} else { // Override content type with header setting header('Content-Type: ' . $content_type); } // Transfer encoding header('Content-Transfer-Encoding: binary'); // Content length header('Content-Length: ' . filesize(dc_file_location() . $release->filename)); // Cache handling header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); header('Expires: 0'); // Stream file ob_clean(); flush(); $handle = fopen(dc_file_location() . $release->filename, 'rb'); $chunksize = 1 * (1024 * 1024); $buffer = ''; if ($handle === false) { exit; } while (!feof($handle)) { $buffer = fread($handle, $chunksize); echo $buffer; flush(); } // Close file fclose($handle); // Exit exit; }
/** * Sends headers to download file when download code was entered successfully */ function dc_send_download_headers() { global $wpdb; // Only continue if lease is provided as a query parameter if (isset($_GET['lease'])) { // Get details for code and release $release = $wpdb->get_row($wpdb->prepare("SELECT r.*, c.ID as code, c.code_prefix, c.code_suffix FROM " . dc_tbl_releases() . " r INNER JOIN " . dc_tbl_codes() . " c ON c.release = r.ID WHERE MD5(CONCAT('wp-dl-hash',c.ID)) = %s", array($_GET['lease']))); // Get # of downloads with this code $downloads = $wpdb->get_row($wpdb->prepare("SELECT COUNT(*) AS downloads FROM " . dc_tbl_downloads() . " WHERE code= %s", array($release->code))); // Start download if maximum of allowed downloads is not reached if ($downloads->downloads < $release->allowed_downloads) { // Get current IP $IP = $_SERVER['REMOTE_ADDR']; // Insert download in downloads table $wpdb->insert(dc_tbl_downloads(), array('code' => $release->code, 'IP' => $IP), array('%d', '%s')); // If Apache's xsendfile is enabled (must be installed and working on server side) if (dc_xsendfile_enabled()) { header('X-Sendfile: ' . dc_file_location() . $release->filename); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename=\\"' . urlencode($release->filename) . '\\"'); exit; } // Increase timeout for slow connections set_time_limit(0); // Deactivate output compression (required for IE, otherwise Content-Disposition is ignored) if (ini_get('zlib.output_compression')) { ini_set('zlib.output_compression', 'Off'); } // Content description header('Content-Description: File Transfer'); // Content disposition if (strpos($_SERVER['HTTP_USER_AGENT'], "MSIE") > 0) { header('Content-Disposition: attachment; filename="' . urlencode($release->filename) . '"'); } else { header('Content-Disposition: attachment; filename*=UTF-8\'\'' . urlencode($release->filename)); } // Content type $content_type = dc_header_content_type(); if ($content_type == DC_HEADER_CONTENT_TYPE) { // Send MIME type of current file header('Content-Type: ' . get_mime_content_type(dc_file_location() . $release->filename)); } else { // Override content type with header setting header('Content-Type: ' . $content_type); } // Transfer encoding header('Content-Transfer-Encoding: binary'); // Content length header('Content-Length: ' . filesize(dc_file_location() . $release->filename)); // Cache handling header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); header('Expires: 0'); // Stream file ob_clean(); flush(); $handle = fopen(dc_file_location() . $release->filename, 'rb'); $chunksize = 1 * (1024 * 1024); $buffer = ''; if ($handle === false) { exit; } while (!feof($handle)) { $buffer = fread($handle, $chunksize); echo $buffer; flush(); } // Close file fclose($handle); // Exit exit; } } }
/** * Manages releases */ function dc_manage_releases() { global $wpdb; $wpdb->query('SET OPTION SQL_BIG_SELECTS = 1'); // Get parameters $get_action = $_GET['action']; $get_release = $_GET['release']; // Post parameters $post_action = $_POST['action']; $post_release = $_POST['release']; // Show page title echo '<div class="wrap">'; echo '<h2>Download Codes » Manage Releases</h2>'; switch ($get_action) { case 'edit': case 'add': // Update or insert release if (isset($_POST['submit'])) { if ($post_action == 'add') { $result = dc_add_release(); if (is_array($result)) { echo dc_admin_message(implode('</p><p>', $result)); } else { if ($result === FALSE) { echo dc_admin_message('There was an error adding the release'); } else { echo dc_admin_message('The release was added successfully'); $add_success = true; } } } if ($post_action == 'edit') { $result = dc_edit_release(); if (is_array($result)) { // display errors } else { if ($result === FALSE) { echo dc_admin_message('There was an error updating the release'); } else { echo dc_admin_message('The release was updated successfully'); $edit_success = true; } } } } break; case 'delete': $result = dc_delete_release($get_release); if ($result) { echo dc_admin_message('The release was deleted successfully'); } else { echo dc_admin_message('There was an error deleting the release'); } break; } if (($get_action == 'edit' || $get_action == 'add') && !$add_success) { //********************************************* // Add or edit a release //********************************************* // Get zip files in download folder $files = scandir(dc_file_location()); $num_download_files = 0; foreach ($files as $filename) { if (in_array(strtolower(substr($filename, -3)), dc_file_types())) { $num_download_files++; } } if ($num_download_files == 0) { echo dc_admin_message('No files have been uploaded to the releases folder: <em>' . dc_file_location() . '</em></p><p><strong>You must do this first before adding a release!</strong>'); } // Get current release if ('' != $get_release) { $release = dc_get_release($get_release); } if ('' != $post_release) { $release = dc_get_release($post_release); } // Write page subtitle echo '<h3>' . ('add' == $get_action ? 'Add New' : 'Edit') . ' Release</h3>'; echo '<p><a href="admin.php?page=dc-manage-releases">« Back to releases</a></p>'; // Display form echo '<form action="admin.php?page=dc-manage-releases&action=' . $get_action . '" method="post">'; echo '<input type="hidden" name="release" value="' . $release->ID . '" />'; echo '<input type="hidden" name="action" value="' . $get_action . '" />'; echo '<table class="form-table">'; // Title echo '<tr valign="top">'; echo '<th scope="row"><label for="release-title">Title</label></th>'; echo '<td><input type="text" name="title" id="release-title" class="regular-text" value="' . $release->title . '" />'; echo ' <span class="description">For example, the album title</span></td>'; echo '</tr>'; // Artist echo '<tr valign="top">'; echo '<th scope="row"><label for="release-artist">Artist (optional)</label></th>'; echo '<td><input type="text" name="artist" id="release-artist" class="regular-text" value="' . $release->artist . '" />'; echo ' <span class="description">The band or artist</span></td>'; echo '</tr>'; // File echo '<tr valign="top">'; echo '<th scope="row"><label for="release-file">File</label></th>'; echo '<td>' . dc_file_location() . ' <select name="filename" id="release-file">-->'; // Get array of allowed file types/extensions $allowed_file_types = dc_file_types(); // List all files matching the allowed extensions foreach ($files as $filename) { $file_extension_array = split("\\.", $filename); $file_extension = strtolower($file_extension_array[sizeof($file_extension_array) - 1]); if (in_array($file_extension, $allowed_file_types)) { echo '<option' . ($filename == $release->filename ? ' selected="selected"' : '') . '>' . $filename . '</option>'; } } echo '</select></td>'; echo '</tr>'; // Allowed downloads echo '<tr valign="top">'; echo '<th scope="row"><label for="release-downloads">Allowed downloads</label></th>'; echo '<td><input type="text" name="downloads" id="release-downloads" class="small-text" value="' . ($release->allowed_downloads > 0 ? $release->allowed_downloads : DC_ALLOWED_DOWNLOADS) . '" />'; echo ' <span class="description">Maximum number of times each code can be used</span></td>'; echo '</tr>'; echo '</table>'; // Submit echo '<p class="submit">'; echo '<input type="submit" name="submit" class="button-primary" value="' . ($get_action == 'edit' ? 'Save Changes' : 'Add Release') . '" />'; echo '</p>'; echo '</form>'; } else { //********************************************* // List releases //********************************************* // Write page subtitle echo '<h3>Releases</h3>'; // Get releases $releases = dc_get_releases(); // Check if the releases are empty if (sizeof($releases) == 0) { echo dc_admin_message('No releases have been created yet'); echo '<p>You might want to <a href="admin.php?page=dc-manage-releases&action=add">add a new release</a></p>'; } else { echo '<table class="widefat">'; echo '<thead>'; echo '<tr><th>Title</th><th>Artist</th><th>ID</th><th>File</th><th>Codes</th><th>Downloaded</th><th>Actions</th></tr>'; echo '</thead>'; echo '<tbody>'; foreach ($releases as $release) { echo '<tr>'; echo '<td><strong>' . $release->title . '</strong></td><td>' . $release->artist . '</td>'; echo '<td>' . $release->ID . '</td>'; echo '<td>' . $release->filename . '</td>'; echo '<td>' . $release->codes . '</td><td>' . $release->downloads . '</td>'; echo '<td>'; echo '<a href="admin.php?page=dc-manage-releases&release=' . $release->ID . '&action=edit" class="action-edit">Edit</a> | '; echo '<a href="admin.php?page=dc-manage-codes&release=' . $release->ID . '" class="action-manage">Manage codes</a> | '; echo '<a href="admin.php?page=dc-manage-codes&release=' . $release->ID . '&action=report" class="action-report" rel="dc_downloads-' . $release->ID . '">View report</a> | '; echo '<a href="admin.php?page=dc-manage-releases&release=' . $release->ID . '&action=delete" class="action-delete">Delete</a>'; echo '</td>'; echo '</tr>'; } echo '</tbody>'; echo '<tfoot>'; echo '<tr><th>Title</th><th>Artist</th><th>ID</th><th>File</th><th>Codes</th><th>Downloaded</th><th>Actions</th></tr>'; echo '</tfoot>'; echo '</table>'; foreach ($releases as $release) { dc_list_downloads($release->ID, NULL, FALSE); } } // Show link to add a new release echo '<p><a class="button-primary" href="admin.php?page=dc-manage-releases&action=add">Add New Release</a></p>'; } echo '</div>'; }
/** * Creates a download form for the shortcode "download-code" */ function dc_embed_download_code_form($atts) { global $wpdb; $id = ""; $anchor = ""; $post_code = ""; // Get attributes extract(shortcode_atts(array('id' => '0', 'anchor' => ''), $atts)); // Set shortcode id, i.e. the release id to which the shortcode relates. If no id is provided, this value is assumed as "all". $shortcode_id = $id == 0 ? 'all' : $id; // Check if code has been submitted for the release to which the current shortcode relates if (isset($_POST['submit_' . $shortcode_id])) { // Get current IP $IP = $_SERVER['REMOTE_ADDR']; // Get submitted code and release id $submitted_release = $_POST['submitted_release_' . $shortcode_id] != '' ? $_POST['submitted_release_' . $shortcode_id] : 'all'; $post_code = strtoupper(trim($_POST['code_' . $shortcode_id])); // Get matching code record from database to check if code is valid for given release id or for all releases $wpdb->show_errors(); $code = $wpdb->get_row($wpdb->prepare("SELECT ID, `release` FROM " . dc_tbl_codes() . " WHERE CONCAT(code_prefix, code_suffix) = %s" . ($submitted_release != 'all' ? ' AND `release` = %d' : ''), $submitted_release != 'all' ? array($post_code, $submitted_release) : array($post_code))); if ($code->ID) { // Get release details $release = $wpdb->get_row("SELECT * FROM " . dc_tbl_releases() . " WHERE ID = " . $code->release); // Get # of downloads with this code $downloads = $wpdb->get_row($wpdb->prepare("SELECT COUNT(*) AS downloads FROM " . dc_tbl_downloads() . " WHERE code=(SELECT ID FROM " . dc_tbl_codes() . " WHERE CONCAT(code_prefix, code_suffix) = %s )", array($post_code))); // Start download if maximum of allowed downloads is not reached if ($downloads->downloads < $release->allowed_downloads) { // Set temporary download lease id $download_lease_id[$shortcode_id] = md5('wp-dl-hash' . $code->ID); } else { $ret = dc_msg('max_downloads_reached'); } } else { // Get # of attempts from this IP $attempts = $wpdb->get_row("SELECT COUNT(*) AS attempts FROM " . dc_tbl_downloads() . " WHERE IP='" . $IP . "' AND code = -1 AND DATE(started_at) > DATE(CURRENT_DATE() - 1)"); if ($attempts->attempts < dc_max_attempts()) { // Insert attempt $wpdb->insert(dc_tbl_downloads(), array('code' => -1, 'IP' => $IP), array('%d', '%s')); $ret = dc_msg('code_invalid'); } else { $ret = dc_msg('max_attempts_reached'); } } } // Compile HTML result $html = '<div class="dc-download-code">'; if ($download_lease_id[$shortcode_id] && ($shortcode_id == 'all' || $shortcode_id == $submitted_release)) { // Show link for download $html .= '<p>' . dc_msg('code_valid') . '</p>'; $html .= '<p><a href="' . site_url() . '/?lease=' . $download_lease_id[$shortcode_id] . '">' . ($release->artist ? $release->artist . ' - ' : '') . $release->title . '</a> ' . format_bytes(filesize(dc_file_location() . $release->filename)) . '</p>'; } else { // Show message if ($ret != '') { $html .= '<p>' . $ret . '</p>'; } // Display form $html .= '<form action="' . ('' == $anchor ? '' : '#' . $anchor) . '" name="dc_form" method="post">'; $html .= '<p><input type="hidden" name="submitted_release_' . $shortcode_id . '" value="' . $shortcode_id . '" />'; $html .= dc_msg('code_enter') . ' <input type="text" name="code_' . $shortcode_id . '" value="' . ($post_code != "" ? $post_code : ($_GET['yourcode'] != "" ? $_GET['yourcode'] : "")) . '" size="20" /> '; $html .= '<input type="submit" name="submit_' . $shortcode_id . '" value="' . __('Submit') . '" /></p>'; $html .= '</form>'; } $html .= '</div>'; return $html; }