comic.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

<?php

include('includes/db.php');

if (!isset($_GET['id']))
{
	header('Location: /');
	exit;
}

$getcomic = "SELECT * FROM comics WHERE filename = \"" . $_GET['id'] . ".png\"";
$getcomic2 = mysql_query($getcomic);
$getcomic3 = mysql_fetch_array($getcomic2);

if ($getcomic3['filename'] != ($_GET['id'] . '.png'))
{
	header('Location: /');
	exit;
}

if ($getcomic3['status'] != 'publish')
{
	header('Location: /');
	exit;
}

header('Content-type: image/png');

readfile($_SERVER['DOCUMENT_ROOT'] . '/images/comics/' . $_GET['id'] . '.png');

?>