X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=img.php;h=087ff2da69462cbda39e858f43f4b96d8e8c28bf;hb=e6398bad6d0293d1c7da37a410ae7e359895c41e;hp=27a49b6c90ea1b0a624c5a304da3b4f79c1bb15c;hpb=64fca63a29fb2a863d159734627795acfb17c853;p=contagged

diff --git a/img.php b/img.php
index 27a49b6..087ff2d 100644
--- a/img.php
+++ b/img.php
@@ -2,15 +2,23 @@
 require_once('inc/init.php');
 ldap_login();
 
+if ($conf['userlogreq'] && !isset($_SESSION['ldapab']['username'])){
+  header("HTTP/1.0 401 Access Denied");
+  echo '<h1>Access Denied</h1>';
+  exit();
+}
+
 $dn = $_REQUEST['dn'];
 
-$sr = ldap_search($LDAP_CON,$dn,'(objectClass=inetOrgPerson)',array('jpegPhoto'));
+$sr = ldap_search($LDAP_CON,$dn,'(objectClass=inetOrgPerson)',array($FIELDS['photo']));
 if(!ldap_count_entries($LDAP_CON,$sr)){
+  header("HTTP/1.0 404 Not Found");
+  echo '<h1>Not Found</h1>';
   exit;
 }
 $result = ldap_get_binentries($LDAP_CON, $sr);
 $entry  = $result[0];
 
 header("Content-type: image/jpeg");
-print $entry['jpegPhoto'][0];
+print $entry[$FIELDS['photo']][0];
 ?>