homepage Welcome to WebmasterWorld Guest from 54.166.65.9
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
PHP Help! action.php HTTP 400 Bad Request - What 'am I missing?
Scotty13




msg:4421029
 6:50 pm on Feb 23, 2012 (gmt 0)

Building a photo album / upload image page in my website.
I have a page that’s giving me trouble… action.php

Error when I test in browser: HTTP 400 Bad Request / webpage cannot be found (highlighted below)

<?php

define('PHPWG_ROOT_PATH','./');
include_once(PHPWG_ROOT_PATH.'include/common.inc.php');

// Check Access and exit when user status is not ok
check_status(ACCESS_GUEST);

function guess_mime_type($ext)
{
switch ( strtolower($ext) )
{
case "jpe": case "jpeg":
case "jpg": $ctype="image/jpeg"; break;
case "png": $ctype="image/png"; break;
case "gif": $ctype="image/gif"; break;
case "tiff":
case "tif": $ctype="image/tiff"; break;
case "txt": $ctype="text/plain"; break;
case "html":
case "htm": $ctype="text/html"; break;
case "xml": $ctype="text/xml"; break;
case "pdf": $ctype="application/pdf"; break;
case "zip": $ctype="application/zip"; break;
case "ogg": $ctype="application/ogg"; break;
default: $ctype="application/octet-stream";
}
return $ctype;
}

function do_error( $code, $str )
{
set_status_header( $code );
echo $str ;
exit();
}


if (!isset($_GET['id'])
or !is_numeric($_GET['id'])
or !isset($_GET['part'])
or !in_array($_GET['part'], array('t','e','i','h') ) )
{
do_error(400, 'Invalid request - id/part');}

$query = '
SELECT * FROM '. IMAGES_TABLE.'
WHERE id='.$_GET['id'].'
;';

$result = pwg_query($query);
$element_info = pwg_db_fetch_assoc($result);
if ( empty($element_info) )
{
do_error(404, 'Requested id not found');
}

// $filter['visible_categories'] and $filter['visible_images']
// are not used because it's not necessary (filter <> restriction)
$query='
SELECT id
FROM '.CATEGORIES_TABLE.'
INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON category_id = id
WHERE image_id = '.$_GET['id'].'
'.get_sql_condition_FandF(
array(
'forbidden_categories' => 'category_id',
'forbidden_images' => 'image_id',
),
' AND'
).'
LIMIT 1
;';
if ( pwg_db_num_rows(pwg_query($query))<1 )
{
do_error(401, 'Access denied');
}

include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
$file='';
switch ($_GET['part'])
{
case 't':
$file = get_thumbnail_path($element_info);
break;
case 'e':
$file = get_element_path($element_info);
break;
case 'i':
$file = get_image_path($element_info);
break;
case 'h':
if ( $user['enabled_high']!='true' )
{
do_error(401, 'Access denied h');
}
$file = get_high_path($element_info);
break;
}

if ( empty($file) )
{
do_error(404, 'Requested file not found');
}

if ($_GET['part'] == 'h') {
pwg_log($_GET['id'], 'high');
}
else if ($_GET['part'] == 'e')
{
pwg_log($_GET['id'], 'other');
}

$http_headers = array();

$ctype = null;
if (!url_is_remote($file))
{
if ( !@is_readable($file) )
{
do_error(404, "Requested file not found - $file");
}
$http_headers[] = 'Content-Length: '.@filesize($file);
if ( function_exists('mime_content_type') )
{
$ctype = mime_content_type($file);
}

$gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)).' GMT';
$http_headers[] = 'Last-Modified: '.$gmt_mtime;

// following lines would indicate how the client should handle the cache
/* $max_age=300;
$http_headers[] = 'Expires: '.gmdate('D, d M Y H:i:s', time()+$max_age).' GMT';
// HTTP/1.1 only
$http_headers[] = 'Cache-Control: private, must-revalidate, max-age='.$max_age;*/

if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
{
set_status_header(304);
foreach ($http_headers as $header)
{
header( $header );
}
exit();
}
}

if (!isset($ctype))
{ // give it a guess
$ctype = guess_mime_type( get_extension($file) );
}

$http_headers[] = 'Content-Type: '.$ctype;

if (!isset($_GET['view']))
{
$http_headers[] = 'Content-Disposition: attachment; filename="'.$element_info['file'].'";';
$http_headers[] = 'Content-Transfer-Encoding: binary';
}
else
{
$http_headers[] = 'Content-Disposition: inline; filename="'
.basename($file).'";';
}

foreach ($http_headers as $header)
{
header( $header );
}

// Looking at the safe_mode configuration for execution time
if (ini_get('safe_mode') == 0)
{
@set_time_limit(0);
}

@readfile($file);

?>

 

rocknbil




msg:4421399
 4:54 pm on Feb 24, 2012 (gmt 0)

Welcome aboard Scotty13. Look at your logic . . . if $_GET['id'] is not set, or it's not numeric (which would still fail if it's zero,) or $_GET['part'] isn't set, or it's not in some array, pass some information to the do_error() function, which exits. On a direct call to this script without passing a query string fulfilling those conditions,

scriptname.php?id=1234&part=e

... it will always output an error at that point.

If that's what your question is, just comment out that do_error line. There's a bunch of other screwy things going on but that will get past that part.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved