/** * Show the image of an attachment/thumbnail. */ function attachments_script() { // Closed site $site_closed = get_option('site_closed'); if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) { header('Content-Type: text/plain'); @exit(get_option('closed')); } $id = get_param_integer('id', 0); $connection = $GLOBALS[get_param_integer('forum_db', 0) == 1 ? 'FORUM_DB' : 'SITE_DB']; $has_no_restricts = !is_null($connection->query_value_null_ok('attachment_refs', 'id', array('r_referer_type' => 'null', 'a_id' => $id))); if (!$has_no_restricts) { global $SITE_INFO; if (!is_guest() || !isset($SITE_INFO['any_guest_cached_too']) || $SITE_INFO['any_guest_cached_too'] == '0') { if (get_param('for_session', '-1') != md5(strval(get_session_id())) && get_option('anti_leech') == '1' && ocp_srv('HTTP_REFERER') != '') { warn_exit(do_lang_tempcode('LEECH_BLOCK')); } } } require_lang('comcode'); // Lookup $rows = $connection->query_select('attachments', array('*'), array('id' => $id), 'ORDER BY a_add_time DESC'); if (!array_key_exists(0, $rows)) { warn_exit(do_lang_tempcode('MISSING_RESOURCE')); } $myrow = $rows[0]; header('Last-Modified: ' . gmdate('D, d M Y H:i:s \\G\\M\\T', $myrow['a_add_time'])); if ($myrow['a_url'] == '') { warn_exit(do_lang_tempcode('INTERNAL_ERROR')); } if (!$has_no_restricts) { // Permission if (substr($myrow['a_url'], 0, 20) == 'uploads/attachments/') { if (!has_attachment_access(get_member(), $id, $connection)) { access_denied('ATTACHMENT_ACCESS'); } } } $thumb = get_param_integer('thumb', 0); if ($thumb == 1) { $full = $myrow['a_thumb_url']; require_code('images'); $myrow['a_thumb_url'] = ensure_thumbnail($myrow['a_url'], $myrow['a_thumb_url'], 'attachments', 'attachments', intval($myrow['id']), 'a_thumb_url'); } else { $full = $myrow['a_url']; if (get_param_integer('no_count', 0) == 0) { // Update download count if (ocp_srv('HTTP_RANGE') == '') { $connection->query_update('attachments', array('a_num_downloads' => $myrow['a_num_downloads'] + 1, 'a_last_downloaded_time' => time()), array('id' => $id), '', 1, NULL, false, true); } } } // Is it non-local? If so, redirect if (!url_is_local($full)) { if (strpos($full, chr(10)) !== false || strpos($full, chr(13)) !== false) { log_hack_attack_and_exit('HEADER_SPLIT_HACK'); } header('Location: ' . $full); return; } // $breakdown=pathinfo($full); // $filename=$breakdown['basename']; $_full = get_custom_file_base() . '/' . rawurldecode($full); if (!file_exists($_full)) { warn_exit(do_lang_tempcode('_MISSING_RESOURCE', 'url:' . escape_html($full))); } // File is missing, we can't do anything $size = filesize($_full); $original_filename = $myrow['a_original_filename']; $extension = get_file_extension($original_filename); require_code('files2'); check_shared_bandwidth_usage($size); require_code('mime_types'); $mime_type = get_mime_type($extension); /*$myfile2=fopen('test','wb'); fwrite($myfile2,var_export($_SERVER,true)); fwrite($myfile2,var_export($_ENV,true)); fclose($myfile2);*/ // Send header if (strpos($original_filename, chr(10)) !== false || strpos($original_filename, chr(13)) !== false) { log_hack_attack_and_exit('HEADER_SPLIT_HACK'); } header('Content-Type: ' . $mime_type . '; authoritative=true;'); if (strstr(ocp_srv('HTTP_USER_AGENT'), 'MSIE') !== false) { header('Content-Disposition: filename="' . $original_filename . '"'); } else { header('Content-Disposition: inline; filename="' . $original_filename . '"'); } header('Accept-Ranges: bytes'); // Caching header("Pragma: private"); header("Cache-Control: private"); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 60 * 60 * 24 * 365) . ' GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $myrow['a_add_time']) . ' GMT'); // Default to no resume $from = 0; $new_length = $size; @ini_set('zlib.output_compression', 'Off'); // They're trying to resume (so update our range) $httprange = ocp_srv('HTTP_RANGE'); if (strlen($httprange) > 0) { $_range = explode('=', ocp_srv('HTTP_RANGE')); if (count($_range) == 2) { if (strpos($_range[0], '-') === false) { $_range = array_reverse($_range); } $range = $_range[0]; if (substr($range, 0, 1) == '-') { $range = strval($size - intval(substr($range, 1)) - 1) . $range; } if (substr($range, -1, 1) == '-') { $range .= strval($size - 1); } $bits = explode('-', $range); if (count($bits) == 2) { list($from, $to) = array_map('intval', $bits); if ($to - $from != 0 || $from == 0) { $new_length = $to - $from + 1; header('HTTP/1.1 206 Partial Content'); header('Content-Range: bytes ' . $range . '/' . strval($size)); } else { $from = 0; } } } } header('Content-Length: ' . strval($new_length)); if (function_exists('set_time_limit')) { @set_time_limit(0); } error_reporting(0); if ($from == 0) { $GLOBALS['SITE_DB']->query('UPDATE ' . get_table_prefix() . 'values SET the_value=(the_value+' . strval((int) $size) . ') WHERE the_name=\'download_bandwidth\'', 1); } @ini_set('ocproducts.xss_detect', '0'); // Send actual data $myfile = fopen($_full, 'rb'); fseek($myfile, $from); $i = 0; flush(); // Works around weird PHP bug that sends data before headers, on some PHP versions while ($i < $new_length) { $content = fread($myfile, min($new_length - $i, 1048576)); echo $content; $len = strlen($content); if ($len == 0) { break; } $i += $len; } fclose($myfile); }
/** * Farm out the files for downloads. */ function dload_script() { // Closed site $site_closed = get_option('site_closed'); if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) { header('Content-Type: text/plain'); @exit(get_option('closed')); } global $SITE_INFO; if (!is_guest() || !isset($SITE_INFO['any_guest_cached_too']) || $SITE_INFO['any_guest_cached_too'] == '0') { if (get_param('for_session', '-1') != md5(strval(get_session_id())) && get_option('anti_leech') == '1' && ocp_srv('HTTP_REFERER') != '') { warn_exit(do_lang_tempcode('LEECH_BLOCK')); } } require_lang('downloads'); $id = get_param_integer('id', 0); // Lookup $rows = $GLOBALS['SITE_DB']->query_select('download_downloads', array('*'), array('id' => $id), '', 1); if (!array_key_exists(0, $rows)) { warn_exit(do_lang_tempcode('MISSING_RESOURCE')); } $myrow = $rows[0]; // Permission if (!has_category_access(get_member(), 'downloads', strval($myrow['category_id']))) { access_denied('CATEGORY_ACCESS'); } // Cost? $got_before = $GLOBALS['SITE_DB']->query_value_null_ok('download_logging', 'the_user', array('the_user' => get_member(), 'id' => $id)); if (addon_installed('points')) { if ($myrow['download_cost'] > 0) { require_code('points2'); $member = get_member(); if (is_guest($member)) { access_denied('NOT_AS_GUEST'); } // Check they haven't downloaded this before (they only get charged once - maybe they are resuming) if (is_null($got_before)) { $cost = $myrow['download_cost']; $member = get_member(); if (is_guest($member)) { access_denied('NOT_AS_GUEST'); } $dif = $cost - available_points($member); if ($dif > 0 && !has_specific_permission(get_member(), 'have_negative_gift_points')) { warn_exit(do_lang_tempcode('LACKING_POINTS', integer_format($dif))); } require_code('points2'); charge_member($member, $cost, do_lang('DOWNLOADED_THIS', get_translated_text($myrow['name']))); if ($myrow['download_submitter_gets_points'] == 1) { system_gift_transfer(do_lang('THEY_DOWNLOADED_THIS', get_translated_text($myrow['name'])), $cost, $myrow['submitter']); } } } } // Filename $full = $myrow['url']; $breakdown = @pathinfo($full) or warn_exit(do_lang_tempcode('HTTP_DOWNLOAD_NO_SERVER', $full)); // $filename=$breakdown['basename']; if (!array_key_exists('extension', $breakdown)) { $extension = ''; } else { $extension = strtolower($breakdown['extension']); } if (url_is_local($full)) { $_full = get_custom_file_base() . '/' . rawurldecode($full); } else { $_full = rawurldecode($full); } // Is it non-local? If so, redirect if (!url_is_local($full) || !file_exists(get_file_base() . '/' . rawurldecode(filter_naughty($full)))) { if (url_is_local($full)) { $full = get_custom_base_url() . '/' . $full; } if (strpos($full, chr(10)) !== false || strpos($full, chr(13)) !== false) { log_hack_attack_and_exit('HEADER_SPLIT_HACK'); } header('Location: ' . $full); log_download($id, 0, !is_null($got_before)); // Bandwidth used is 0 for an external download return; } // Some basic security: don't fopen php files if ($extension == 'php') { log_hack_attack_and_exit('PHP_DOWNLOAD_INNOCENT', integer_format($id)); } // Size, bandwidth, logging $size = filesize($_full); if (is_null($got_before)) { $bandwidth = $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT SUM(file_size) AS answer FROM ' . get_table_prefix() . 'download_logging l LEFT JOIN ' . get_table_prefix() . 'download_downloads d ON l.id=d.id WHERE date_and_time>' . strval(time() - 24 * 60 * 60 * 32)); if ($bandwidth + floatval($size) > floatval(get_option('maximum_download')) * 1024 * 1024 * 1024 && !has_specific_permission(get_member(), 'bypass_bandwidth_restriction')) { warn_exit(do_lang_tempcode('TOO_MUCH_DOWNLOAD')); } require_code('files2'); check_shared_bandwidth_usage($size); } log_download($id, $size, !is_null($got_before)); // Send header if (strpos($myrow['original_filename'], chr(10)) !== false || strpos($myrow['original_filename'], chr(13)) !== false) { log_hack_attack_and_exit('HEADER_SPLIT_HACK'); } header('Content-Type: application/octet-stream' . '; authoritative=true;'); if (get_option('immediate_downloads') == '1') { require_code('mime_types'); header('Content-Type: ' . get_mime_type(get_file_extension($myrow['original_filename'])) . '; authoritative=true;'); header('Content-Disposition: filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($myrow['original_filename']))) . '"'); } else { if (strstr(ocp_srv('HTTP_USER_AGENT'), 'MSIE') !== false) { header('Content-Disposition: filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($myrow['original_filename']))) . '"'); } else { header('Content-Disposition: attachment; filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($myrow['original_filename']))) . '"'); } } header('Accept-Ranges: bytes'); // Caching header("Pragma: private"); header("Cache-Control: private"); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 60 * 60 * 24 * 365) . ' GMT'); $time = is_null($myrow['edit_date']) ? $myrow['add_date'] : $myrow['edit_date']; $time = max($time, filemtime($_full)); header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $time) . ' GMT'); // Default to no resume $from = 0; $new_length = $size; @ini_set('zlib.output_compression', 'Off'); // They're trying to resume (so update our range) $httprange = ocp_srv('HTTP_RANGE'); if (strlen($httprange) > 0) { $_range = explode('=', ocp_srv('HTTP_RANGE')); if (count($_range) == 2) { if (strpos($_range[0], '-') === false) { $_range = array_reverse($_range); } $range = $_range[0]; if (substr($range, 0, 1) == '-') { $range = strval($size - intval(substr($range, 1)) - 1) . $range; } if (substr($range, -1, 1) == '-') { $range .= strval($size - 1); } $bits = explode('-', $range); if (count($bits) == 2) { list($from, $to) = array_map('intval', $bits); if ($to - $from != 0 || $from == 0) { $new_length = $to - $from + 1; header('HTTP/1.1 206 Partial Content'); header('Content-Range: bytes ' . $range . '/' . strval($size)); } else { $from = 0; } } } } header('Content-Length: ' . strval($new_length)); if (function_exists('set_time_limit')) { @set_time_limit(0); } error_reporting(0); // Send actual data $myfile = fopen($_full, 'rb'); fseek($myfile, $from); $i = 0; flush(); // Works around weird PHP bug that sends data before headers, on some PHP versions while ($i < $new_length) { $content = fread($myfile, min($new_length - $i, 1048576)); echo $content; $len = strlen($content); if ($len == 0) { break; } $i += $len; } fclose($myfile); /* Security note... at the download adding/editing stage, we ensured that only files accessible to the web server (in raw form) could end up in our database. Therefore we did not check here that our file was accessible in raw form. */ }