public function makethumbnail($imageType, $filename, $subdirs = "", $hash, $tparameters)
{
$basefilename = hash("md5", $filename, false);
if (strlen($subdirs) > 0) {
$subdirs = "/" . $subdirs;
}
if (!is_dir($this->_config['imageFolder'] . $subdirs . "/cache")) {
mkdir($this->_config['imageFolder'] . $subdirs . "/cache");
}
$basefolder = $this->_config['imageFolder'] . $subdirs . "/cache/{$basefilename}";
ksort($tparameters);
$hashparameters = "";
$last = key(array_slice($tparameters, -1, 1, TRUE));
foreach ($tparameters as $p => $v) {
$hashparameters .= $p . "=" . $v;
if ($p != $last) {
$hashparameters .= "&";
}
}
$phpThumb = $this->phpThumb;
$errorpage = new \UserFrosting\BaseController($this->_app);
if (!empty($phpThumb->config_high_security_enabled)) {
if (strlen($hash) !== 32) {
$phpThumb->config_disable_debug = false;
// otherwise error message won't print
return $errorpage->page404();
$phpThumb->ErrorImage('ERROR: missing hash');
}
if (PasswordStrength($phpThumb->config_high_security_password) < 20) {
error_log('Password not strong enough');
$phpThumb->config_disable_debug = false;
// otherwise error message won't print
$phpThumb->ErrorImage('ERROR: $PHPTHUMB_CONFIG[high_security_password] is not complex enough');
return $errorpage->page404();
}
$tohash = $imageType . $subdirs . "/" . $filename . $hashparameters . $this->_config['high_security_password'];
if ($hash != md5($tohash)) {
error_log('incorrect hash');
header('HTTP/1.0 403 Forbidden');
sleep(10);
// deliberate delay to discourage password-guessing
return $errorpage->page404();
$phpThumb->ErrorImage('ERROR: invalid hash');
}
}
if (!is_dir($basefolder)) {
mkdir($basefolder);
}
$output_filename = $basefolder . "/" . $hash . ".jpg";
if (file_exists($basefolder . $output_filename)) {
$this->_app->response->headers->set("Content-Type", "image/jpeg");
echo file_get_contents($output_filename);
} else {
$phpThumb->setSourceData(file_get_contents($this->_config['imageFolder'] . $subdirs . "/" . $filename));
$imgInfo = getimagesize($this->_config['imageFolder'] . $subdirs . "/" . $filename);
foreach ($tparameters as $param => $pval) {
if (strpos($param, "fltr") !== false) {
$phpThumb->setParameter("fltr", $pval);
} else {
$phpThumb->setParameter($param, $pval);
}
}
if ($phpThumb->GenerateThumbnail()) {
$this->_app->response->headers->set("Content-Type", "image/jpeg");
$phpThumb->RenderOutput();
file_put_contents($output_filename, $phpThumb->outputImageData);
echo $phpThumb->outputImageData;
} else {
// do something with debug/error messages
echo 'Failed:<pre>' . $phpThumb->fatalerror . "\n\n" . implode("\n\n", $phpThumb->debugmessages) . '</pre>';
}
}
}
if (substr($key, -2) == '[]') {
$array_key_name = substr($key, 0, -2);
$_GET[$array_key_name][] = $value;
$phpThumb->DebugMessage('PATH_INFO."' . $array_key_name . '[]" = "' . $value . '"', __FILE__, __LINE__);
} else {
$_GET[$key] = $value;
$phpThumb->DebugMessage('PATH_INFO."' . $key . '" = "' . $value . '"', __FILE__, __LINE__);
}
}
}
if (!empty($PHPTHUMB_CONFIG['high_security_enabled'])) {
if (empty($_GET['hash'])) {
$phpThumb->config_disable_debug = false;
// otherwise error message won't print
$phpThumb->ErrorImage('ERROR: missing hash');
} elseif (PasswordStrength($PHPTHUMB_CONFIG['high_security_password']) < 20) {
$phpThumb->config_disable_debug = false;
// otherwise error message won't print
$phpThumb->ErrorImage('ERROR: $PHPTHUMB_CONFIG[high_security_password] is not complex enough');
} elseif ($_GET['hash'] != md5(str_replace('&hash=' . $_GET['hash'], '', $_SERVER['QUERY_STRING']) . $PHPTHUMB_CONFIG['high_security_password'])) {
sleep(10);
// deliberate delay to discourage password-guessing
$phpThumb->config_disable_debug = false;
// otherwise error message won't print
$phpThumb->ErrorImage('ERROR: invalid hash');
}
}
////////////////////////////////////////////////////////////////
// Debug output, to try and help me diagnose problems
$phpThumb->DebugTimingMessage('phpThumbDebug[0]', __FILE__, __LINE__);
if (isset($_GET['phpThumbDebug']) && $_GET['phpThumbDebug'] == '0') {
/**
* Validate a password's strength
*
* @param string $Value
* @param string $Field
* @param array $FormValues
*/
function ValidateStrength($Value, $Field, $PostedFields)
{
$UsernameValue = GetValue('Name', $PostedFields);
$PScore = PasswordStrength($Value, $UsernameValue);
return $PScore['Pass'] ? TRUE : FALSE;
}
if (substr($key, -2) == '[]') {
$array_key_name = substr($key, 0, -2);
$_GET[$array_key_name][] = $value;
$phpThumb->DebugMessage('PATH_INFO."' . $array_key_name . '[]" = "' . $value . '"', __FILE__, __LINE__);
} else {
$_GET[$key] = $value;
$phpThumb->DebugMessage('PATH_INFO."' . $key . '" = "' . $value . '"', __FILE__, __LINE__);
}
}
}
if (!empty($phpThumb->config_high_security_enabled)) {
if (empty($_GET['hash'])) {
$phpThumb->config_disable_debug = false;
// otherwise error message won't print
$phpThumb->ErrorImage('ERROR: missing hash');
} elseif (PasswordStrength($phpThumb->config_high_security_password) < 20) {
$phpThumb->config_disable_debug = false;
// otherwise error message won't print
$phpThumb->ErrorImage('ERROR: $PHPTHUMB_CONFIG[high_security_password] is not complex enough');
} elseif ($_GET['hash'] != md5(str_replace($phpThumb->config_high_security_url_separator . 'hash=' . $_GET['hash'], '', $_SERVER['QUERY_STRING']) . $phpThumb->config_high_security_password)) {
header('HTTP/1.0 403 Forbidden');
sleep(10);
// deliberate delay to discourage password-guessing
$phpThumb->ErrorImage('ERROR: invalid hash');
}
}
////////////////////////////////////////////////////////////////
// Debug output, to try and help me diagnose problems
$phpThumb->DebugTimingMessage('phpThumbDebug[0]', __FILE__, __LINE__);
if (isset($_GET['phpThumbDebug']) && $_GET['phpThumbDebug'] == '0') {
$phpThumb->phpThumbDebug();
/**
* Validate a password's strength.
*
* @param string $value The value to validate.
* @param object $field Not used.
* @param array $data The full post data.
* @return bool Returns true if the value represents a strong enough password or false otherwise.
*/
function validateStrength($value, $field, $data)
{
$UsernameValue = GetValue('Name', $data);
$PScore = PasswordStrength($value, $UsernameValue);
return $PScore['Pass'] ? true : false;
}
