root/dev/mods/signature_generator/sig.php @ 192

Revision 192, 2.3 KB (checked in by exi, 13 years ago)

Fixed several potential security issues with unchecked variables.
Added .htaccess files to common/ and mods/.
Modified the sync module to not send item data anymore.

Line 
1<?php
2if (!$sig_name = $_GET['s'])
3{
4    $sig_name = 'default';
5}
6$sig_name = str_replace('.', '', $sig_name);
7$sig_name = str_replace('/', '', $sig_name);
8
9function errorPic($string)
10{
11    $im = imagecreate(200, 60);
12    $black = imagecolorallocate($im, 0, 0, 0);
13    $red = imagecolorallocate($im, 250, 200, 20);
14    imagefill($im, 1, 1, $black);
15    imagestring($im, 3, 10, 10, 'Error: '.$string, $red);
16    header('Content-Type: image/jpeg');
17    imagejpeg($im);
18    exit;
19}
20
21if (!$plt_id = intval($_GET['i']))
22{
23    errorPic('No pilot id specified.');
24}
25require_once("common/includes/class.pilot.php");
26require_once("common/includes/class.corp.php");
27require_once("common/includes/class.alliance.php");
28require_once("common/includes/class.killlist.php");
29
30$pilot = new Pilot($plt_id);
31if (!$pilot->exists())
32{
33    errorPic('That pilot doesnt exist.');
34}
35$corp = $pilot->getCorp();
36$alliance = $corp->getAlliance();
37
38// we dont generate pictures for non-member
39if (ALLIANCE_ID && $alliance->getID() != ALLIANCE_ID)
40{
41    errorPic('Wrong alliance.');
42}
43elseif (CORP_ID && $corp->getID() != CORP_ID)
44{
45    errorPic('Wrong corporation.');
46}
47
48$id = abs(crc32($sig_name));
49// check for cached version
50if (file_exists('cache/data/sig_'.$id.'_'.$plt_id))
51{
52    $age = filemtime('cache/data/sig_'.$id.'_'.$plt_id);
53
54    // cache files for 30 minutes
55    if (time() - $age < 30*60)
56    {
57        if (file_exists('mods/signature_generator/signatures/'.$sig_name.'/typ.png'))
58        {
59            header('Content-Type: image/png');
60        }
61        else
62        {
63            header('Content-Type: image/jpeg');
64        }
65        readfile('cache/data/sig_'.$id.'_'.$plt_id);
66        return;
67    }
68}
69
70// check template
71if (!is_dir('mods/signature_generator/signatures/'.$sig_name))
72{
73    errorPic('Template not found.');
74}
75
76// let the template do the work, we just output $im
77require('mods/signature_generator/signatures/'.$sig_name.'/'.$sig_name.'.php');
78
79if (file_exists('mods/signature_generator/signatures/'.$sig_name.'/typ.png'))
80{
81    header('Content-Type: image/png');
82}
83else
84{
85    header('Content-Type: image/jpeg');
86}
87imagejpeg($im, 'cache/data/sig_'.$id.'_'.$plt_id, 95);
88readfile('cache/data/sig_'.$id.'_'.$plt_id);
89?>
Note: See TracBrowser for help on using the browser.