/**
* Show the image of an attachment/thumbnail.
*/
function attachments_script()
{
// Closed site
$site_closed = get_option('site_closed');
if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) {
header('Content-Type: text/plain');
@exit(get_option('closed'));
}
$id = get_param_integer('id', 0);
$connection = $GLOBALS[get_param_integer('forum_db', 0) == 1 ? 'FORUM_DB' : 'SITE_DB'];
$has_no_restricts = !is_null($connection->query_value_null_ok('attachment_refs', 'id', array('r_referer_type' => 'null', 'a_id' => $id)));
if (!$has_no_restricts) {
global $SITE_INFO;
if (!is_guest() || !isset($SITE_INFO['any_guest_cached_too']) || $SITE_INFO['any_guest_cached_too'] == '0') {
if (get_param('for_session', '-1') != md5(strval(get_session_id())) && get_option('anti_leech') == '1' && ocp_srv('HTTP_REFERER') != '') {
warn_exit(do_lang_tempcode('LEECH_BLOCK'));
}
}
}
require_lang('comcode');
// Lookup
$rows = $connection->query_select('attachments', array('*'), array('id' => $id), 'ORDER BY a_add_time DESC');
if (!array_key_exists(0, $rows)) {
warn_exit(do_lang_tempcode('MISSING_RESOURCE'));
}
$myrow = $rows[0];
header('Last-Modified: ' . gmdate('D, d M Y H:i:s \\G\\M\\T', $myrow['a_add_time']));
if ($myrow['a_url'] == '') {
warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
if (!$has_no_restricts) {
// Permission
if (substr($myrow['a_url'], 0, 20) == 'uploads/attachments/') {
if (!has_attachment_access(get_member(), $id, $connection)) {
access_denied('ATTACHMENT_ACCESS');
}
}
}
$thumb = get_param_integer('thumb', 0);
if ($thumb == 1) {
$full = $myrow['a_thumb_url'];
require_code('images');
$myrow['a_thumb_url'] = ensure_thumbnail($myrow['a_url'], $myrow['a_thumb_url'], 'attachments', 'attachments', intval($myrow['id']), 'a_thumb_url');
} else {
$full = $myrow['a_url'];
if (get_param_integer('no_count', 0) == 0) {
// Update download count
if (ocp_srv('HTTP_RANGE') == '') {
$connection->query_update('attachments', array('a_num_downloads' => $myrow['a_num_downloads'] + 1, 'a_last_downloaded_time' => time()), array('id' => $id), '', 1, NULL, false, true);
}
}
}
// Is it non-local? If so, redirect
if (!url_is_local($full)) {
if (strpos($full, chr(10)) !== false || strpos($full, chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
header('Location: ' . $full);
return;
}
// $breakdown=pathinfo($full);
// $filename=$breakdown['basename'];
$_full = get_custom_file_base() . '/' . rawurldecode($full);
if (!file_exists($_full)) {
warn_exit(do_lang_tempcode('_MISSING_RESOURCE', 'url:' . escape_html($full)));
}
// File is missing, we can't do anything
$size = filesize($_full);
$original_filename = $myrow['a_original_filename'];
$extension = get_file_extension($original_filename);
require_code('files2');
check_shared_bandwidth_usage($size);
require_code('mime_types');
$mime_type = get_mime_type($extension);
/*$myfile2=fopen('test','wb');
fwrite($myfile2,var_export($_SERVER,true));
fwrite($myfile2,var_export($_ENV,true));
fclose($myfile2);*/
// Send header
if (strpos($original_filename, chr(10)) !== false || strpos($original_filename, chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
header('Content-Type: ' . $mime_type . '; authoritative=true;');
if (strstr(ocp_srv('HTTP_USER_AGENT'), 'MSIE') !== false) {
header('Content-Disposition: filename="' . $original_filename . '"');
} else {
header('Content-Disposition: inline; filename="' . $original_filename . '"');
}
header('Accept-Ranges: bytes');
// Caching
header("Pragma: private");
header("Cache-Control: private");
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 60 * 60 * 24 * 365) . ' GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $myrow['a_add_time']) . ' GMT');
// Default to no resume
$from = 0;
$new_length = $size;
@ini_set('zlib.output_compression', 'Off');
// They're trying to resume (so update our range)
$httprange = ocp_srv('HTTP_RANGE');
if (strlen($httprange) > 0) {
$_range = explode('=', ocp_srv('HTTP_RANGE'));
if (count($_range) == 2) {
if (strpos($_range[0], '-') === false) {
$_range = array_reverse($_range);
}
$range = $_range[0];
if (substr($range, 0, 1) == '-') {
$range = strval($size - intval(substr($range, 1)) - 1) . $range;
}
if (substr($range, -1, 1) == '-') {
$range .= strval($size - 1);
}
$bits = explode('-', $range);
if (count($bits) == 2) {
list($from, $to) = array_map('intval', $bits);
if ($to - $from != 0 || $from == 0) {
$new_length = $to - $from + 1;
header('HTTP/1.1 206 Partial Content');
header('Content-Range: bytes ' . $range . '/' . strval($size));
} else {
$from = 0;
}
}
}
}
header('Content-Length: ' . strval($new_length));
if (function_exists('set_time_limit')) {
@set_time_limit(0);
}
error_reporting(0);
if ($from == 0) {
$GLOBALS['SITE_DB']->query('UPDATE ' . get_table_prefix() . 'values SET the_value=(the_value+' . strval((int) $size) . ') WHERE the_name=\'download_bandwidth\'', 1);
}
@ini_set('ocproducts.xss_detect', '0');
// Send actual data
$myfile = fopen($_full, 'rb');
fseek($myfile, $from);
$i = 0;
flush();
// Works around weird PHP bug that sends data before headers, on some PHP versions
while ($i < $new_length) {
$content = fread($myfile, min($new_length - $i, 1048576));
echo $content;
$len = strlen($content);
if ($len == 0) {
break;
}
$i += $len;
}
fclose($myfile);
}
/**
* Farm out the files for downloads.
*/
function dload_script()
{
// Closed site
$site_closed = get_option('site_closed');
if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) {
header('Content-Type: text/plain');
@exit(get_option('closed'));
}
global $SITE_INFO;
if (!is_guest() || !isset($SITE_INFO['any_guest_cached_too']) || $SITE_INFO['any_guest_cached_too'] == '0') {
if (get_param('for_session', '-1') != md5(strval(get_session_id())) && get_option('anti_leech') == '1' && ocp_srv('HTTP_REFERER') != '') {
warn_exit(do_lang_tempcode('LEECH_BLOCK'));
}
}
require_lang('downloads');
$id = get_param_integer('id', 0);
// Lookup
$rows = $GLOBALS['SITE_DB']->query_select('download_downloads', array('*'), array('id' => $id), '', 1);
if (!array_key_exists(0, $rows)) {
warn_exit(do_lang_tempcode('MISSING_RESOURCE'));
}
$myrow = $rows[0];
// Permission
if (!has_category_access(get_member(), 'downloads', strval($myrow['category_id']))) {
access_denied('CATEGORY_ACCESS');
}
// Cost?
$got_before = $GLOBALS['SITE_DB']->query_value_null_ok('download_logging', 'the_user', array('the_user' => get_member(), 'id' => $id));
if (addon_installed('points')) {
if ($myrow['download_cost'] > 0) {
require_code('points2');
$member = get_member();
if (is_guest($member)) {
access_denied('NOT_AS_GUEST');
}
// Check they haven't downloaded this before (they only get charged once - maybe they are resuming)
if (is_null($got_before)) {
$cost = $myrow['download_cost'];
$member = get_member();
if (is_guest($member)) {
access_denied('NOT_AS_GUEST');
}
$dif = $cost - available_points($member);
if ($dif > 0 && !has_specific_permission(get_member(), 'have_negative_gift_points')) {
warn_exit(do_lang_tempcode('LACKING_POINTS', integer_format($dif)));
}
require_code('points2');
charge_member($member, $cost, do_lang('DOWNLOADED_THIS', get_translated_text($myrow['name'])));
if ($myrow['download_submitter_gets_points'] == 1) {
system_gift_transfer(do_lang('THEY_DOWNLOADED_THIS', get_translated_text($myrow['name'])), $cost, $myrow['submitter']);
}
}
}
}
// Filename
$full = $myrow['url'];
$breakdown = @pathinfo($full) or warn_exit(do_lang_tempcode('HTTP_DOWNLOAD_NO_SERVER', $full));
// $filename=$breakdown['basename'];
if (!array_key_exists('extension', $breakdown)) {
$extension = '';
} else {
$extension = strtolower($breakdown['extension']);
}
if (url_is_local($full)) {
$_full = get_custom_file_base() . '/' . rawurldecode($full);
} else {
$_full = rawurldecode($full);
}
// Is it non-local? If so, redirect
if (!url_is_local($full) || !file_exists(get_file_base() . '/' . rawurldecode(filter_naughty($full)))) {
if (url_is_local($full)) {
$full = get_custom_base_url() . '/' . $full;
}
if (strpos($full, chr(10)) !== false || strpos($full, chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
header('Location: ' . $full);
log_download($id, 0, !is_null($got_before));
// Bandwidth used is 0 for an external download
return;
}
// Some basic security: don't fopen php files
if ($extension == 'php') {
log_hack_attack_and_exit('PHP_DOWNLOAD_INNOCENT', integer_format($id));
}
// Size, bandwidth, logging
$size = filesize($_full);
if (is_null($got_before)) {
$bandwidth = $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT SUM(file_size) AS answer FROM ' . get_table_prefix() . 'download_logging l LEFT JOIN ' . get_table_prefix() . 'download_downloads d ON l.id=d.id WHERE date_and_time>' . strval(time() - 24 * 60 * 60 * 32));
if ($bandwidth + floatval($size) > floatval(get_option('maximum_download')) * 1024 * 1024 * 1024 && !has_specific_permission(get_member(), 'bypass_bandwidth_restriction')) {
warn_exit(do_lang_tempcode('TOO_MUCH_DOWNLOAD'));
}
require_code('files2');
check_shared_bandwidth_usage($size);
}
log_download($id, $size, !is_null($got_before));
// Send header
if (strpos($myrow['original_filename'], chr(10)) !== false || strpos($myrow['original_filename'], chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
header('Content-Type: application/octet-stream' . '; authoritative=true;');
if (get_option('immediate_downloads') == '1') {
require_code('mime_types');
header('Content-Type: ' . get_mime_type(get_file_extension($myrow['original_filename'])) . '; authoritative=true;');
header('Content-Disposition: filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($myrow['original_filename']))) . '"');
} else {
if (strstr(ocp_srv('HTTP_USER_AGENT'), 'MSIE') !== false) {
header('Content-Disposition: filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($myrow['original_filename']))) . '"');
} else {
header('Content-Disposition: attachment; filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($myrow['original_filename']))) . '"');
}
}
header('Accept-Ranges: bytes');
// Caching
header("Pragma: private");
header("Cache-Control: private");
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 60 * 60 * 24 * 365) . ' GMT');
$time = is_null($myrow['edit_date']) ? $myrow['add_date'] : $myrow['edit_date'];
$time = max($time, filemtime($_full));
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $time) . ' GMT');
// Default to no resume
$from = 0;
$new_length = $size;
@ini_set('zlib.output_compression', 'Off');
// They're trying to resume (so update our range)
$httprange = ocp_srv('HTTP_RANGE');
if (strlen($httprange) > 0) {
$_range = explode('=', ocp_srv('HTTP_RANGE'));
if (count($_range) == 2) {
if (strpos($_range[0], '-') === false) {
$_range = array_reverse($_range);
}
$range = $_range[0];
if (substr($range, 0, 1) == '-') {
$range = strval($size - intval(substr($range, 1)) - 1) . $range;
}
if (substr($range, -1, 1) == '-') {
$range .= strval($size - 1);
}
$bits = explode('-', $range);
if (count($bits) == 2) {
list($from, $to) = array_map('intval', $bits);
if ($to - $from != 0 || $from == 0) {
$new_length = $to - $from + 1;
header('HTTP/1.1 206 Partial Content');
header('Content-Range: bytes ' . $range . '/' . strval($size));
} else {
$from = 0;
}
}
}
}
header('Content-Length: ' . strval($new_length));
if (function_exists('set_time_limit')) {
@set_time_limit(0);
}
error_reporting(0);
// Send actual data
$myfile = fopen($_full, 'rb');
fseek($myfile, $from);
$i = 0;
flush();
// Works around weird PHP bug that sends data before headers, on some PHP versions
while ($i < $new_length) {
$content = fread($myfile, min($new_length - $i, 1048576));
echo $content;
$len = strlen($content);
if ($len == 0) {
break;
}
$i += $len;
}
fclose($myfile);
/*
Security note... at the download adding/editing stage, we ensured that
only files accessible to the web server (in raw form) could end up in
our database.
Therefore we did not check here that our file was accessible in raw
form.
*/
}
