| [ Index ] |
PHP Cross Reference of e107 v1 |
[Summary view] [Print] [Text view]
1 <?php 2 3 /* 4 + ----------------------------------------------------------------------------+ 5 | e107 website system 6 | 7 | Copyright (c) e107 Inc. 2008-2010 8 | Copyright (C) 2008-2010 e107 Inc (e107.org) 9 | 10 | Released under the terms and conditions of the 11 | GNU General Public License (http://gnu.org). 12 | 13 | $URL: https://e107.svn.sourceforge.net/svnroot/e107/trunk/e107_0.7/request.php $ 14 | $Revision: 12327 $ 15 | $Id: request.php 12327 2011-07-29 19:48:09Z e107coders $ 16 | $Author: e107coders $ 17 +----------------------------------------------------------------------------+ 18 */ 19 20 // ********************************** SEE HIGHLIGHTED AND NUMBERED QUERIES ***************************** 21 22 // Prevent token re-generation 23 define('e_TOKEN_FREEZE', true); 24 if($_SESSION['download_splash']) 25 { 26 define('e_NOCACHE',TRUE); 27 } 28 29 require_once ("class2.php"); 30 include_lan(e_LANGUAGEDIR.e_LANGUAGE."/lan_download.php"); 31 32 if (!e_QUERY || isset($_POST['userlogin'])) 33 { 34 header("location: {$e107->base_path}"); 35 exit(); 36 } 37 38 // ---------------------- Experimental ---------- 39 40 41 $req_cookie = 'e-request_'.md5($_SERVER['SERVER_ADDR']); 42 43 if(isset($_COOKIE[$req_cookie]) && ($_COOKIE[$req_cookie]!= intval(e_QUERY)) && $_SESSION['download_splash'] !==TRUE) // if cookie found, suggest to try later 44 { 45 $_SESSION['download_splash'] = FALSE; 46 require_once(HEADERF); 47 $srch = array("[", "]"); 48 $repl = array("<a href='".$_SERVER['REQUEST_URI']."'>", "</a>"); 49 $text = str_replace($srch,$repl,LAN_dl_79); 50 51 $ns->tablerender(LAN_dl_82,$text); 52 require_once(FOOTERF); 53 54 exit(); 55 } 56 57 if(varset($pref['download_nomultiple'])==1 ) 58 { 59 if(!setcookie($req_cookie, intval(e_QUERY), time() + 30, "/")) // set the cookie and if it fails, request cookies be enabled 60 { 61 $_SESSION['download_splash'] = FALSE; 62 require_once(HEADERF); 63 $srch = array("]","["); 64 $repl = array("</a>","<a href='".$_SERVER['REQUEST_URI']."'>"); 65 $text = str_replace($srch,$repl,LAN_dl_80); 66 $ns->tablerender(LAN_dl_81, $text); 67 require_once(FOOTERF); 68 exit(); 69 } 70 } 71 72 // ---------------------- 73 74 75 76 77 $id = FALSE; 78 if (!is_numeric(e_QUERY)) 79 { 80 if ($sql->db_Select('download', 'download_id', "download_url='".$tp -> toDB(e_QUERY)."'")) 81 { 82 $row = $sql->db_Fetch(); 83 $type = 'file'; 84 $id = $row['download_id']; 85 } 86 elseif((strpos(e_QUERY, "http://") === 0) || (strpos(e_QUERY, "ftp://") === 0) || (strpos(e_QUERY, "https://") === 0)) 87 { 88 header("location: ".e_QUERY); 89 exit(); 90 } 91 elseif(file_exists($DOWNLOADS_DIRECTORY.e_QUERY)) // 1 - should we allow this? 92 { 93 send_file($DOWNLOADS_DIRECTORY.e_QUERY); 94 exit(); 95 } 96 } 97 98 99 if(strstr(e_QUERY, "mirror")) 100 { // Download from mirror 101 list($action, $download_id, $mirror_id) = explode(".", e_QUERY); 102 $download_id = intval($download_id); 103 $mirror_id = intval($mirror_id); 104 $qry = "SELECT d.*, dc.download_category_class FROM #download as d LEFT JOIN #download_category AS dc ON dc.download_category_id = d.download_category WHERE d.download_id = {$download_id}"; 105 if ($sql->db_Select_gen($qry)) 106 { 107 $row = $sql->db_Fetch(); 108 extract($row); 109 if (check_class($download_category_class) && check_class($download_class)) 110 { 111 if($pref['download_limits'] && $download_active == 1) 112 { 113 check_download_limits(); 114 } 115 $mirrorList = explode(chr(1), $download_mirror); 116 $mstr = ""; 117 foreach($mirrorList as $mirror) 118 { 119 if($mirror) 120 { 121 $tmp = explode(",", $mirror); 122 $mid = intval($tmp[0]); 123 $address = $tmp[1]; 124 $requests = $tmp[2]; 125 if($tmp[0] == $mirror_id) 126 { 127 $gaddress = trim($address); 128 $requests ++; 129 } 130 $mstr .= $mid.",".$address.",".$requests.chr(1); 131 } 132 } 133 $sql->db_Update("download", "download_requested = download_requested + 1, download_mirror = '{$mstr}' WHERE download_id = '".intval($download_id)."'"); 134 $sql->db_Update("download_mirror", "mirror_count = mirror_count + 1 WHERE mirror_id = '".intval($mirror_id)."'"); 135 header("Location: {$gaddress}"); 136 exit(); 137 } 138 header("Location: ".e_BASE."download.php?error.{$download_id}.1"); 139 exit; 140 } 141 } 142 143 $tmp = explode(".", e_QUERY); 144 if (!$tmp[1] || strstr(e_QUERY, "pub_")) 145 { 146 $id = intval($tmp[0]); 147 $type = "file"; 148 } 149 else 150 { 151 $table = preg_replace("#\W#", "", $tp -> toDB($tmp[0], true)); 152 $id = intval($tmp[1]); 153 $type = "image"; 154 } 155 156 157 if(varset($pref['download_splashdelay'])==1 ) 158 { 159 160 if($type == 'file' && !varsettrue($_SESSION['download_splash']) && (e_MENU != "nosplash")) // just received request, so show page and refresh after a pause. 161 { 162 $SPLASH_PREVIEW = ((e_QUERY == "preview") && getperms('0')) ? TRUE : FALSE; 163 164 if(!$SPLASH_PREVIEW) 165 { 166 $_SESSION['download_splash'] = TRUE; 167 168 $theLink = SITEURL."request.php?".intval(e_QUERY); 169 header("Refresh: 3; url=\"".$theLink."\""); 170 171 function core_head() // deprecated function in 0.8 172 { 173 return '<meta http-equiv="refresh" content="5; URL=request.php?'.intval(e_QUERY).'" />'; // in case the header fails. 174 } 175 176 } 177 178 require_once(HEADERF); 179 180 $template_name = "request_template.php"; 181 if(is_readable(THEME."templates/".$template_name)) 182 { 183 require_once(THEME."templates/".$template_name); 184 } 185 elseif(is_readable(THEME.$template_name)) 186 { 187 require_once(THEME.$template_name); 188 } 189 else 190 { 191 require_once(e_THEME."templates/".$template_name); 192 } 193 194 $srch = array(); 195 $repl = array(); 196 197 $srch[0] = "{REQUEST_MESSAGE}"; 198 $repl[0] = defined("LAN_dl_83") ? LAN_dl_83 : "Your download will begin in a moment..."; 199 200 $srch[1] = "{REQUEST_CLICKLINK}"; 201 $repl[1] = defined("LAN_dl_84") ? LAN_dl_84 : "If your download doesn't start within a few seconds, please [click here]."; 202 203 $srch[2] = "]"; 204 $repl[2] = "</a>"; 205 206 $srch[3] = "["; 207 $repl[3] = "<a class='request-splash-clicklink' href='request.php?[nosplash]".intval(e_QUERY)."'>"; 208 209 $text = str_replace($srch,$repl,$REQUEST_TEMPLATE); 210 211 $final_text = $tp->parseTemplate($text,TRUE); 212 213 $ns->tablerender(LAN_dl_82,$final_text,'request-splash'); 214 215 require_once(FOOTERF); 216 exit; 217 } 218 else // redirected, so continue. 219 { 220 $_SESSION['download_splash'] = FALSE; 221 } 222 223 } 224 225 226 227 if (preg_match("#.*\.[a-z,A-Z]{3,4}#", e_QUERY)) 228 { 229 if(strstr(e_QUERY, "pub_")) 230 { 231 $bid = str_replace("pub_", "", e_QUERY); 232 if (file_exists(e_FILE."public/".$bid)) 233 { 234 send_file(e_FILE."public/".$bid); 235 exit(); 236 } 237 } 238 if (file_exists($DOWNLOADS_DIRECTORY.e_QUERY)) 239 { 240 send_file($DOWNLOADS_DIRECTORY.e_QUERY); 241 exit(); 242 } 243 require_once(HEADERF); 244 $ns->tablerender(LAN_dl_61, "<div style='text-align:center'>".LAN_dl_65."\n<br /><br />\n<a href='javascript:history.back(1)'>".LAN_dl_64."</a></div>"); 245 require_once(FOOTERF); 246 exit(); 247 } 248 249 if ($type == "file") 250 { 251 $qry = "SELECT d.*, dc.download_category_class FROM #download as d LEFT JOIN #download_category AS dc ON dc.download_category_id = d.download_category WHERE d.download_id = {$id}"; 252 if ($sql->db_Select_gen($qry)) 253 { 254 $row = $sql->db_Fetch(); 255 if (check_class($row['download_category_class']) && check_class($row['download_class'])) 256 { 257 if ($row['download_active'] == 0) 258 { // Inactive download - don't allow 259 require_once(HEADERF); 260 261 $srch = array('--LINK--','[',']'); 262 $repl = array("<a href='".e_HTTP.'download.php'."'>","<a href='".e_HTTP.'download.php'."'>","</a>"); 263 264 $ns -> tablerender(LAN_dl_61, "<div style='text-align:center'>".str_replace($srch,$repl,LAN_dl_78).'</div>'); 265 require_once(FOOTERF); 266 exit(); 267 } 268 269 if($pref['download_limits'] && $row['download_active'] == 1) 270 { 271 check_download_limits(); 272 } 273 extract($row); 274 if($download_mirror) 275 { 276 $array = explode(chr(1), $download_mirror); 277 $c = (count($array)-1); 278 for ($i=1; $i < $c; $i++) 279 { 280 $d = mt_rand(0, $i); 281 $tmp = $array[$i]; 282 $array[$i] = $array[$d]; 283 $array[$d] = $tmp; 284 } 285 $tmp = explode(",", $array[0]); 286 $mirror_id = $tmp[0]; 287 $mstr = ""; 288 foreach($array as $mirror) 289 { 290 if($mirror) 291 { 292 $tmp = explode(",", $mirror); 293 $mid = $tmp[0]; 294 $address = $tmp[1]; 295 $requests = $tmp[2]; 296 if($tmp[0] == $mirror_id) 297 { 298 $gaddress = trim($address); 299 $requests ++; 300 } 301 $mstr .= $mid.",".$address.",".$requests.chr(1); 302 } 303 } 304 $sql -> db_Update("download", "download_requested = download_requested + 1, download_mirror = '{$mstr}' WHERE download_id = '".intval($download_id)."'"); 305 $sql -> db_Update("download_mirror", "mirror_count = mirror_count + 1 WHERE mirror_id = '".intval($mirror_id)."'"); 306 307 header("Location: ".$gaddress); 308 exit(); 309 } 310 311 // increment download count 312 $sql->db_Update("download", "download_requested = download_requested + 1 WHERE download_id = '{$id}'"); 313 $user_id = USER ? USERID : 0; 314 $ip = $e107->getip(); 315 $request_data = "'0', '{$user_id}', '{$ip}', '{$id}', '".time()."'"; 316 //add request info to db 317 $sql->db_Insert("download_requests", $request_data, FALSE); 318 if (preg_match("/Binary\s(.*?)\/.*/", $download_url, $result)) 319 { 320 $bid = $result[1]; 321 $result = @mysql_query("SELECT * FROM ".MPREFIX."rbinary WHERE binary_id = '{$bid}'"); 322 $binary_data = @mysql_result($result, 0, "binary_data"); 323 $binary_filetype = @mysql_result($result, 0, "binary_filetype"); 324 $binary_name = @mysql_result($result, 0, "binary_name"); 325 header("Content-type: {$binary_filetype}"); 326 header("Content-length: {$download_filesize}"); 327 header("Content-Disposition: attachment; filename={$binary_name}"); 328 header("Content-Description: PHP Generated Data"); 329 echo $binary_data; 330 exit(); 331 } 332 if (strstr($download_url, "http://") || strstr($download_url, "ftp://") || strstr($download_url, "https://")) { 333 header("Location: {$download_url}"); 334 exit(); 335 } 336 else 337 { 338 if (file_exists($DOWNLOADS_DIRECTORY.$download_url)) 339 { 340 send_file($DOWNLOADS_DIRECTORY.$download_url); 341 exit(); 342 } 343 elseif(file_exists(e_FILE."public/{$download_url}")) 344 { 345 send_file(e_FILE."public/{$download_url}"); 346 exit(); 347 } 348 } 349 } 350 else 351 { // Download Access Denied. 352 if((!strpos($pref['download_denied'],".php") && 353 !strpos($pref['download_denied'],".htm") && 354 !strpos($pref['download_denied'],".html") && 355 !strpos($pref['download_denied'],".shtml") || 356 (strpos($pref['download_denied'],"signup.php") && USER == TRUE) 357 )) 358 { 359 header("Location: ".e_BASE."download.php?error.{$id}.1"); 360 exit(); 361 } 362 else 363 { 364 header("Location: ".trim($pref['download_denied'])); 365 exit(); 366 } 367 } 368 } 369 else if(strstr(e_QUERY, "pub_")) 370 { 371 /* check to see if public upload and not in download table ... */ 372 $bid = str_replace("pub_", "", e_QUERY); 373 if($result = @mysql_query("SELECT * FROM ".MPREFIX."rbinary WHERE binary_id = '$bid' ")) 374 { 375 $binary_data = @mysql_result($result, 0, "binary_data"); 376 $binary_filetype = @mysql_result($result, 0, "binary_filetype"); 377 $binary_name = @mysql_result($result, 0, "binary_name"); 378 header("Content-type: {$binary_filetype}"); 379 header("Content-length: {$download_filesize}"); 380 header("Content-Disposition: attachment; filename={$binary_name}"); 381 header("Content-Description: PHP Generated Data"); 382 echo $binary_data; 383 exit(); 384 } 385 } 386 387 require_once(HEADERF); 388 $ns -> tablerender(LAN_dl_61, "<div style='text-align:center'>".LAN_dl_65."<br /><br /><a href='javascript:history.back(1)'>".LAN_dl_64."</a></div>"); 389 require_once(FOOTERF); 390 exit(); 391 } 392 393 $sql->db_Select($table, "*", "{$table}_id = '{$id}'"); 394 $row = $sql->db_Fetch(); 395 extract($row); 396 $image = ($table == "upload" ? $upload_ss : $download_image); 397 if (preg_match("/Binary\s(.*?)\/.*/", $image, $result)) 398 { 399 $bid = $result[1]; 400 $result = @mysql_query("SELECT * FROM ".MPREFIX."rbinary WHERE binary_id = '{$bid}'"); 401 $binary_data = @mysql_result($result, 0, "binary_data"); 402 $binary_filetype = @mysql_result($result, 0, "binary_filetype"); 403 $binary_name = @mysql_result($result, 0, "binary_name"); 404 header("Content-type: {$binary_filetype}"); 405 header("Content-Disposition: inline; filename={$binary_name}"); 406 echo $binary_data; 407 exit(); 408 } 409 410 411 $image = ($table == "upload" ? $upload_ss : $download_image); 412 413 if (strpos($image, "http") !== FALSE) 414 { 415 header("Location: {$image}"); 416 exit(); 417 } 418 else 419 { 420 if ($table == "download") 421 { 422 require_once(HEADERF); 423 if (file_exists(e_FILE."download/{$image}")) 424 { 425 $disp = "<div style='text-align:center'><img src='".e_FILE."download/{$image}' alt='' /></div>"; 426 } 427 else if(file_exists(e_FILE."downloadimages/{$image}")) 428 { 429 $disp = "<div style='text-align:center'><img src='".e_FILE."downloadimages/{$image}' alt='' /></div>"; 430 } 431 else 432 { 433 $disp = "<div style='text-align:center'><img src='".e_FILE."public/{$image}' alt='' /></div>"; 434 } 435 $disp .= "<br /><div style='text-align:center'><a href='javascript:history.back(1)'>".LAN_dl_64."</a></div>"; 436 $ns->tablerender($image, $disp); 437 438 require_once(FOOTERF); 439 } else 440 { 441 if (is_file(e_FILE."public/{$image}")) 442 { 443 echo "<img src='".e_FILE."public/{$image}' alt='' />"; 444 } 445 elseif(is_file(e_FILE."downloadimages/{$image}")) 446 { 447 echo "<img src='".e_FILE."downloadimages/{$image}' alt='' />"; 448 } 449 else 450 { 451 require_once(HEADERF); 452 $ns -> tablerender(LAN_dl_61, "<div style='text-align:center'>".LAN_dl_65."<br /><br /><a href='javascript:history.back(1)'>".LAN_dl_64."</a></div>"); 453 require_once(FOOTERF); 454 exit; 455 } 456 exit(); 457 } 458 } 459 460 461 462 // File retrieval function. by Cam. 463 function send_file($file) 464 { 465 global $pref, $DOWNLOADS_DIRECTORY,$FILES_DIRECTORY, $e107; 466 if (!$pref['download_php']) 467 { 468 header("Location: ".SITEURL.$file); 469 exit(); 470 } 471 472 @set_time_limit(10 * 60); 473 @session_write_close(); 474 @e107_ini_set("max_execution_time", 10 * 60); 475 while (@ob_end_clean()); // kill all output buffering else it eats server resources 476 @ob_implicit_flush(TRUE); 477 478 479 $filename = $file; 480 $file = basename($file); 481 $path = realpath($filename); 482 $path_downloads = realpath($DOWNLOADS_DIRECTORY); 483 $path_public = realpath($FILES_DIRECTORY."public/"); 484 if(!strstr($path, $path_downloads) && !strstr($path,$path_public)) 485 { 486 if(E107_DEBUG_LEVEL > 0 && ADMIN) 487 { 488 echo "Failed to Download <b>".$file."</b><br />"; 489 echo "The file-path <b>".$path."<b> didn't match with either <b>{$path_downloads}</b> or <b>{$path_public}</b><br />"; 490 exit(); 491 } 492 else 493 { 494 header("location: {$e107->base_path}"); 495 exit(); 496 } 497 } 498 else 499 { 500 if (is_file($filename) && is_readable($filename) && connection_status() == 0) 501 { 502 $seek = 0; 503 if (strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) 504 { 505 $file = preg_replace('/\./', '%2e', $file, substr_count($file, '.') - 1); 506 } 507 if (isset($_SERVER['HTTP_RANGE'])) 508 { 509 $seek = intval(substr($_SERVER['HTTP_RANGE'] , strlen('bytes='))); 510 } 511 $bufsize = 2048; 512 ignore_user_abort(true); 513 $data_len = filesize($filename); 514 if ($seek > ($data_len - 1)) { $seek = 0; } 515 if ($filename == null) { $filename = basename($this->data); } 516 $res =& fopen($filename, 'rb'); 517 if ($seek) 518 { 519 fseek($res , $seek); 520 } 521 $data_len -= $seek; 522 header("Expires: 0"); 523 header("Cache-Control: max-age=30" ); 524 header("Content-Type: application/force-download"); 525 header("Content-Disposition: attachment; filename=\"{$file}\""); 526 header("Content-Length: {$data_len}"); 527 header("Pragma: public"); 528 if ($seek) 529 { 530 header("Accept-Ranges: bytes"); 531 header("HTTP/1.0 206 Partial Content"); 532 header("status: 206 Partial Content"); 533 header("Content-Range: bytes {$seek}-".($data_len - 1)."/{$data_len}"); 534 } 535 while (!connection_aborted() && $data_len > 0) 536 { 537 echo fread($res , $bufsize); 538 $data_len -= $bufsize; 539 } 540 fclose($res); 541 } 542 else 543 { 544 if(E107_DEBUG_LEVEL > 0 && ADMIN) 545 { 546 echo "file failed =".$file."<br />"; 547 echo "path =".$path."<br />"; 548 exit(); 549 } 550 else 551 { 552 header("location: ".e_BASE."index.php"); 553 exit(); 554 } 555 } 556 } 557 } 558 559 560 function check_download_limits() 561 { 562 global $pref, $sql, $ns, $HEADER, $e107, $tp; 563 // Check download count limits 564 $qry = "SELECT gen_intdata, gen_chardata, (gen_intdata/gen_chardata) as count_perday FROM #generic WHERE gen_type = 'download_limit' AND gen_datestamp IN (".USERCLASS_LIST.") AND (gen_chardata >= 0 AND gen_intdata >= 0) ORDER BY count_perday DESC"; 565 if($sql->db_Select_gen($qry)) 566 { 567 $limits = $sql->db_Fetch(); 568 $cutoff = time() - (86400 * $limits['gen_chardata']); 569 if(USER) 570 { 571 $where = "dr.download_request_datestamp > {$cutoff} AND dr.download_request_userid = ".USERID; 572 } else { 573 $ip = $e107->getip(); 574 $where = "dr.download_request_datestamp > {$cutoff} AND dr.download_request_ip = '{$ip}'"; 575 } 576 $qry = "SELECT COUNT(d.download_id) as count FROM #download_requests as dr LEFT JOIN #download as d ON dr.download_request_download_id = d.download_id AND d.download_active = 1 WHERE {$where} GROUP by dr.download_request_userid"; 577 if($sql->db_Select_gen($qry)) 578 { 579 $row=$sql->db_Fetch(); 580 if($row['count'] >= $limits['gen_intdata']) 581 { 582 // Exceeded download count limit 583 header("Location: ".e_BASE."download.php?error.{$cutoff}.2"); 584 /* require_once(HEADERF); 585 $ns->tablerender(LAN_dl_61, LAN_dl_62); 586 require(FOOTERF); */ 587 exit(); 588 } 589 } 590 } 591 // Check download bandwidth limits 592 $qry = "SELECT gen_user_id, gen_ip, (gen_user_id/gen_ip) as bw_perday FROM #generic WHERE gen_type='download_limit' AND gen_datestamp IN (".USERCLASS_LIST.") AND (gen_user_id >= 0 AND gen_ip >= 0) ORDER BY bw_perday DESC"; 593 if($sql->db_Select_gen($qry)) { 594 $limit = $sql->db_Fetch(); 595 $cutoff = time() - (86400*$limit['gen_ip']); 596 if(USER) { 597 $where = "dr.download_request_datestamp > {$cutoff} AND dr.download_request_userid = ".USERID; 598 } else { 599 $ip = $e107->getip(); 600 $where = "dr.download_request_datestamp > {$cutoff} AND dr.download_request_ip = '{$ip}'"; 601 } 602 $qry = "SELECT SUM(d.download_filesize) as total_bw FROM #download_requests as dr LEFT JOIN #download as d ON dr.download_request_download_id = d.download_id AND d.download_active = 1 WHERE {$where} GROUP by dr.download_request_userid"; 603 if($sql->db_Select_gen($qry)) { 604 $row=$sql->db_Fetch(); 605 if($row['total_bw'] / 1024 > $limit['gen_user_id']) 606 { //Exceed bandwith limit 607 header("Location: ".e_BASE."download.php?error.{$cutoff}.2"); 608 /* require(HEADERF); 609 $ns->tablerender(LAN_dl_61, LAN_dl_62); 610 require(FOOTERF); */ 611 exit(); 612 } 613 } 614 } 615 } 616 617 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Mon Mar 12 16:28:38 2012 | Cross Reference PHPXref |