professional-sql-07-public-files-index.php / php
<?php // include shared code include '../lib/config.php'; // accept incoming parameters _GET['album'])) ? album_p = BASEDIR . '/' . file = (isset(_GET['file'] : ''; album_p . '/' . // generate image view if (album && // redirect to album list if album or file is outside allowed base // directory or does not exist if (strpos(realpath(album_p), BASEDIR) !== 0 || strpos(realpath(file_p)) { header('Location: ' . htmlspecialchars(// provide link for album view echo '<p><a href="' . htmlspecialchars(_SERVER['PHP_SELF']) . '?album='. urlencode(album) . '</a></p>'; switch (substr(file, '.') + 1)) { // jpeg files are included using the img element case 'jpg': case 'jpeg': echo '<img src="view.php?file=' . urlencode(file) . '" alt="' . htmlspecialchars(// QuickTime files are included using the object/embed elements case 'mov': echo '<object type="video/quicktime" data="view.php?file=' . urlencode(album . '/' . <param name="movie" value="view.php?file=' . urlencode(album . '/' . <embed type="video/quicktime" src="view.php?file=' . urlencode(album . '/' . </object>'; break; // redirect if file format is not valid default: header('Location: ' . htmlspecialchars(_SERVER['PHP_SELF'])); exit(); } // generate album view else if (album) { // redirect to album list if album does not exist or is outside the // allowed base directory if (strpos(realpath(album_p)) { header('Location: ' . htmlspecialchars(// provide link for album index echo '<p><a href="' . htmlspecialchars(_SERVER['PHP_SELF']) . '">' . '< Back to album index</a></p>'; // retrieve album description if available if (file_exists(<p>' . nl2br(file_get_contents(album_p . '/desc.txt')) . '</p>'; } // read in list of image and QuickTime files album_p); f = basename(readdir(f == '.' || f)) { f, strpos(ext == 'jpg' || ext == 'mov') { f; } } } closedir(// sort images natcasesort(images); //display thumbnails in a table columns = 7; echo '<table border="1">'; foreach (image) { if (0 == (columns)) { echo '<tr>'; } echo '<td style="width: '. (100 /\ %s?album=\ %s&file=\ %s"><img src="thumbnail.php?' . 'file=\ %s" alt="\ %s"/></a> ', htmlspecialchars(_SERVER['PHP_SELF']), urlencode(image), urlencode(image), htmlspecialchars(</td>'; if (0 == (++counter % </tr>'; } } // finish table's row with blank cells if necessary while (counter++ % <td> </td>'; } if (substr(ob_get_contents(), -5) == '</td>') { echo '</tr>'; } echo '</table>'; GLOBALS['TEMPLATE']['content'] = ob_get_contents(); ob_end_clean(); } // generate default view showing list of available albums else { ob_start(); // retrieve list of albums dir = opendir(BASEDIR); while(dir))) { if(f == '..') continue; if (is_dir(BASEDIR . '/' . albums[] = dir); // sort albums natcasesort(// display album list echo '<p>Albums</p>'; echo '<ul>'; foreach (albums as <li><a href="\ %s?album=\ %s">\ %s</a></li>', htmlspecialchars(_SERVER['PHP_SELF']), urlencode(album)); } echo '</ul>'; /*// include shared code include '../lib/config.php'; // accept incoming parameters album = (isset(_GET['album'] : ''; album; _GET['file'])) ? file_p = file; // generate image view if (file) { // redirect to album list if album or file is outside allowed base // directory or does not exist if (strpos(realpath(file_p), BASEDIR) !== 0 || !file_exists(_SERVER['PHP_SELF'])); // exit(); echo <p><a href="' . htmlspecialchars(_SERVER['PHP_SELF']) . '?album='. urlencode(album) . '</a></p>'; switch (substr(file, '.') + 1)) { // jpeg files are included using the img element case 'jpg': case 'jpeg': echo '<img src="view.php?file=' . urlencode(file) . '" alt="' . htmlspecialchars(<object type="video/quicktime" data="view.php?file=' . urlencode(album . '/' . <param name="movie" value="view.php?file=' . urlencode(album . '/' . <embed type="video/quicktime" src="view.php?file=' . urlencode(album . '/' . </object>'; break; // redirect if file format is not valid default: header('Location: ' . htmlspecialchars(_SERVER['PHP_SELF'])); exit(); } album) { // redirect to album list if album does not exist or is outside the // allowed base directory if (strpos(realpath(album_p)) { header('Location: ' . htmlspecialchars(<p><a href="' . htmlspecialchars(_SERVER['PHP_SELF']) . '">' . '< Back to album index</a></p>'; // retrieve album description if available if (file_exists(<p>' . nl2br(file_get_contents(album_p . '/desc.txt')) . '</p>'; } // read in list of images album_p); f = basename(readdir(f == '.' || f)) { f; } } closedir(images); //gather thumbnails foreach (image) { switch (substr(image, '.') + 1)) { case 'jpg': case 'jpeg': case 'mov': printf ('<a href="\ %s?album=\ %s&file=\ %s"><img ' . 'src="thumbnail.php?file=\ %s" alt="\ %s"/></a> ', htmlspecialchars(album), urlencode(album . '/' . image)); break; } } albums = array(); f = basename(readdir(f == '.' || f)) { f; } } closedir(albums); // display album list echo '<p>Albums</p>'; echo '<ul>'; foreach (album) { printf('<li><a href="\ %s?album=\ %s">\ %s</a></li>', htmlspecialchars(album), htmlspecialchars(</ul>'; GLOBALS['TEMPLATE']['content'] = ob_get_contents(); ob_end_clean(); } // display the page */// include '../templates/template-page.php'; echo
(C) Æliens 20/2/2008
You may not copy or print any of this material without explicit permission of the author or the publisher. In case of other copyright issues, contact the author.