/** * Action that handles image requests */ public function imageAction() { // We would just print out the image, no need for the renderer $this->_helper->layout()->disableLayout(); $this->_helper->viewRenderer->setNoRender(true); // Getting request params $imageId = $this->getParam('id'); $ticket = $this->getParam('ticket'); $time = $this->getParam('time'); // Dropping request if params are not right or the image is too old if (!$imageId || !$ticket || !$time || $time < time()) { return $this->noContentAction(); } list($hashStr, $imgKey) = explode('_', $imageId); if (!$hashStr) { return $this->noContentAction(); } // Fetching the parent hash $hashDoc = new Unsee_Hash($hashStr); if (!$hashDoc) { return $this->noContentAction(); } // Fetching the image Redis hash $imgDoc = new Unsee_Image($hashDoc, $imgKey); if (!$imgDoc) { return $this->noContentAction(); } /** * Restricting image download also means that it has to requested by the page, e.g. no * direct access. Direct access means no referrer. */ if ($hashDoc->no_download && empty($_SERVER['HTTP_REFERER'])) { return $this->noContentAction(); } // Fetching ticket list for the hash, it should have a ticket for the requested image $ticketDoc = new Unsee_Ticket(); // Looks like a gatecrasher, no ticket and image is not allowed to be downloaded directly if (!$ticketDoc->isAllowed($imgDoc) && $hashDoc->no_download) { // Delete the ticket $ticketDoc->invalidate($imgDoc); return $this->noContentAction(); } else { // Delete the ticket $ticketDoc->invalidate($imgDoc); } // Watermark viewer's IP if required if ($hashDoc->watermark_ip && !Unsee_Session::isOwner($hashDoc)) { $imgDoc->watermark(); } // Embed comment if required $hashDoc->comment && $imgDoc->comment($hashDoc->comment); $this->getResponse()->setHeader('Content-type', $imgDoc->type); print $imgDoc->getImageContent(); // The hash itself was already outdated for one of the reasons. if (!$hashDoc->isViewable()) { // This means the image should not be avaiable, so delete it $imgDoc->delete(); } }