 2 || ($image[2] == 1 && $gif_as_jpeg)) {
      $thumb_resource = imagecreatefromjpeg($FS_thumb);
      imagejpeg($thumb_resource, '', $jpeg_quality);
    } elseif ($image[2] == 1 && function_exists('imagegif')) {
      $thumb_resource = imagecreatefromgif($FS_thumb);
      imagegif($thumb_resource);
    } elseif ($image[2] == 3 || $image[2] == 1) {
      $thumb_resource = imagecreatefrompng($FS_thumb);
      imagepng($thumb_resource);
    } else {
      // Not an image or imagecreatefrom...-function does not exits.
      // Let's output an error
      http_headers();
    }
  } else {
    // create thumbnail directory if not exist.
    //$tmp_path = str_replace(basename($filename), '', $filename);
    $FS_path = dirname($FS_thumb);
    if (is_dir($FS_path) == false) {
      if (!mkdir($FS_path, 0755, true)) { // recursively create path to thumbnail
        exit(4);
      }
    }
    // Create a new, empty image based on settings:
    if (function_exists('imagecreatetruecolor') && $use_truecolor && ($image[2] == 2 || $image[2] == 3)) {
      $thumb_resource = imagecreatetruecolor($w, $h);
    } else {
      $thumb_resource = imagecreate($w, $h);
    }

    $th_bg_color = imagecolorallocate($thumb_resource, $r, $g, $b);

    imagefill($thumb_resource, 0, 0, $th_bg_color);
    imagecolortransparent($thumb_resource, $th_bg_color);

    // Create the image to be scaled:
    if ($image[2] == 2 && function_exists('imagecreatefromjpeg')) {
      $src_resource = imagecreatefromjpeg($FS_img);
    } elseif ($image[2] == 1 && function_exists('imagecreatefromgif')) {
      $src_resource = imagecreatefromgif($FS_img);
    } elseif (($image[2] == 3 || $image[2] == 1) && function_exists('imagecreatefrompng')) {
      $src_resource = imagecreatefrompng($FS_img);
    } else {
      // Not an image or imagecreatefrom...-function does not exist.
      // Let's output an error
      http_headers();
    }

    // Scale the image based on settings:
    if (empty($allow_larger) && ($w > $image[0] || $h > $image[1])) {
      // existing image is smaller than thumbnail so create the thumbnail
      // with the smaller original image centred on it
      $dx = ($w - $image[0]) / 2;
      $dy = ($h - $image[1]) / 2;
      imagecopy($thumb_resource, $src_resource, $dx, $dy, 0, 0, $image[0], $image[1]);
    } elseif (function_exists('imagecopyresampled') && $use_resampling) {
      imagecopyresampled($thumb_resource, $src_resource, 0, 0, 0, 0, $w, $h, $image[0], $image[1]);
    } else {
      imagecopyresized($thumb_resource, $src_resource, 0, 0, 0, 0, $w, $h, $image[0], $image[1]);
    }

    // Clear the image from memory:
    imagedestroy($src_resource);

    // Output the image:
    if ($image[2] == 2 || ($image[2] == 1 && $gif_as_jpeg)) {
      if ($tn_server_cache) {
        imagejpeg($thumb_resource, $FS_thumb, $jpeg_quality); //store the thumbnail
        http_headers($FS_thumb);
      } else {
        http_headers($FS_img);
      }
      //Uhmm, I'm sure this could probably be improved, but leave it for now
      imagejpeg($thumb_resource, '', $jpeg_quality); //output the thumbnail to the browser
    } elseif ($image[2] == 1 && function_exists('imagegif')) {
      if ($tn_server_cache) {
        imagegif($thumb_resource, $FS_thumb); //store the thumbnail
        http_headers($FS_thumb);
      } else {
        http_headers($FS_img);
      }
      imagegif($thumb_resource); //output the thumbnail to the browser
    } elseif ($image[2] == 3 || $image[2] == 1) {
      if ($tn_server_cache) {
        imagepng($thumb_resource, $FS_thumb); //store the thumbnail
        http_headers($FS_thumb);
      } else {
        http_headers($FS_img);
      }
      imagepng($thumb_resource); //output the thumbnail to the browser
    } else {
      // Not an image or image...-function not supported
      // Let's output an error:
      http_headers();
    }

  }
  // Clear the thumb from memory: (not really needed here since after this normally is the EOF.)
  imagedestroy($thumb_resource);
}
?>