<?php

include('includes/db.php');

if (!isset($_GET['id']))
{
	header('Location: /');
	exit;
}

$getcomic = $mysql_conn->prepare("SELECT * FROM comics WHERE filename = ?");
$real_filename = $_GET['id'] . ".png";
$getcomic->bind_param("s", $real_filename);
$getcomic->execute();
$getcomic2 = $getcomic->get_result();
$getcomic3 = $getcomic2->fetch_assoc();

if ($getcomic3['filename'] != $real_filename)
{
	header('Location: /');
	exit;
}

if ($getcomic3['status'] != 'publish')
{
	header('Location: /');
	exit;
}

header('Content-type: image/png');

readfile($_SERVER['DOCUMENT_ROOT'] . '/images/comics/' . $_GET['id'] . '.png');

?>