$phpThumb = new phpThumb();
$phpThumb->DebugTimingMessage('phpThumb.php start', __FILE__, __LINE__, $starttime);
$phpThumb->SetParameter('config_error_die_on_error', true);
if (!phpthumb_functions::FunctionIsDisabled('set_time_limit')) {
set_time_limit(60);
// shouldn't take nearly this long in most cases, but with many filters and/or a slow server...
}
// phpThumbDebug[0] used to be here, but may reveal too much
// info when high_security_mode should be enabled (not set yet)
if (file_exists(dirname(__FILE__) . '/phpThumb.config.php')) {
ob_start();
if (include_once dirname(__FILE__) . '/phpThumb.config.php') {
// great
} else {
ob_end_flush();
$phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"');
}
ob_end_clean();
} elseif (file_exists(dirname(__FILE__) . '/phpThumb.config.php.default')) {
$phpThumb->ErrorImage('Please rename "phpThumb.config.php.default" to "phpThumb.config.php"');
} else {
$phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"');
}
if (!@$PHPTHUMB_CONFIG['disable_pathinfo_parsing'] && (empty($_GET) || isset($_GET['phpThumbDebug'])) && !empty($_SERVER['PATH_INFO'])) {
$_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', @$_SERVER['PHP_SELF']);
$args = explode(';', substr($_SERVER['PATH_INFO'], 1));
$phpThumb->DebugMessage('PATH_INFO.$args set to (' . implode(')(', $args) . ')', __FILE__, __LINE__);
if (!empty($args)) {
$_GET['src'] = @$args[count($args) - 1];
$phpThumb->DebugMessage('PATH_INFO."src" = "' . $_GET['src'] . '"', __FILE__, __LINE__);
if (preg_match('/^new\\=([a-z0-9]+)/i', $_GET['src'], $matches)) {
$phpThumb = new phpThumb();
$phpThumb->DebugTimingMessage('phpThumb.php start', __FILE__, __LINE__, $starttime);
////////////////////////////////////////////////////////////////
// Debug output, to try and help me diagnose problems
$phpThumb->DebugTimingMessage('phpThumbDebug[0]', __FILE__, __LINE__);
if (@$_GET['phpThumbDebug'] == '0') {
$phpThumb->phpThumbDebug();
}
////////////////////////////////////////////////////////////////
if (file_exists(dirname(__FILE__) . '/phpThumb.config.php')) {
ob_start();
if (include_once dirname(__FILE__) . '/phpThumb.config.php') {
// great
} else {
ob_end_flush();
$phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"');
}
ob_end_clean();
} elseif (file_exists(dirname(__FILE__) . '/phpThumb.config.php.default')) {
$phpThumb->ErrorImage('Please rename "phpThumb.config.php.default" to "phpThumb.config.php"');
} else {
$phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"');
}
if (@$PHPTHUMB_CONFIG['high_security_enabled']) {
if (!@$_GET['hash']) {
$phpThumb->ErrorImage('ERROR: missing hash');
} elseif (strlen($PHPTHUMB_CONFIG['high_security_password']) < 5) {
$phpThumb->ErrorImage('ERROR: strlen($PHPTHUMB_CONFIG[high_security_password]) < 5');
} elseif ($_GET['hash'] != md5(str_replace('&hash=' . $_GET['hash'], '', $_SERVER['QUERY_STRING']) . $PHPTHUMB_CONFIG['high_security_password'])) {
$phpThumb->ErrorImage('ERROR: invalid hash');
}
$phpThumb->SetParameter('config_error_die_on_error', true);
if (!phpthumb_functions::FunctionIsDisabled('set_time_limit')) {
set_time_limit(60);
// shouldn't take nearly this long in most cases, but with many filters and/or a slow server...
}
// phpThumbDebug[0] used to be here, but may reveal too much
// info when high_security_mode should be enabled (not set yet)
if (file_exists(dirname(__FILE__) . '/phpThumb.config.php')) {
ob_start();
if (include_once dirname(__FILE__) . '/phpThumb.config.php') {
// great
} else {
ob_end_flush();
$phpThumb->config_disable_debug = false;
// otherwise error message won't print
$phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"');
}
ob_end_clean();
} elseif (file_exists(dirname(__FILE__) . '/phpThumb.config.php.default')) {
$phpThumb->config_disable_debug = false;
// otherwise error message won't print
$phpThumb->ErrorImage('Please rename "phpThumb.config.php.default" to "phpThumb.config.php"');
} else {
$phpThumb->config_disable_debug = false;
// otherwise error message won't print
$phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"');
}
if (empty($PHPTHUMB_CONFIG['disable_pathinfo_parsing']) && (empty($_GET) || isset($_GET['phpThumbDebug'])) && !empty($_SERVER['PATH_INFO'])) {
$_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', @$_SERVER['PHP_SELF']);
$args = explode(';', substr($_SERVER['PATH_INFO'], 1));
$phpThumb->DebugMessage('PATH_INFO.$args set to (' . implode(')(', $args) . ')', __FILE__, __LINE__);
if (!empty($SQLquery)) {
// change this information to match your server
$server = 'localhost';
$username = '******';
$password = '******';
$database = 'database';
if ($cid = @mysql_connect($server, $username, $password)) {
if (@mysql_select_db($database, $cid)) {
if ($result = mysql_query($SQLquery, $cid)) {
if ($row = @mysql_fetch_array($result)) {
mysql_free_result($result);
mysql_close($cid);
$phpThumb->rawImageData = $row[0];
unset($row);
} else {
$phpThumb->ErrorImage('no matching data in database.');
//$phpThumb->ErrorImage('no matching data in database. MySQL said: "'.mysql_error($cid).'"');
}
} else {
$phpThumb->ErrorImage('Error in MySQL query: "' . mysql_error($cid) . '"');
}
} else {
$phpThumb->ErrorImage('cannot select MySQL database');
}
} else {
$phpThumb->ErrorImage('cannot connect to MySQL server');
}
} elseif (empty($_REQUEST['src'])) {
$phpThumb->ErrorImage('Usage: ' . $_SERVER['PHP_SELF'] . '?src=/path/and/filename.jpg' . "\n" . 'read Usage comments for details');
} elseif (substr(strtolower(@$phpThumb->src), 0, 7) == 'http://') {
ob_start();
static function ImageCreateFunction($x_size, $y_size)
{
$ImageCreateFunction = 'ImageCreate';
if (phpThumb_functions::gd_version() >= 2.0) {
$ImageCreateFunction = 'ImageCreateTrueColor';
}
if (!function_exists($ImageCreateFunction)) {
return phpThumb::ErrorImage($ImageCreateFunction . '() does not exist - no GD support?');
}
if ($x_size <= 0 || $y_size <= 0) {
return phpThumb::ErrorImage('Invalid image dimensions: ' . $ImageCreateFunction . '(' . $x_size . ', ' . $y_size . ')');
}
return $ImageCreateFunction(round($x_size), round($y_size));
}
die('failed to include_once("' . realpath('phpthumb.class.php') . '")');
}
$phpThumb = new phpThumb();
foreach ($PHPTHUMB_CONFIG as $key => $value) {
$keyname = 'config_' . $key;
$phpThumb->{$keyname} = $value;
}
////////////////////////////////////////////////////////////////
// Debug output, to try and help me diagnose problems
if (@$_GET['phpThumbDebug'] == '1') {
$phpThumb->phpThumbDebug();
}
////////////////////////////////////////////////////////////////
$parsed_url_referer = parse_url(@$_SERVER['HTTP_REFERER']);
if ($phpThumb->config_nooffsitelink_require_refer && !in_array(@$parsed_url_referer['host'], $phpThumb->config_nohotlink_valid_domains)) {
$phpThumb->ErrorImage('config_nooffsitelink_require_refer enabled and ' . (@$parsed_url_referer['host'] ? '"' . $parsed_url_referer['host'] . '" is not an allowed referer' : 'no HTTP_REFERER exists'));
}
$parsed_url_src = parse_url(@$_GET['src']);
if ($phpThumb->config_nohotlink_enabled && $phpThumb->config_nohotlink_erase_image && eregi('^(f|ht)tp[s]?://', @$_GET['src']) && !in_array(@$parsed_url_src['host'], $phpThumb->config_nohotlink_valid_domains)) {
$phpThumb->ErrorImage($phpThumb->config_nohotlink_text_message);
}
////////////////////////////////////////////////////////////////
// You may want to pull data from a database rather than a physical file
// If so, uncomment the following $SQLquery line (modified to suit your database)
// Note: this must be the actual binary data of the image, not a URL or filename
// see http://www.billy-corgan.com/blog/archive/000143.php for a brief tutorial on this section
//$SQLquery = 'SELECT `picture` FROM `products` WHERE (`id` = \''.mysql_escape_string(@$_GET['id']).'\')';
if (@$SQLquery) {
// change this information to match your server
$hostname = 'localhost';
$username = '******';
