<?
	// Copyright (c) 2004-2005 - Brian A. Russell - All Rights Reserved
	// Image Hosting System, Image Display Component - Version 1.3.4
	// This software may not be modified in any way without written approval.
	// Visit www.webmastersadvantage.com for support.

	require "../ihs/config.php";

	// mime types for output
	$outputMimeTypes = array("gif" => "image/gif", "jpg" => "image/jpeg", "png" => "image/png", "bmp" => "image/bmp", "swf" => "application/x-shockwave-flash", "pdf" => "application/pdf", "zip" => "application/x-compressed");

	$file = $_GET['file'];
	$referer = $_SERVER['HTTP_REFERER'];
	$ip = $_SERVER['REMOTE_ADDR'];
	$defaultImage = "default.gif";

	$etag = getEtag($file);

	// see if the file exists, or is blocked for referer
	if ($file == "" || !file_exists($file) || blockedReferer($referer)) {
		$file = $defaultImage;
		$fs = filesize($file);
		displayImage($file, "Thu, 01 Jan 2004 12:00:00 GMT", $fs);
	} else {
		if (stripslashes($_SERVER["HTTP_IF_NONE_MATCH"]) == $etag) {
			header("HTTP/1.1 304 Not Modified");
		} else {
			// open database connection
			$link = mysql_connect($db_server, $db_user, $db_password);
			mysql_select_db($db_name);
	
			// check for exceeded bandwidth limit (if not the default image)
			$query = "select sum(kb) as ttl from imagehits where filename = '" . mysql_real_escape_string($file) . "'";
		    $result = mysql_query($query);
	
			$bandwidth = 0;
			if ($result) {
				$row = mysql_fetch_row($result);
				$bandwidth = $row[0];
			} else {
				$bandwidth = 0;
			}
	
			if ($bandwidth >= $bandwidth_max) {
				$file = $defaultImage;
				$fs = filesize($file);
				displayImage($file, "Thu, 01 Jan 2004 12:00:00 GMT", $fs);
			} else {
				if (preg_match("/tn_/", $file)) {
					$query = "select filesize, unix_timestamp(added) as ts from images where tn_filename = '" . mysql_real_escape_string($file) . "'";
				} else {
					$query = "select filesize, unix_timestamp(added) as ts from images where filename = '" . mysql_real_escape_string($file) . "'";
				}
				$result = mysql_query($query);
	
				if (mysql_num_rows($result) != 1) {
					$file = $defaultImage;
					$fs = filesize($file);
					displayImage($file, "Thu, 01 Jan 2004 12:00:00 GMT", $fs);
				} else {
					$line = mysql_fetch_array($result);
					$dateMod = gmdate("D, d M Y H:i:s", $line['ts']) . " GMT";
					if (preg_match("/tn_/", $file)) {
						$fs = filesize($file);
					} else {
						$fs = $line['filesize'];
					}
					displayImage($file, $dateMod, $fs);
					$query = "INSERT INTO imagehits (timestamp, filename, referer, ip, kb) VALUES (now(), '" . mysql_real_escape_string($file) . "', '$referer', '$ip', '$fs')";
					mysql_query($query);
				}
			}
	
			// close database connection
			mysql_close($link);
		}
	}

	exit;

	function displayImage($fn, $lastMod, $fs) {
		global $outputMimeTypes;

		// determine file extension
		$ext = explode(".", $fn); 
		$ext_i = (count($ext) - 1); 
		$file_ext = $ext[$ext_i];

		// output standard image headers
		header("Last-Modified: " . $lastMod);
		header("ETag: " . getEtag($fn));
		header("Accept-Ranges: bytes");
		header("Content-Length: " . $fs);
		header("Content-Type: " . $outputMimeTypes[$file_ext]);

		// output actual file contents
		$fp = fopen($fn, "rb");
		fpassthru($fp);
		fclose($fp);

		return;
	}

	function blockedReferer($referer) {
		global $blocked_referers;
		$blocked = false;
		foreach ($blocked_referers as $key) {
			if (strpos($referer, $key) !== false) {
				$blocked = true;
			}
		}
		return $blocked;
	}

	function getEtag($fileName) {
		$hash = md5($fileName);
		return '"' . substr($hash, 0, 4) . "-" . substr($hash, 4, 4) . "-" . substr($hash, 8, 4) . '"';
	}
?>