function getUpgrade() { $app = JFactory::getApplication(); $user = JFactory::getUser(); $db = JFactory::getDBO(); $query = $db->getQuery(true); $cid = $this->_id; $query->select($db->qn('membership_id'))->select($db->qn('status'))->from($db->qn('#__rsmembership_membership_subscribers'))->where($db->qn('user_id') . ' = ' . $db->q($user->get('id')))->where($db->qn('id') . ' = ' . $db->q($cid)); $db->setQuery($query); $membership = $db->loadObject(); if (empty($membership)) { $app->redirect(JRoute::_(RSMembershipRoute::MyMemberships(), false)); } if ($membership->status != MEMBERSHIP_STATUS_ACTIVE) { JError::raiseWarning(500, JText::_('COM_RSMEMBERSHIP_MEMBERSHIP_NOT_ACTIVE')); $app->redirect(JRoute::_(RSMembershipRoute::MyMemberships(), false)); } $query->clear(); $query->select('u.*')->select($db->qn('mfrom.name', 'fromname'))->select($db->qn('mto.name', 'toname'))->select($db->qn('mto.term_id'))->from($db->qn('#__rsmembership_membership_upgrades', 'u'))->join('left', $db->qn('#__rsmembership_memberships', 'mfrom') . ' ON ' . $db->qn('mfrom.id') . ' = ' . $db->qn('u.membership_from_id'))->join('left', $db->qn('#__rsmembership_memberships', 'mto') . ' ON ' . $db->qn('mto.id') . ' = ' . $db->qn('u.membership_to_id'))->where($db->qn('u.membership_from_id') . ' = ' . $db->q($membership->membership_id))->where($db->qn('u.membership_to_id') . ' = ' . $db->q($this->to_id))->where($db->qn('u.published') . ' = ' . $db->q(1)); $db->setQuery($query); $return = $db->loadObject(); $this->term_id = $return->term_id; if (empty($return)) { $app->redirect(JRoute::_(RSMembershipRoute::MyMemberships(), false)); } return $return; }
public function __construct() { parent::__construct(); jimport('joomla.filesystem.folder'); // Some workarounds are needed for Windows $this->isWindows = DIRECTORY_SEPARATOR == '\\'; // Get logged in user $this->user = JFactory::getUser(); $app = JFactory::getApplication(); $jinput = $app->input; $db = JFactory::getDbo(); $query = $db->getQuery(true); // Not logged in - must redirect to login. if ($this->user->guest) { $link = base64_encode((string) JUri::getInstance()); $app->redirect(JRoute::_('index.php?option=com_users&view=login&return=' . $link, false)); } // Membership doesn't match - redirect back to My Memberships page. if (!$this->_getMembership()) { $app = JFactory::getApplication(); $app->redirect(JRoute::_(RSMembershipRoute::MyMemberships(), false)); } $this->getParentFolders(); $this->getExtraParentFolders(); // Let's see if the membership is active if ($this->_data->status > 0) { return; } // let's get the path $path = $jinput->get('path', '', 'string'); if (!empty($path)) { $path = explode("|", $path); // extract the parent folder's id $parent_id = (int) $path[0]; if (empty($parent_id)) { $app->redirect(JRoute::_(RSMembershipRoute::MyMemberships(), false)); } // extract the path within the parent $path = !empty($path[1]) ? $path[1] : ''; // check where are we looking $from = $this->getFrom(); if ($from == 'membership') { $parent = $this->_parents[$parent_id]; } elseif ($from == 'extra') { $parent = $this->_extra_parents[$parent_id]; } // check if the parent is within the allowed parents list if (empty($parent)) { $app->redirect(JRoute::_(RSMembershipRoute::MyMemberships(), false)); } $this->_parent = $parent_id; // compute the full path: parent + path $path = realpath($parent . '/' . $path); $parent = realpath($parent); // check if we are trying to access a path that's not within the parent if (strpos($path, $parent) !== 0) { $app->redirect(JRoute::_(RSMembershipRoute::MyMemberships(), false)); } // let's see if we've requested a download $task = $jinput->get('task', '', 'cmd'); if ($task == 'download') { // check if path exists and is a file if (is_file($path)) { // check if we need to agree to terms first $query->select($db->qn('term_id'))->from($db->qn('#__rsmembership_files'))->where($db->qn('path') . ' = ' . $db->q($path)); $db->setQuery($query); $term_id = $db->loadResult(); if (!empty($term_id)) { $row = JTable::getInstance('Term', 'RSMembershipTable'); $row->load($term_id); if (!$row->published) { $term_id = 0; } } $agree = $jinput->get('agree', '', 'string'); if (!empty($term_id) && empty($agree)) { $this->terms = $row->description; } else { @ob_end_clean(); $filename = basename($path); header("Cache-Control: public, must-revalidate"); header('Cache-Control: pre-check=0, post-check=0, max-age=0'); header("Pragma: no-cache"); header("Expires: 0"); header("Content-Description: File Transfer"); header("Expires: Sat, 01 Jan 2000 01:00:00 GMT"); if (preg_match('#Opera#', $_SERVER['HTTP_USER_AGENT'])) { header("Content-Type: application/octetstream"); } else { header("Content-Type: application/octet-stream"); } header("Content-Length: " . (string) filesize($path)); header('Content-Disposition: attachment; filename="' . $filename . '"'); header("Content-Transfer-Encoding: binary\n"); @readfile($path); $row = JTable::getInstance('Log', 'RSMembershipTable'); $row->date = JFactory::getDate()->toSql(); $row->user_id = $this->user->id; $row->path = '[DWN] ' . $path; $row->ip = $_SERVER['REMOTE_ADDR']; $row->store(); exit; } } else { $app->redirect(JRoute::_(RSMembershipRoute::MyMemberships(), false)); } } else { // check if the path exists and is a folder if (is_dir($path)) { $this->_folder = $path; if (substr($this->_folder, -1) == '/') { $this->_folder = substr($this->_folder, 0, -1); } } else { $app->redirect(JRoute::_(RSMembershipRoute::MyMemberships(), false)); } } } }
function getMembership() { $cid = $this->_id; $app = JFactory::getApplication(); $user = JFactory::getUser(); $db = JFactory::getDBO(); $query = $db->getQuery(true); $query->select($db->qn('membership_id'))->select($db->qn('status'))->select($db->qn('extras'))->select($db->qn('last_transaction_id'))->from($db->qn('#__rsmembership_membership_subscribers'))->where($db->qn('user_id') . ' = ' . $db->q($user->get('id')))->where($db->qn('id') . ' = ' . $db->q($cid)); $db->setQuery($query); $membership = $db->loadObject(); if (empty($membership)) { $app->redirect(JRoute::_(RSMembershipRoute::MyMemberships(), false)); } if ($membership->status == 1) { JError::raiseWarning(500, JText::_('COM_RSMEMBERSHIP_MEMBERSHIP_NOT_EXPIRED')); $app->redirect(JRoute::_(RSMembershipRoute::MyMemberships(), false)); } $extras = explode(',', $membership->extras); if (!empty($extras[0])) { $this->_extras = $extras; } else { $this->_extras = array(); } $last_transaction_id = $membership->last_transaction_id; $query->clear(); $query->select('*')->from($db->qn('#__rsmembership_memberships'))->where($db->qn('id') . ' = ' . $db->q($membership->membership_id)); $db->setQuery($query); $membership = $db->loadObject(); if ($membership->use_renewal_price) { $membership->price = $membership->renewal_price; } if ($membership->no_renew) { JError::raiseWarning(500, JText::_('COM_RSMEMBERSHIP_MEMBERSHIP_CANNOT_RENEW')); $app->redirect(JRoute::_(RSMembershipRoute::MyMemberships(), false)); } $this->term_id = $membership->term_id; $membership->last_transaction_id = $last_transaction_id; return $membership; }
function getMembership() { $cid = $this->_id; $app = JFactory::getApplication(); $user = JFactory::getUser(); $db = JFactory::getDBO(); $query = $db->getQuery(true); $query->select($db->qn('membership_id'))->select($db->qn('status'))->select($db->qn('extras'))->select($db->qn('last_transaction_id'))->from($db->qn('#__rsmembership_membership_subscribers'))->where($db->qn('user_id') . ' = ' . $db->q($user->get('id')))->where($db->qn('id') . ' = ' . $db->q($cid)); $db->setQuery($query); $membership = $db->loadObject(); if (empty($membership)) { $app->redirect(JRoute::_(RSMembershipRoute::MyMemberships(), false)); } if ($membership->status > 0) { JError::raiseWarning(500, JText::_('COM_RSMEMBERSHIP_MEMBERSHIP_NOT_ACTIVE')); $app->redirect(JRoute::_(RSMembershipRoute::MyMemberships(), false)); } $last_transaction_id = $membership->last_transaction_id; $query->clear(); $query->select('*')->from($db->qn('#__rsmembership_memberships'))->where($db->qn('published') . ' = ' . $db->q(1))->where($db->qn('id') . ' = ' . $db->q($membership->membership_id)); $db->setQuery($query); $membership = $db->loadObject(); if ($membership) { $query->clear(); $query->select('*')->from($db->qn('#__rsmembership_membership_extras'))->where($db->qn('membership_id') . ' = ' . $db->q($membership->id)); $db->setQuery($query); $this->_extras = $db->loadColumn(); } $membership->last_transaction_id = $last_transaction_id; return $membership; }