I'm using GD php to inject an image into an HTML tag and I want to make sure that the Wordpress user can access the image.
I have an img tag on my Wordpress page which generates an image from data extracted from the database.
<img src=\""+imagepath+"image.php?file="+fn+"&layout="+layout+"&w="+window.innerWidth+"&h="+window.innerHeight+"\" />
Contents of image.php:
<?php
include_once('../../../wp-load.php');
$current_user = wp_get_current_user();
$userID=$current_user->ID;
error_log("
".$userID."-:-
");
$path=realpath('.').'/';
$width=$_GET['w'];
$height=$_GET['h'];
$im = ImageCreate($width,$height);
$white = ImageColorAllocate($im,0xFF,0xFF,0xFF);
$black = ImageColorAllocate($im,0x00,0x00,0x00);
ImageFilledRectangle($im,50,50,$width-100,$height-100,$black);
imagefttext($im,12,0,60,60,$white,$path."ARIAL.TTF",$userID);
imagefttext($im,12,0,60,160,$white,$path."ARIAL.TTF",$_GET['file']);
header('Content-Type: image/png');
ImagePNG($im);
?>
I'm guessing that 'wp-load.php' defines the header which will conflict with 'Content-Type: image/png'.
Is there a way that I can validate the user so that I can see whether he should have access to the image? I also need access to the database, but I'm pretty sure that I can include wp-config.php for DB_NAME, etc although I haven't tested that yet.