forked from projectsend/projectsend
/
download.php
122 lines (103 loc) · 3.1 KB
/
download.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
<?php
/**
* Serves the public downloads.
*
* @package ProjectSend
*
*/
$allowed_levels = array(9,8,7,0);
require_once('sys.includes.php');
$page_title = __('Download','cftp_admin');
$dont_redirect_if_logged = 1;
include('header-unlogged.php');
if (!empty($_GET['token']) && !empty($_GET['id'])) {
$got_token = mysql_real_escape_string($_GET['token']);
$got_file_id = $_GET['id'];
$can_download = true;
/**
* Get the user's id
*/
$query_file = $database->query("SELECT * FROM tbl_files WHERE id = '" . (int)$got_file_id . "' AND public_allow = '1' AND BINARY public_token = '" . $got_token . "'");
$count_request = mysql_num_rows($query_file);
if ($count_request > 0){
$got_url = mysql_fetch_array($query_file);
$expires = $got_url['expires'];
$expiry_date = $got_url['expiry_date'];
if ($expires == '1' && time() > strtotime($expiry_date)) {
$can_download = false;
}
}
else {
$can_download = false;
}
if ($can_download == true) {
$real_file_url = $got_url['url'];
if (!isset($_GET['download'])) {
$download_link = BASE_URI . 'download.php?id=' . $got_file_id . '&token=' . $got_token . '&download';
}
else {
// DOWNLOAD
$real_file = UPLOADED_FILES_FOLDER.$real_file_url;
if (file_exists($real_file)) {
while (ob_get_level()) ob_end_clean();
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($real_file));
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Cache-Control: private',false);
header('Content-Length: ' . get_real_size($real_file));
header('Connection: close');
readfile($real_file);
die();
}
}
}
else {
$errorstate = 'token_invalid';
}
}
?>
<h2><?php echo $page_title; ?></h2>
<div class="container">
<div class="row">
<div class="span4 offset4 white-box">
<div class="white-box-interior">
<?php
/**
* Show status message
*/
if (isset($errorstate)) {
switch ($errorstate) {
case 'token_invalid':
$login_err_message = __("The request is not valid.",'cftp_admin');
break;
}
echo system_message('error',$login_err_message,'login_error');
}
if (isset($download_link)) {
?>
<div class="text-center">
<p><?php _e('The following file is now ready for you to download:','cftp_admin'); ?><br /><strong><?php echo $real_file_url; ?></strong></p>
<a href="<?php echo $download_link; ?>" class="btn btn-primary">
<?php _e('Download file','cftp_admin'); ?>
</a>
</div>
<?php
}
?>
<div class="login_form_links">
<p><a href="<?php echo BASE_URI; ?>" target="_self"><?php _e('Go back to the homepage.','cftp_admin'); ?></a></p>
</div>
</div>
</div>
</div>
</div> <!-- container -->
</div> <!-- main (from header) -->
<?php default_footer_info(false); ?>
</body>
</html>
<?php
$database->Close();
ob_end_flush();
?>