$phpThumb = new phpThumb(); $phpThumb->DebugTimingMessage('phpThumb.php start', __FILE__, __LINE__, $starttime); $phpThumb->SetParameter('config_error_die_on_error', true); if (!phpthumb_functions::FunctionIsDisabled('set_time_limit')) { set_time_limit(60); // shouldn't take nearly this long in most cases, but with many filters and/or a slow server... } // phpThumbDebug[0] used to be here, but may reveal too much // info when high_security_mode should be enabled (not set yet) if (file_exists(dirname(__FILE__) . '/phpThumb.config.php')) { ob_start(); if (include_once dirname(__FILE__) . '/phpThumb.config.php') { // great } else { ob_end_flush(); $phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"'); } ob_end_clean(); } elseif (file_exists(dirname(__FILE__) . '/phpThumb.config.php.default')) { $phpThumb->ErrorImage('Please rename "phpThumb.config.php.default" to "phpThumb.config.php"'); } else { $phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"'); } if (!@$PHPTHUMB_CONFIG['disable_pathinfo_parsing'] && (empty($_GET) || isset($_GET['phpThumbDebug'])) && !empty($_SERVER['PATH_INFO'])) { $_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', @$_SERVER['PHP_SELF']); $args = explode(';', substr($_SERVER['PATH_INFO'], 1)); $phpThumb->DebugMessage('PATH_INFO.$args set to (' . implode(')(', $args) . ')', __FILE__, __LINE__); if (!empty($args)) { $_GET['src'] = @$args[count($args) - 1]; $phpThumb->DebugMessage('PATH_INFO."src" = "' . $_GET['src'] . '"', __FILE__, __LINE__); if (preg_match('/^new\\=([a-z0-9]+)/i', $_GET['src'], $matches)) {
$phpThumb = new phpThumb(); $phpThumb->DebugTimingMessage('phpThumb.php start', __FILE__, __LINE__, $starttime); //////////////////////////////////////////////////////////////// // Debug output, to try and help me diagnose problems $phpThumb->DebugTimingMessage('phpThumbDebug[0]', __FILE__, __LINE__); if (@$_GET['phpThumbDebug'] == '0') { $phpThumb->phpThumbDebug(); } //////////////////////////////////////////////////////////////// if (file_exists(dirname(__FILE__) . '/phpThumb.config.php')) { ob_start(); if (include_once dirname(__FILE__) . '/phpThumb.config.php') { // great } else { ob_end_flush(); $phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"'); } ob_end_clean(); } elseif (file_exists(dirname(__FILE__) . '/phpThumb.config.php.default')) { $phpThumb->ErrorImage('Please rename "phpThumb.config.php.default" to "phpThumb.config.php"'); } else { $phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"'); } if (@$PHPTHUMB_CONFIG['high_security_enabled']) { if (!@$_GET['hash']) { $phpThumb->ErrorImage('ERROR: missing hash'); } elseif (strlen($PHPTHUMB_CONFIG['high_security_password']) < 5) { $phpThumb->ErrorImage('ERROR: strlen($PHPTHUMB_CONFIG[high_security_password]) < 5'); } elseif ($_GET['hash'] != md5(str_replace('&hash=' . $_GET['hash'], '', $_SERVER['QUERY_STRING']) . $PHPTHUMB_CONFIG['high_security_password'])) { $phpThumb->ErrorImage('ERROR: invalid hash'); }
$phpThumb->SetParameter('config_error_die_on_error', true); if (!phpthumb_functions::FunctionIsDisabled('set_time_limit')) { set_time_limit(60); // shouldn't take nearly this long in most cases, but with many filters and/or a slow server... } // phpThumbDebug[0] used to be here, but may reveal too much // info when high_security_mode should be enabled (not set yet) if (file_exists(dirname(__FILE__) . '/phpThumb.config.php')) { ob_start(); if (include_once dirname(__FILE__) . '/phpThumb.config.php') { // great } else { ob_end_flush(); $phpThumb->config_disable_debug = false; // otherwise error message won't print $phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"'); } ob_end_clean(); } elseif (file_exists(dirname(__FILE__) . '/phpThumb.config.php.default')) { $phpThumb->config_disable_debug = false; // otherwise error message won't print $phpThumb->ErrorImage('Please rename "phpThumb.config.php.default" to "phpThumb.config.php"'); } else { $phpThumb->config_disable_debug = false; // otherwise error message won't print $phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"'); } if (empty($PHPTHUMB_CONFIG['disable_pathinfo_parsing']) && (empty($_GET) || isset($_GET['phpThumbDebug'])) && !empty($_SERVER['PATH_INFO'])) { $_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', @$_SERVER['PHP_SELF']); $args = explode(';', substr($_SERVER['PATH_INFO'], 1)); $phpThumb->DebugMessage('PATH_INFO.$args set to (' . implode(')(', $args) . ')', __FILE__, __LINE__);
if (!empty($SQLquery)) { // change this information to match your server $server = 'localhost'; $username = '******'; $password = '******'; $database = 'database'; if ($cid = @mysql_connect($server, $username, $password)) { if (@mysql_select_db($database, $cid)) { if ($result = mysql_query($SQLquery, $cid)) { if ($row = @mysql_fetch_array($result)) { mysql_free_result($result); mysql_close($cid); $phpThumb->rawImageData = $row[0]; unset($row); } else { $phpThumb->ErrorImage('no matching data in database.'); //$phpThumb->ErrorImage('no matching data in database. MySQL said: "'.mysql_error($cid).'"'); } } else { $phpThumb->ErrorImage('Error in MySQL query: "' . mysql_error($cid) . '"'); } } else { $phpThumb->ErrorImage('cannot select MySQL database'); } } else { $phpThumb->ErrorImage('cannot connect to MySQL server'); } } elseif (empty($_REQUEST['src'])) { $phpThumb->ErrorImage('Usage: ' . $_SERVER['PHP_SELF'] . '?src=/path/and/filename.jpg' . "\n" . 'read Usage comments for details'); } elseif (substr(strtolower(@$phpThumb->src), 0, 7) == 'http://') { ob_start();
static function ImageCreateFunction($x_size, $y_size) { $ImageCreateFunction = 'ImageCreate'; if (phpThumb_functions::gd_version() >= 2.0) { $ImageCreateFunction = 'ImageCreateTrueColor'; } if (!function_exists($ImageCreateFunction)) { return phpThumb::ErrorImage($ImageCreateFunction . '() does not exist - no GD support?'); } if ($x_size <= 0 || $y_size <= 0) { return phpThumb::ErrorImage('Invalid image dimensions: ' . $ImageCreateFunction . '(' . $x_size . ', ' . $y_size . ')'); } return $ImageCreateFunction(round($x_size), round($y_size)); }
die('failed to include_once("' . realpath('phpthumb.class.php') . '")'); } $phpThumb = new phpThumb(); foreach ($PHPTHUMB_CONFIG as $key => $value) { $keyname = 'config_' . $key; $phpThumb->{$keyname} = $value; } //////////////////////////////////////////////////////////////// // Debug output, to try and help me diagnose problems if (@$_GET['phpThumbDebug'] == '1') { $phpThumb->phpThumbDebug(); } //////////////////////////////////////////////////////////////// $parsed_url_referer = parse_url(@$_SERVER['HTTP_REFERER']); if ($phpThumb->config_nooffsitelink_require_refer && !in_array(@$parsed_url_referer['host'], $phpThumb->config_nohotlink_valid_domains)) { $phpThumb->ErrorImage('config_nooffsitelink_require_refer enabled and ' . (@$parsed_url_referer['host'] ? '"' . $parsed_url_referer['host'] . '" is not an allowed referer' : 'no HTTP_REFERER exists')); } $parsed_url_src = parse_url(@$_GET['src']); if ($phpThumb->config_nohotlink_enabled && $phpThumb->config_nohotlink_erase_image && eregi('^(f|ht)tp[s]?://', @$_GET['src']) && !in_array(@$parsed_url_src['host'], $phpThumb->config_nohotlink_valid_domains)) { $phpThumb->ErrorImage($phpThumb->config_nohotlink_text_message); } //////////////////////////////////////////////////////////////// // You may want to pull data from a database rather than a physical file // If so, uncomment the following $SQLquery line (modified to suit your database) // Note: this must be the actual binary data of the image, not a URL or filename // see http://www.billy-corgan.com/blog/archive/000143.php for a brief tutorial on this section //$SQLquery = 'SELECT `picture` FROM `products` WHERE (`id` = \''.mysql_escape_string(@$_GET['id']).'\')'; if (@$SQLquery) { // change this information to match your server $hostname = 'localhost'; $username = '******';