Main Page | Namespace List | Class Hierarchy | Class List | File List | Class Members | File Members | Related Pages

img_auth.php

Go to the documentation of this file.
00001 <?php
00002 # Image download authorisation script
00003 # To use, in LocalSettings.php set $wgUploadDirectory to point to a non-public directory, and
00004 # $wgUploadPath to point to this file. Also set $wgWhitelistRead to an array of pages you want
00005 # everyone to be able to access. Your server must support PATH_INFO, CGI-based configurations
00006 # generally don't. 
00007 
00008 define( "MEDIAWIKI", true );
00009 require_once( "./LocalSettings.php" );
00010 require_once( "includes/Setup.php" );
00011 
00012 # Get filenames/directories
00013 $filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] );
00014 $realUploadDirectory = realpath( $wgUploadDirectory );
00015 $imageName = $wgLang->getNsText( NS_IMAGE ) . ":" . basename( $_SERVER['PATH_INFO'] );
00016 
00017 # Check if the filename is in the correct directory
00018 if ( substr( $filename, 0, strlen( $realUploadDirectory ) ) != $realUploadDirectory ) {
00019         wfForbidden();
00020 }
00021 
00022 if ( is_array( $wgWhitelistRead ) && !in_array( $imageName, $wgWhitelistRead ) && !$wgUser->getID() ) {
00023         wfForbidden();
00024 }
00025 
00026 # Write file
00027 $type = wfGetType( $filename );
00028 if ( $type ) {
00029         header("Content-type: $type");
00030 }
00031 
00032 readfile( $filename );
00033 
00034 function wfGetType( $filename ) {
00035         # There's probably a better way to do this
00036         $types = <<<END_STRING
00037 application/andrew-inset ez
00038 application/mac-binhex40 hqx
00039 application/mac-compactpro cpt
00040 application/mathml+xml mathml
00041 application/msword doc
00042 application/octet-stream bin dms lha lzh exe class so dll
00043 application/oda oda
00044 application/ogg ogg
00045 application/pdf pdf
00046 application/postscript ai eps ps
00047 application/rdf+xml rdf
00048 application/smil smi smil
00049 application/srgs gram
00050 application/srgs+xml grxml
00051 application/vnd.mif mif
00052 application/vnd.ms-excel xls
00053 application/vnd.ms-powerpoint ppt
00054 application/vnd.wap.wbxml wbxml
00055 application/vnd.wap.wmlc wmlc
00056 application/vnd.wap.wmlscriptc wmlsc
00057 application/voicexml+xml vxml
00058 application/x-bcpio bcpio
00059 application/x-cdlink vcd
00060 application/x-chess-pgn pgn
00061 application/x-cpio cpio
00062 application/x-csh csh
00063 application/x-director dcr dir dxr
00064 application/x-dvi dvi
00065 application/x-futuresplash spl
00066 application/x-gtar gtar
00067 application/x-hdf hdf
00068 application/x-javascript js
00069 application/x-koan skp skd skt skm
00070 application/x-latex latex
00071 application/x-netcdf nc cdf
00072 application/x-sh sh
00073 application/x-shar shar
00074 application/x-shockwave-flash swf
00075 application/x-stuffit sit
00076 application/x-sv4cpio sv4cpio
00077 application/x-sv4crc sv4crc
00078 application/x-tar tar
00079 application/x-tcl tcl
00080 application/x-tex tex
00081 application/x-texinfo texinfo texi
00082 application/x-troff t tr roff
00083 application/x-troff-man man
00084 application/x-troff-me me
00085 application/x-troff-ms ms
00086 application/x-ustar ustar
00087 application/x-wais-source src
00088 application/xhtml+xml xhtml xht
00089 application/xslt+xml xslt
00090 application/xml xml xsl
00091 application/xml-dtd dtd
00092 application/zip zip
00093 audio/basic au snd
00094 audio/midi mid midi kar
00095 audio/mpeg mpga mp2 mp3
00096 audio/x-aiff aif aiff aifc
00097 audio/x-mpegurl m3u
00098 audio/x-pn-realaudio ram rm
00099 audio/x-pn-realaudio-plugin rpm
00100 audio/x-realaudio ra
00101 audio/x-wav wav
00102 chemical/x-pdb pdb
00103 chemical/x-xyz xyz
00104 image/bmp bmp
00105 image/cgm cgm
00106 image/gif gif
00107 image/ief ief
00108 image/jpeg jpeg jpg jpe
00109 image/png png
00110 image/svg+xml svg
00111 image/tiff tiff tif
00112 image/vnd.djvu djvu djv
00113 image/vnd.wap.wbmp wbmp
00114 image/x-cmu-raster ras
00115 image/x-icon ico
00116 image/x-portable-anymap pnm
00117 image/x-portable-bitmap pbm
00118 image/x-portable-graymap pgm
00119 image/x-portable-pixmap ppm
00120 image/x-rgb rgb
00121 image/x-xbitmap xbm
00122 image/x-xpixmap xpm
00123 image/x-xwindowdump xwd
00124 model/iges igs iges
00125 model/mesh msh mesh silo
00126 model/vrml wrl vrml
00127 text/calendar ics ifb
00128 text/css css
00129 text/html html htm
00130 text/plain asc txt
00131 text/richtext rtx
00132 text/rtf rtf
00133 text/sgml sgml sgm
00134 text/tab-separated-values tsv
00135 text/vnd.wap.wml wml
00136 text/vnd.wap.wmlscript wmls
00137 text/x-setext etx
00138 video/mpeg mpeg mpg mpe
00139 video/quicktime qt mov
00140 video/vnd.mpegurl mxu
00141 video/x-msvideo avi
00142 video/x-sgi-movie movie
00143 x-conference/x-cooltalk ice";
00144 END_STRING;
00145         $endl = "
00146 ";
00147         $types = explode( $endl, $types );
00148         if ( !preg_match( "/\.(.*?)$/", $filename, $matches ) ) {
00149                 return false;
00150         }
00151 
00152         foreach( $types as $type ) {
00153                 $extensions = explode( " ", $type );
00154                 for ( $i=1; $i<count( $extensions ); $i++ ) {
00155                         if ( $extensions[$i] == $matches[1] ) {
00156                                 return $extensions[0];
00157                         }
00158                 }
00159         }
00160         return false;
00161 }
00162 
00163 function wfForbidden() {
00164         header( "HTTP/1.0 403 Forbidden" );
00165         print 
00166 "<html><body>
00167 <h1>Access denied</h1>
00168 <p>You need to log in to access files on this server</p>
00169 </body></html>";
00170         exit;
00171 }
00172 
00173 ?>
Generated on Tue Jun 29 23:40:03 2004 for Mediawiki by doxygen 1.3.7