|
1 <?php |
|
2 |
|
3 // TimThumb script created by Tim McDaniels and Darren Hoyt with tweaks by Ben Gillbanks |
|
4 // http://code.google.com/p/timthumb/ |
|
5 |
|
6 // MIT License: http://www.opensource.org/licenses/mit-license.php |
|
7 |
|
8 /* Parameters allowed: */ |
|
9 |
|
10 // w: width |
|
11 // h: height |
|
12 // zc: zoom crop (0 or 1) |
|
13 // q: quality (default is 75 and max is 100) |
|
14 |
|
15 // HTML example: <img src="/scripts/timthumb.php?src=/images/whatever.jpg&w=150&h=200&zc=1" alt="" /> |
|
16 |
|
17 error_reporting(E_ALL); |
|
18 |
|
19 if(!isset($_REQUEST["src"])) { |
|
20 die("no image specified"); |
|
21 } |
|
22 |
|
23 // clean params before use |
|
24 $src = clean_source( $_REQUEST[ "src" ] ); |
|
25 |
|
26 // set document root |
|
27 $doc_root = get_document_root($src); |
|
28 |
|
29 // get path to image on file system |
|
30 $src = $doc_root . '/' . $src; |
|
31 |
|
32 $new_width = preg_replace( "/[^0-9]+/", "", get_request( 'w', 100 ) ); |
|
33 $new_height = preg_replace( "/[^0-9]+/", "", get_request( 'h', 100 ) ); |
|
34 $zoom_crop = preg_replace( "/[^0-9]+/", "", get_request( 'zc', 1 ) ); |
|
35 $quality = preg_replace( "/[^0-9]+/", "", get_request( '9', 80 ) ); |
|
36 |
|
37 // set path to cache directory (default is ./cache) |
|
38 // this can be changed to a different location |
|
39 $cache_dir = './cache'; |
|
40 |
|
41 // get mime type of src |
|
42 $mime_type = mime_type($src); |
|
43 |
|
44 // check to see if this image is in the cache already |
|
45 //check_cache($cache_dir, $mime_type); |
|
46 |
|
47 // make sure that the src is gif/jpg/png |
|
48 if(!valid_src_mime_type($mime_type)) { |
|
49 die("Invalid src mime type: $mime_type"); |
|
50 } |
|
51 |
|
52 // check to see if GD function exist |
|
53 if(!function_exists('imagecreatetruecolor')) { |
|
54 die("GD Library Error: imagecreatetruecolor does not exist"); |
|
55 } |
|
56 |
|
57 if(strlen($src) && file_exists($src)) { |
|
58 |
|
59 // open the existing image |
|
60 $image = open_image($mime_type, $src); |
|
61 if($image === false) { |
|
62 die('Unable to open image : ' . $src); |
|
63 } |
|
64 |
|
65 // Get original width and height |
|
66 $width = imagesx($image); |
|
67 $height = imagesy($image); |
|
68 |
|
69 // don't allow new width or height to be greater than the original |
|
70 if( $new_width > $width ) { |
|
71 $new_width = $width; |
|
72 } |
|
73 if( $new_height > $height ) { |
|
74 $new_height = $height; |
|
75 } |
|
76 |
|
77 // generate new w/h if not provided |
|
78 if( $new_width && !$new_height ) { |
|
79 |
|
80 $new_height = $height * ( $new_width / $width ); |
|
81 |
|
82 } elseif($new_height && !$new_width) { |
|
83 |
|
84 $new_width = $width * ( $new_height / $height ); |
|
85 |
|
86 } elseif(!$new_width && !$new_height) { |
|
87 |
|
88 $new_width = $width; |
|
89 $new_height = $height; |
|
90 |
|
91 } |
|
92 |
|
93 // create a new true color image |
|
94 $canvas = imagecreatetruecolor( $new_width, $new_height ); |
|
95 |
|
96 if( $zoom_crop ) { |
|
97 |
|
98 $src_x = $src_y = 0; |
|
99 $src_w = $width; |
|
100 $src_h = $height; |
|
101 |
|
102 $cmp_x = $width / $new_width; |
|
103 $cmp_y = $height / $new_height; |
|
104 |
|
105 // calculate x or y coordinate and width or height of source |
|
106 |
|
107 if ( $cmp_x > $cmp_y ) { |
|
108 |
|
109 $src_w = round( ( $width / $cmp_x * $cmp_y ) ); |
|
110 $src_x = round( ( $width - ( $width / $cmp_x * $cmp_y ) ) / 2 ); |
|
111 |
|
112 } elseif ( $cmp_y > $cmp_x ) { |
|
113 |
|
114 $src_h = round( ( $height / $cmp_y * $cmp_x ) ); |
|
115 $src_y = round( ( $height - ( $height / $cmp_y * $cmp_x ) ) / 2 ); |
|
116 |
|
117 } |
|
118 |
|
119 imagecopyresampled( $canvas, $image, 0, 0, $src_x, $src_y, $new_width, $new_height, $src_w, $src_h ); |
|
120 |
|
121 } else { |
|
122 |
|
123 // copy and resize part of an image with resampling |
|
124 imagecopyresampled( $canvas, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height ); |
|
125 |
|
126 } |
|
127 |
|
128 // output image to browser based on mime type |
|
129 show_image( $mime_type, $canvas, $quality, $cache_dir ); |
|
130 |
|
131 // remove image from memory |
|
132 imagedestroy( $canvas ); |
|
133 |
|
134 } else { |
|
135 |
|
136 if(strlen($src)) { |
|
137 die($src . ' not found.'); |
|
138 } else { |
|
139 die('no source specified.'); |
|
140 } |
|
141 |
|
142 } |
|
143 |
|
144 function show_image( $mime_type, $image_resized, $quality, $cache_dir ) { |
|
145 |
|
146 // check to see if we can write to the cache directory |
|
147 $is_writable = 0; |
|
148 $cache_file_name = $cache_dir . '/' . get_cache_file(); |
|
149 |
|
150 if(touch($cache_file_name)) { |
|
151 |
|
152 // give 666 permissions so that the developer |
|
153 // can overwrite web server user |
|
154 chmod($cache_file_name, 0666); |
|
155 $is_writable = 1; |
|
156 |
|
157 } else { |
|
158 |
|
159 $cache_file_name = NULL; |
|
160 header('Content-type: ' . $mime_type); |
|
161 |
|
162 } |
|
163 |
|
164 if(stristr($mime_type, 'gif')) { |
|
165 |
|
166 imagegif($image_resized, $cache_file_name); |
|
167 |
|
168 } elseif(stristr($mime_type, 'jpeg')) { |
|
169 |
|
170 imagejpeg($image_resized, $cache_file_name, $quality); |
|
171 |
|
172 } elseif(stristr($mime_type, 'png')) { |
|
173 |
|
174 $quality = floor($quality * 0.09); |
|
175 imagepng($image_resized, $cache_file_name, $quality); |
|
176 |
|
177 } |
|
178 |
|
179 if($is_writable) { |
|
180 show_cache_file( $cache_dir, $mime_type ); |
|
181 } |
|
182 |
|
183 die(); |
|
184 |
|
185 } |
|
186 |
|
187 function get_request( $property, $default = 0 ) { |
|
188 |
|
189 if( isset($_REQUEST[$property]) ) { |
|
190 return $_REQUEST[$property]; |
|
191 } else { |
|
192 return $default; |
|
193 } |
|
194 |
|
195 } |
|
196 |
|
197 function open_image($mime_type, $src) { |
|
198 |
|
199 if(stristr($mime_type, 'gif')) { |
|
200 |
|
201 $image = imagecreatefromgif($src); |
|
202 |
|
203 } elseif(stristr($mime_type, 'jpeg')) { |
|
204 |
|
205 @ini_set('gd.jpeg_ignore_warning', 1); |
|
206 $image = imagecreatefromjpeg($src); |
|
207 |
|
208 } elseif( stristr($mime_type, 'png')) { |
|
209 |
|
210 $image = imagecreatefrompng($src); |
|
211 |
|
212 } |
|
213 |
|
214 return $image; |
|
215 |
|
216 } |
|
217 |
|
218 function mime_type($file) { |
|
219 |
|
220 $os = strtolower(php_uname()); |
|
221 $mime_type = ''; |
|
222 |
|
223 // use PECL fileinfo to determine mime type |
|
224 if( function_exists('finfo_open')) { |
|
225 $finfo = finfo_open(FILEINFO_MIME); |
|
226 $mime_type = finfo_file($finfo, $file); |
|
227 finfo_close($finfo); |
|
228 } |
|
229 |
|
230 // try to determine mime type by using unix file command |
|
231 // this should not be executed on windows |
|
232 if(!valid_src_mime_type($mime_type) && !(eregi('windows', $os))) { |
|
233 if(preg_match("/freebsd|linux/", $os)) { |
|
234 $mime_type = trim(@shell_exec('file -bi $file')); |
|
235 } |
|
236 } |
|
237 |
|
238 // use file's extension to determine mime type |
|
239 if(!valid_src_mime_type($mime_type)) { |
|
240 |
|
241 // set defaults |
|
242 $mime_type = 'image/jpeg'; |
|
243 // file details |
|
244 $fileDetails = pathinfo($file); |
|
245 $ext = strtolower($fileDetails["extension"]); |
|
246 // mime types |
|
247 $types = array( |
|
248 'jpg' => 'image/jpeg', |
|
249 'jpeg' => 'image/jpeg', |
|
250 'png' => 'image/png', |
|
251 'gif' => 'image/gif' |
|
252 ); |
|
253 |
|
254 if(strlen($ext) && strlen($types[$ext])) { |
|
255 $mime_type = $types[$ext]; |
|
256 } |
|
257 |
|
258 } |
|
259 |
|
260 return $mime_type; |
|
261 |
|
262 } |
|
263 |
|
264 function valid_src_mime_type($mime_type) { |
|
265 |
|
266 if(preg_match("/jpg|jpeg|gif|png/i", $mime_type)) { |
|
267 return true; |
|
268 } |
|
269 return false; |
|
270 |
|
271 } |
|
272 |
|
273 function check_cache($cache_dir, $mime_type) { |
|
274 |
|
275 // make sure cache dir exists |
|
276 if(!file_exists($cache_dir)) { |
|
277 // give 777 permissions so that developer can overwrite |
|
278 // files created by web server user |
|
279 mkdir($cache_dir); |
|
280 chmod($cache_dir, 0777); |
|
281 } |
|
282 |
|
283 show_cache_file($cache_dir, $mime_type); |
|
284 |
|
285 } |
|
286 |
|
287 function show_cache_file($cache_dir, $mime_type) { |
|
288 |
|
289 $cache_file = $cache_dir . '/' . get_cache_file(); |
|
290 |
|
291 if( file_exists( $cache_file ) ) { |
|
292 |
|
293 if( isset( $_SERVER[ "HTTP_IF_MODIFIED_SINCE" ] ) ) { |
|
294 |
|
295 // check for updates |
|
296 $if_modified_since = preg_replace( '/;.*$/', '', $_SERVER[ "HTTP_IF_MODIFIED_SINCE" ] ); |
|
297 $gmdate_mod = gmdate( 'D, d M Y H:i:s', filemtime( $cache_file ) ); |
|
298 |
|
299 if( strstr( $gmdate_mod, 'GMT' ) ) { |
|
300 $gmdate_mod .= " GMT"; |
|
301 } |
|
302 |
|
303 if ( $if_modified_since == $gmdate_mod ) { |
|
304 header( "HTTP/1.1 304 Not Modified" ); |
|
305 exit; |
|
306 } |
|
307 |
|
308 } |
|
309 |
|
310 $fileSize = filesize($cache_file); |
|
311 |
|
312 // send headers then display image |
|
313 header("Content-Type: " . $mime_type); |
|
314 //header("Accept-Ranges: bytes"); |
|
315 header("Last-Modified: " . gmdate('D, d M Y H:i:s', filemtime($cache_file)) . " GMT"); |
|
316 header("Content-Length: " . $fileSize); |
|
317 header("Cache-Control: max-age=9999, must-revalidate"); |
|
318 header("Expires: " . gmdate("D, d M Y H:i:s", time() + 9999) . "GMT"); |
|
319 |
|
320 readfile($cache_file); |
|
321 |
|
322 die(); |
|
323 |
|
324 } |
|
325 |
|
326 } |
|
327 |
|
328 function get_cache_file () { |
|
329 |
|
330 global $quality; |
|
331 |
|
332 static $cache_file; |
|
333 if(!$cache_file) { |
|
334 $frags = split( "\.", $_REQUEST['src'] ); |
|
335 $ext = strtolower( $frags[ count( $frags ) - 1 ] ); |
|
336 if(!valid_extension($ext)) { $ext = 'jpg'; } |
|
337 $cachename = get_request( 'src', 'timthumb' ) . get_request( 'w', 100 ) . get_request( 'h', 100 ) . get_request( 'zc', 1 ) . get_request( '9', 80 ); |
|
338 $cache_file = md5( $cachename ) . '.' . $ext; |
|
339 } |
|
340 return $cache_file; |
|
341 |
|
342 } |
|
343 |
|
344 function valid_extension ($ext) { |
|
345 |
|
346 if( preg_match( "/jpg|jpeg|png|gif/i", $ext ) ) return 1; |
|
347 return 0; |
|
348 |
|
349 } |
|
350 |
|
351 function clean_source ( $src ) { |
|
352 |
|
353 // remove http/ https/ ftp |
|
354 $src = preg_replace("/^((ht|f)tp(s|):\/\/)/i", "", $src); |
|
355 // remove domain name from the source url |
|
356 $host = $_SERVER["HTTP_HOST"]; |
|
357 $src = str_replace($host, "", $src); |
|
358 $host = str_replace("www.", "", $host); |
|
359 $src = str_replace($host, "", $src); |
|
360 |
|
361 //$src = preg_replace( "/(?:^\/+|\.{2,}\/+?)/", "", $src ); |
|
362 //$src = preg_replace( '/^\w+:\/\/[^\/]+/', '', $src ); |
|
363 |
|
364 // don't allow users the ability to use '../' |
|
365 // in order to gain access to files below document root |
|
366 |
|
367 // src should be specified relative to document root like: |
|
368 // src=images/img.jpg or src=/images/img.jpg |
|
369 // not like: |
|
370 // src=../images/img.jpg |
|
371 $src = preg_replace( "/\.\.+\//", "", $src ); |
|
372 |
|
373 return $src; |
|
374 |
|
375 } |
|
376 |
|
377 function get_document_root ($src) { |
|
378 if( @file_exists( $_SERVER['DOCUMENT_ROOT'] . '/' . $src ) ) { |
|
379 return $_SERVER['DOCUMENT_ROOT']; |
|
380 } |
|
381 // the relative paths below are useful if timthumb is moved outside of document root |
|
382 // specifically if installed in wordpress themes like mimbo pro: |
|
383 // /wp-content/themes/mimbopro/scripts/timthumb.php |
|
384 $paths = array( '..', '../..', '../../..', '../../../..' ); |
|
385 foreach( $paths as $path ) { |
|
386 if( @file_exists( $path . '/' . $src ) ) { |
|
387 return $path; |
|
388 } |
|
389 } |
|
390 |
|
391 } |
|
392 |
|
393 ?> |