2014-09-25 15:46:41 +00:00
|
|
|
<?php
|
|
|
|
|
session_start();
|
|
|
|
|
// Comprobamos si existe la variable
|
|
|
|
|
/*if ( !isset ( $_SESSION['id'] ) ) {
|
|
|
|
|
// Si no existe
|
|
|
|
|
header("Location: ../nodisponible.jpg");
|
|
|
|
|
// echo "hola mundo2";
|
|
|
|
|
}*/
|
2015-03-09 20:09:52 +00:00
|
|
|
if(!isset($_GET['file']) ){
|
2014-09-25 15:46:41 +00:00
|
|
|
header("Location: ../sinimagen.jpg");
|
|
|
|
|
|
|
|
|
|
}
|
2015-11-03 01:32:06 +00:00
|
|
|
include("../../includes/datos.php");
|
|
|
|
|
$dir="$path_images_secure/";
|
2014-09-25 15:46:41 +00:00
|
|
|
if ((!$file=realpath($dir.$_GET['file']))
|
|
|
|
|
|| strpos($file,realpath($dir))!==0 || substr($file,-4)=='.php'){
|
|
|
|
|
//header('HTTP/1.0 404 Not Found');
|
2018-07-18 10:48:05 +00:00
|
|
|
header("Location: ../sinimagen.jpg?");
|
2014-09-25 15:46:41 +00:00
|
|
|
exit();
|
|
|
|
|
}
|
2018-07-02 17:49:58 +00:00
|
|
|
$ref=@$_SERVER['HTTP_REFERER'];
|
2018-07-01 22:21:48 +00:00
|
|
|
if (strpos($ref,'https://')===0 || strpos($ref,'https')!==0){
|
2014-09-25 15:46:41 +00:00
|
|
|
$mime=array(
|
|
|
|
|
'jpg'=>'image/jpeg',
|
|
|
|
|
'png'=>'image/png',
|
|
|
|
|
'mid'=>'audio/x-midi',
|
|
|
|
|
'wav'=>'audio/x-wav'
|
|
|
|
|
);
|
2018-07-02 17:49:58 +00:00
|
|
|
|
|
|
|
|
if(@$mime[substr($file,-3)] =='') {
|
2015-03-09 20:09:52 +00:00
|
|
|
header('Location: ../pixel.png');
|
|
|
|
|
|
|
|
|
|
exit();
|
|
|
|
|
}
|
2014-09-25 15:46:41 +00:00
|
|
|
$stat=stat($file);
|
|
|
|
|
header('Content-Type: '.$mime[substr($file,-3)]);
|
|
|
|
|
header('Content-Length: '.$stat[7]);
|
|
|
|
|
header('Last-Modified: '.gmdate('D, d M Y H:i:s',$stat[9]).' GMT');
|
|
|
|
|
readfile($file);
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
header('Pragma: no-cache');
|
|
|
|
|
header('Cache-Control: no-cache, no-store, must-revalidate');
|
|
|
|
|
include($file.'.php');
|
|
|
|
|
?>
|
