<?
session_start();
include("#mysql.php");
include(".function.php");
$i = $_GET['id'];
$art = $_GET['art'];
$login = false;
if(!empty($_SESSION["loginvulgo"])){
	$login = true;
}
// some basic sanity checks
if(isset($i) && is_numeric($i)) {	
	if($art == 'bilder'){
		$big = $_GET['big'];
		$anzeigen = $_GET['anzeigen'];
		
		if($big == '1'){
			$subDir = "bilder";
		}else{
			$subDir = "thumbs";
		}
		if($login){
			$query = "SELECT bildFile, folder, anzeigen FROM bilder JOIN albums ON bilder.idAlbum = albums.idAlbum WHERE idBild = '$i' AND anzeigen = '$anzeigen' AND bilder.del = '0' AND (albums.sec = '1' OR albums.sec = '0') AND (bilder.sec = '1' OR bilder.sec = '0') ";
		}else{
			$query = "SELECT bildFile, folder, anzeigen FROM bilder JOIN albums ON bilder.idAlbum = albums.idAlbum WHERE idBild = '$i' AND anzeigen = '$anzeigen' AND bilder.del = '0' AND albums.sec = '0' AND bilder.sec = '0' ";
		}
		$sql = mysql_query($query) or die(mysql_error());
		$ds = mysql_fetch_object($sql);
		$bdFile = $ds -> bildFile;
		$folder = $ds -> folder;
				
		$dir="/var/www/vhosts/web1212.sabine.webhoster.ag/httpdocs/daten/albums/".$folder."/".$subDir."/";
		header("Content-type: image/jpeg");
		readfile($dir.$bdFile);
	}			
	if($art == 'album'){
		if($login){
			$sql = "SELECT bilder.bildFile, albums.folder FROM bilder JOIN albums ON bilder.idAlbum = albums.idAlbum WHERE albums.idAlbum = '$i' AND bilder.albumCover = '1' AND (albums.sec = '1' OR albums.sec = '0') AND (bilder.sec = '1' OR bilder.sec = '0')";
		}else{
			$sql = "SELECT bilder.bildFile, albums.folder FROM bilder JOIN albums ON bilder.idAlbum = albums.idAlbum WHERE albums.idAlbum = '$i' AND bilder.albumCover = '1' AND albums.sec = '0' AND bilder.sec = '0'";
		}
		$result = mysql_query($sql) or die(mysql_error());
		$array = mysql_fetch_array($result);
		header("Content-type: image/jpeg");
		$dir="/var/www/vhosts/web1212.sabine.webhoster.ag/httpdocs/daten/albums/".$array['folder']."/thumbs/";
		readfile($dir.$array['bildFile']);	
	}
	if($art == 'user'){
		if($login){
			$do = true;
		}else{
			$do = checkUserInCharge($i);
		}
		if($do){
			$big = $_GET['big'];
			
			$sql = "SELECT bildSmall, bildBig, standardBild FROM users WHERE idUser = '$i'";
			$result = mysql_query($sql) or die(mysql_error());
			$array = mysql_fetch_array($result);
			header("Content-type: image/jpeg");
			if($big){
				$num = 1;
				$platz = "platz.jpg";
				
			}else{
				$num = 0;
				$platz = "platz.jpg";
			}
			if($array['standardBild'] == 0){
				echo mysql_result($result, $num);
			}else{
				$dir="/var/www/vhosts/web1212.sabine.webhoster.ag/httpdocs/daten/albums/";
				readfile($dir.$platz);	
			}
		}
	}
}
else {
echo 'Please use a real id number or a number';
}
?>