liquid_feedback_frontend

annotate fastpath/getpic.c @ 873:5f681205dd44

find changesets by author, revision, files, or words in the commit message
Added agument check again for public access
author bsw
date Sat Aug 18 22:59:00 2012 +0200 (2012-08-18)
parents 0f29051a49f6
children 2dfa6f5b7670
rev   line source
bsw/jbe@4 1 #include <stdlib.h>
bsw/jbe@4 2 #include <stdio.h>
bsw/jbe@4 3 #include <libpq-fe.h>
bsw/jbe@4 4 #include <string.h>
bsw/jbe@4 5 #include <regex.h>
bsw/jbe@4 6 #include <sys/types.h>
bsw/jbe@4 7 #include <sys/stat.h>
bsw/jbe@4 8 #include <unistd.h>
bsw/jbe@4 9
bsw/jbe@4 10 #ifndef GETPIC_CONNINFO
bsw/jbe@4 11 #define GETPIC_CONNINFO "dbname=liquid_feedback"
bsw/jbe@4 12 #endif
bsw/jbe@4 13
bsw/jbe@4 14 #ifndef GETPIC_DEFAULT_AVATAR
bsw/jbe@4 15 #define GETPIC_DEFAULT_AVATAR "/opt/liquid_feedback_testing/app/static/avatar.jpg"
bsw/jbe@4 16 #endif
bsw/jbe@4 17
bsw/jbe@4 18 int main(int argc, const char * const *argv) {
bsw/jbe@4 19
bsw/jbe@4 20 char *args_string;
bsw/jbe@4 21 char *member_id;
bsw/jbe@4 22 char *image_type;
bsw/jbe@52 23 const char *sql_member_image_params[2];
bsw/jbe@4 24
bsw@871 25 #ifndef PUBLIC_ACCESS
bsw/jbe@5 26 char *cookies;
bsw/jbe@5 27 regex_t session_ident_regex;
bsw/jbe@4 28 ssize_t start, length;
bsw/jbe@5 29 regmatch_t session_ident_regmatch[3];
bsw/jbe@4 30 char *session_ident;
bsw/jbe@52 31 const char *sql_session_params[1];
bsw@871 32 #endif
bsw/jbe@4 33
bsw/jbe@5 34 PGconn *conn;
bsw/jbe@5 35 PGresult *dbr;
bsw/jbe@4 36
bsw/jbe@4 37 args_string = getenv("QUERY_STRING");
bsw@873 38 #ifdef PUBLIC_ACCESS
bsw@873 39 if (!args_string) {
bsw@873 40 fputs("Status: 403 Access Denied\n\n", stdout);
bsw@873 41 return 0;
bsw@873 42 }
bsw@873 43 #else
bsw/jbe@5 44 cookies = getenv("HTTP_COOKIE");
bsw/jbe@5 45 if (!args_string || !cookies) {
bsw/jbe@4 46 fputs("Status: 403 Access Denied\n\n", stdout);
bsw/jbe@4 47 return 0;
bsw/jbe@4 48 }
bsw@871 49 #endif
bsw/jbe@4 50
bsw/jbe@4 51 member_id = strtok(args_string, "+");
bsw/jbe@4 52 image_type = strtok(NULL, "+");
bsw/jbe@4 53 sql_member_image_params[0] = member_id;
bsw/jbe@4 54 sql_member_image_params[1] = image_type;
bsw/jbe@4 55
bsw@871 56 #ifndef PUBLIC_ACCESS
bsw/jbe@5 57 if (regcomp(&session_ident_regex, "(^|[; \t])liquid_feedback_session=([0-9A-Za-z]+)", REG_EXTENDED) != 0) {
bsw/jbe@4 58 // shouldn't happen
bsw/jbe@4 59 abort();
bsw/jbe@4 60 }
bsw/jbe@52 61 if (regexec(&session_ident_regex, cookies, 3, session_ident_regmatch, 0) != 0) {
bsw/jbe@4 62 fputs("Status: 403 Access Denied\n\n", stdout);
bsw/jbe@4 63 return 0;
bsw/jbe@4 64 }
bsw/jbe@5 65 start = session_ident_regmatch[2].rm_so;
bsw/jbe@5 66 length = session_ident_regmatch[2].rm_eo - session_ident_regmatch[2].rm_so;
bsw/jbe@4 67 session_ident = malloc(length + 1);
bsw/jbe@5 68 if (!session_ident) abort(); // shouldn't happen
bsw/jbe@4 69 strncpy(session_ident, cookies + start, length);
bsw/jbe@4 70 session_ident[length] = 0;
bsw/jbe@4 71 sql_session_params[0] = session_ident;
bsw/jbe@4 72
bsw/jbe@4 73 conn = PQconnectdb(GETPIC_CONNINFO);
bsw/jbe@4 74 if (!conn) {
bsw/jbe@4 75 fputs("Could not create PGconn structure.\n", stderr);
bsw/jbe@4 76 return 1;
bsw/jbe@4 77 }
bsw/jbe@4 78 if (PQstatus(conn) != CONNECTION_OK) {
bsw/jbe@4 79 fputs(PQerrorMessage(conn), stderr);
bsw/jbe@5 80 PQfinish(conn);
bsw/jbe@4 81 return 1;
bsw/jbe@4 82 }
bsw/jbe@4 83
bsw/jbe@4 84 dbr = PQexecParams(conn,
bsw/jbe@4 85 "SELECT NULL FROM session JOIN member ON member.id = session.member_id WHERE session.ident = $1 AND member.active",
bsw/jbe@4 86 1, NULL, sql_session_params, NULL, NULL, 0
bsw/jbe@4 87 );
bsw/jbe@4 88 if (PQresultStatus(dbr) != PGRES_TUPLES_OK) {
bsw/jbe@4 89 fputs(PQresultErrorMessage(dbr), stderr);
bsw/jbe@5 90 PQfinish(conn);
bsw/jbe@4 91 return 1;
bsw/jbe@4 92 }
bsw/jbe@4 93 if (PQntuples(dbr) != 1) {
bsw/jbe@4 94 fputs("Status: 403 Access Denied\n\n", stdout);
bsw/jbe@5 95 PQfinish(conn);
bsw/jbe@4 96 return 0;
bsw/jbe@4 97 }
bsw@871 98 #endif
bsw/jbe@4 99
bsw/jbe@4 100 dbr = PQexecParams(conn,
bsw/jbe@4 101 "SELECT content_type, data "
bsw/jbe@4 102 "FROM member_image "
bsw/jbe@4 103 "WHERE member_id = $1 "
bsw/jbe@4 104 "AND image_type = $2 "
bsw/jbe@4 105 "AND scaled "
bsw/jbe@4 106 "LIMIT 1;",
bsw/jbe@4 107 2, NULL, sql_member_image_params, NULL, NULL, 1
bsw/jbe@4 108 );
bsw/jbe@4 109 if (PQresultStatus(dbr) != PGRES_TUPLES_OK) {
bsw/jbe@4 110 fputs(PQresultErrorMessage(dbr), stderr);
bsw/jbe@5 111 PQfinish(conn);
bsw/jbe@4 112 return 1;
bsw/jbe@4 113 }
bsw/jbe@4 114 if (PQntuples(dbr) == 0) {
bsw/jbe@4 115 struct stat sb;
bsw/jbe@4 116 PQclear(dbr);
bsw/jbe@4 117 PQfinish(conn);
bsw/jbe@4 118 fputs("Content-Type: image/jpeg\n\n", stdout);
bsw/jbe@4 119 if (stat(GETPIC_DEFAULT_AVATAR, &sb)) return 1;
bsw/jbe@5 120 fprintf(stdout, "Content-Length: %i\n", (int)sb.st_size);
bsw/jbe@4 121 execl("/bin/cat", "cat", GETPIC_DEFAULT_AVATAR, NULL);
bsw/jbe@4 122 return 1;
bsw/jbe@4 123 } else {
bsw/jbe@4 124 if (PQnfields(dbr) < 0) {
bsw/jbe@4 125 fputs("Too few columns returned by database.\n", stderr);
bsw/jbe@5 126 PQfinish(conn);
bsw/jbe@4 127 return 1;
bsw/jbe@4 128 }
bsw/jbe@4 129 if (PQfformat(dbr, 0) != 1 || PQfformat(dbr, 1) != 1) {
bsw/jbe@4 130 fputs("Database did not return data in binary format.\n", stderr);
bsw/jbe@5 131 PQfinish(conn);
bsw/jbe@4 132 return 1;
bsw/jbe@4 133 }
bsw/jbe@4 134 if (PQgetisnull(dbr, 0, 0) || PQgetisnull(dbr, 0, 1)) {
bsw/jbe@4 135 fputs("Unexpected NULL in database result.\n", stderr);
bsw/jbe@5 136 PQfinish(conn);
bsw/jbe@4 137 return 1;
bsw/jbe@4 138 }
bsw/jbe@52 139 fprintf(stdout, "Content-Type: %s\n\n", PQgetvalue(dbr, 0, 0));
bsw/jbe@4 140 fwrite(PQgetvalue(dbr, 0, 1), PQgetlength(dbr, 0, 1), 1, stdout);
bsw/jbe@4 141 }
bsw/jbe@4 142 PQfinish(conn);
bsw/jbe@4 143 return 0;
bsw/jbe@5 144
bsw/jbe@4 145 }

Impressum / About Us