Esempio n. 1
$phpThumb = new phpThumb();
$phpThumb->DebugTimingMessage('phpThumb.php start', __FILE__, __LINE__, $starttime);
$phpThumb->SetParameter('config_error_die_on_error', true);
if (!phpthumb_functions::FunctionIsDisabled('set_time_limit')) {
    // shouldn't take nearly this long in most cases, but with many filters and/or a slow server...
// phpThumbDebug[0] used to be here, but may reveal too much
// info when high_security_mode should be enabled (not set yet)
if (file_exists(dirname(__FILE__) . '/phpThumb.config.php')) {
    if (include_once dirname(__FILE__) . '/phpThumb.config.php') {
        // great
    } else {
        $phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"');
} elseif (file_exists(dirname(__FILE__) . '/phpThumb.config.php.default')) {
    $phpThumb->ErrorImage('Please rename "phpThumb.config.php.default" to "phpThumb.config.php"');
} else {
    $phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"');
if (!@$PHPTHUMB_CONFIG['disable_pathinfo_parsing'] && (empty($_GET) || isset($_GET['phpThumbDebug'])) && !empty($_SERVER['PATH_INFO'])) {
    $_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', @$_SERVER['PHP_SELF']);
    $args = explode(';', substr($_SERVER['PATH_INFO'], 1));
    $phpThumb->DebugMessage('PATH_INFO.$args set to (' . implode(')(', $args) . ')', __FILE__, __LINE__);
    if (!empty($args)) {
        $_GET['src'] = @$args[count($args) - 1];
        $phpThumb->DebugMessage('PATH_INFO."src" = "' . $_GET['src'] . '"', __FILE__, __LINE__);
        if (preg_match('/^new\\=([a-z0-9]+)/i', $_GET['src'], $matches)) {
$phpThumb = new phpThumb();
$phpThumb->DebugTimingMessage('phpThumb.php start', __FILE__, __LINE__, $starttime);
// Debug output, to try and help me diagnose problems
$phpThumb->DebugTimingMessage('phpThumbDebug[0]', __FILE__, __LINE__);
if (@$_GET['phpThumbDebug'] == '0') {
if (file_exists(dirname(__FILE__) . '/phpThumb.config.php')) {
    if (include_once dirname(__FILE__) . '/phpThumb.config.php') {
        // great
    } else {
        $phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"');
} elseif (file_exists(dirname(__FILE__) . '/phpThumb.config.php.default')) {
    $phpThumb->ErrorImage('Please rename "phpThumb.config.php.default" to "phpThumb.config.php"');
} else {
    $phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"');
if (@$PHPTHUMB_CONFIG['high_security_enabled']) {
    if (!@$_GET['hash']) {
        $phpThumb->ErrorImage('ERROR: missing hash');
    } elseif (strlen($PHPTHUMB_CONFIG['high_security_password']) < 5) {
        $phpThumb->ErrorImage('ERROR: strlen($PHPTHUMB_CONFIG[high_security_password]) < 5');
    } elseif ($_GET['hash'] != md5(str_replace('&hash=' . $_GET['hash'], '', $_SERVER['QUERY_STRING']) . $PHPTHUMB_CONFIG['high_security_password'])) {
        $phpThumb->ErrorImage('ERROR: invalid hash');
Esempio n. 3
$phpThumb->SetParameter('config_error_die_on_error', true);
if (!phpthumb_functions::FunctionIsDisabled('set_time_limit')) {
    // shouldn't take nearly this long in most cases, but with many filters and/or a slow server...
// phpThumbDebug[0] used to be here, but may reveal too much
// info when high_security_mode should be enabled (not set yet)
if (file_exists(dirname(__FILE__) . '/phpThumb.config.php')) {
    if (include_once dirname(__FILE__) . '/phpThumb.config.php') {
        // great
    } else {
        $phpThumb->config_disable_debug = false;
        // otherwise error message won't print
        $phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"');
} elseif (file_exists(dirname(__FILE__) . '/phpThumb.config.php.default')) {
    $phpThumb->config_disable_debug = false;
    // otherwise error message won't print
    $phpThumb->ErrorImage('Please rename "phpThumb.config.php.default" to "phpThumb.config.php"');
} else {
    $phpThumb->config_disable_debug = false;
    // otherwise error message won't print
    $phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"');
if (empty($PHPTHUMB_CONFIG['disable_pathinfo_parsing']) && (empty($_GET) || isset($_GET['phpThumbDebug'])) && !empty($_SERVER['PATH_INFO'])) {
    $_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', @$_SERVER['PHP_SELF']);
    $args = explode(';', substr($_SERVER['PATH_INFO'], 1));
    $phpThumb->DebugMessage('PATH_INFO.$args set to (' . implode(')(', $args) . ')', __FILE__, __LINE__);
if (!empty($SQLquery)) {
    // change this information to match your server
    $server = 'localhost';
    $username = '******';
    $password = '******';
    $database = 'database';
    if ($cid = @mysql_connect($server, $username, $password)) {
        if (@mysql_select_db($database, $cid)) {
            if ($result = mysql_query($SQLquery, $cid)) {
                if ($row = @mysql_fetch_array($result)) {
                    $phpThumb->rawImageData = $row[0];
                } else {
                    $phpThumb->ErrorImage('no matching data in database.');
                    //$phpThumb->ErrorImage('no matching data in database. MySQL said: "'.mysql_error($cid).'"');
            } else {
                $phpThumb->ErrorImage('Error in MySQL query: "' . mysql_error($cid) . '"');
        } else {
            $phpThumb->ErrorImage('cannot select MySQL database');
    } else {
        $phpThumb->ErrorImage('cannot connect to MySQL server');
} elseif (empty($_REQUEST['src'])) {
    $phpThumb->ErrorImage('Usage: ' . $_SERVER['PHP_SELF'] . '?src=/path/and/filename.jpg' . "\n" . 'read Usage comments for details');
} elseif (substr(strtolower(@$phpThumb->src), 0, 7) == 'http://') {
 static function ImageCreateFunction($x_size, $y_size)
     $ImageCreateFunction = 'ImageCreate';
     if (phpThumb_functions::gd_version() >= 2.0) {
         $ImageCreateFunction = 'ImageCreateTrueColor';
     if (!function_exists($ImageCreateFunction)) {
         return phpThumb::ErrorImage($ImageCreateFunction . '() does not exist - no GD support?');
     if ($x_size <= 0 || $y_size <= 0) {
         return phpThumb::ErrorImage('Invalid image dimensions: ' . $ImageCreateFunction . '(' . $x_size . ', ' . $y_size . ')');
     return $ImageCreateFunction(round($x_size), round($y_size));
    die('failed to include_once("' . realpath('phpthumb.class.php') . '")');
$phpThumb = new phpThumb();
foreach ($PHPTHUMB_CONFIG as $key => $value) {
    $keyname = 'config_' . $key;
    $phpThumb->{$keyname} = $value;
// Debug output, to try and help me diagnose problems
if (@$_GET['phpThumbDebug'] == '1') {
$parsed_url_referer = parse_url(@$_SERVER['HTTP_REFERER']);
if ($phpThumb->config_nooffsitelink_require_refer && !in_array(@$parsed_url_referer['host'], $phpThumb->config_nohotlink_valid_domains)) {
    $phpThumb->ErrorImage('config_nooffsitelink_require_refer enabled and ' . (@$parsed_url_referer['host'] ? '"' . $parsed_url_referer['host'] . '" is not an allowed referer' : 'no HTTP_REFERER exists'));
$parsed_url_src = parse_url(@$_GET['src']);
if ($phpThumb->config_nohotlink_enabled && $phpThumb->config_nohotlink_erase_image && eregi('^(f|ht)tp[s]?://', @$_GET['src']) && !in_array(@$parsed_url_src['host'], $phpThumb->config_nohotlink_valid_domains)) {
// You may want to pull data from a database rather than a physical file
// If so, uncomment the following $SQLquery line (modified to suit your database)
// Note: this must be the actual binary data of the image, not a URL or filename
// see for a brief tutorial on this section
//$SQLquery = 'SELECT `picture` FROM `products` WHERE (`id` = \''.mysql_escape_string(@$_GET['id']).'\')';
if (@$SQLquery) {
    // change this information to match your server
    $hostname = 'localhost';
    $username = '******';