function download_file() { $this->check_level = array(9, 8, 7, 0); if (isset($_GET['id']) && isset($_GET['client'])) { /** Do a permissions check for logged in user */ if (isset($this->check_level) && in_session_or_cookies($this->check_level)) { /** * Get the file name */ $this->get_file_uri_sql = 'SELECT url, expires, expiry_date FROM tbl_files WHERE id="' . (int) $_GET['id'] . '"'; $this->get_file_uri = $this->database->query($this->get_file_uri_sql); $this->got_url = mysql_fetch_array($this->get_file_uri); $this->real_file_url = $this->got_url['url']; $this->expires = $this->got_url['expires']; $this->expiry_date = $this->got_url['expiry_date']; $this->expired = false; if ($this->expires == '1' && time() > strtotime($this->expiry_date)) { $this->expired = true; } $this->can_download = false; if (CURRENT_USER_LEVEL == 0) { if ($this->expires == '0' || $this->expired == false) { /** * Does the client have permission to download the file? * First, get the list of different groups the client belongs to. */ $sql_groups = $this->database->query("SELECT DISTINCT group_id FROM tbl_members WHERE client_id='" . CURRENT_USER_ID . "'"); $count_groups = mysql_num_rows($sql_groups); if ($count_groups > 0) { while ($row_groups = mysql_fetch_array($sql_groups)) { $groups_ids[] = $row_groups["group_id"]; } $found_groups = implode(',', $groups_ids); } /** Then, check on the client's own or gruops files */ $files_own_query = 'SELECT * FROM tbl_files_relations WHERE (client_id="' . CURRENT_USER_ID . '"'; if (!empty($found_groups)) { $files_own_query .= ' OR group_id IN ("' . $found_groups . '")'; } $files_own_query .= ') AND file_id="' . (int) $_GET['id'] . '" AND hidden = "0"'; $files_own = $this->database->query($files_own_query); $count_files = mysql_num_rows($files_own); if ($count_files > 0) { $this->can_download = true; } /** Continue */ if ($this->can_download == true) { /** * If the file is being downloaded by a client, add +1 to * the download count */ $this->add_download_sql = 'INSERT INTO tbl_downloads (user_id , file_id) VALUES ("' . CURRENT_USER_ID . '", "' . (int) $_GET['id'] . '")'; $this->sql = $this->database->query($this->add_download_sql); /** * The owner ID is generated here to prevent false results * from a modified GET url. */ $log_action = 8; $log_action_owner_id = CURRENT_USER_ID; } } } else { $this->can_download = true; $log_action = 7; $global_user = get_current_user_username(); $global_id = get_logged_account_id($global_user); $log_action_owner_id = $global_id; } if ($this->can_download == true) { /** Record the action log */ $new_log_action = new LogActions(); $log_action_args = array('action' => $log_action, 'owner_id' => $log_action_owner_id, 'affected_file' => (int) $_GET['id'], 'affected_file_name' => $this->real_file_url, 'affected_account' => (int) $_GET['client_id'], 'affected_account_name' => mysql_real_escape_string($_GET['client']), 'get_user_real_name' => true, 'get_file_real_name' => true); $new_record_action = $new_log_action->log_action_save($log_action_args); $this->real_file = UPLOADED_FILES_FOLDER . $this->real_file_url; if (file_exists($this->real_file)) { while (ob_get_level()) { ob_end_clean(); } header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename=' . basename($this->real_file)); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); header('Cache-Control: private', false); header('Content-Length: ' . get_real_size($this->real_file)); header('Connection: close'); readfile($this->real_file); exit; } else { header("HTTP/1.1 404 Not Found"); exit; } } } } }
function download_file() { $this->check_level = array(9, 8, 7, 0); if (isset($_GET['id']) && isset($_GET['client'])) { /** Do a permissions check for logged in user */ if (isset($this->check_level) && in_session_or_cookies($this->check_level)) { /** * Get the file name */ $this->statement = $this->dbh->prepare("SELECT url, expires, expiry_date FROM " . TABLE_FILES . " WHERE id=:id"); $this->statement->bindParam(':id', $_GET['id'], PDO::PARAM_INT); $this->statement->execute(); $this->statement->setFetchMode(PDO::FETCH_ASSOC); $this->row = $this->statement->fetch(); $this->real_file_url = $this->row['url']; $this->expires = $this->row['expires']; $this->expiry_date = $this->row['expiry_date']; $this->expired = false; if ($this->expires == '1' && time() > strtotime($this->expiry_date)) { $this->expired = true; } $this->can_download = false; if (CURRENT_USER_LEVEL == 0) { if ($this->expires == '0' || $this->expired == false) { /** * Does the client have permission to download the file? * First, get the list of different groups the client belongs to. */ $this->groups = $this->dbh->prepare("SELECT DISTINCT group_id FROM " . TABLE_MEMBERS . " WHERE client_id=:id"); $this->groups->bindValue(':id', CURRENT_USER_ID, PDO::PARAM_INT); $this->groups->execute(); if ($this->groups->rowCount() > 0) { $this->groups->setFetchMode(PDO::FETCH_ASSOC); while ($this->row_groups = $this->groups->fetch()) { $this->groups_ids[] = $this->row_groups["group_id"]; } if (!empty($this->groups_ids)) { $this->found_groups = implode(',', $this->groups_ids); } } $this->params = array(':client_id' => CURRENT_USER_ID); $this->fq = "SELECT * FROM " . TABLE_FILES_RELATIONS . " WHERE (client_id=:client_id"; // Add found groups, if any if (!empty($this->found_groups)) { $this->fq .= ' OR FIND_IN_SET(group_id, :groups)'; $this->params[':groups'] = $this->found_groups; } // Continue assembling the query $this->fq .= ') AND file_id=:file_id AND hidden = "0"'; $this->params[':file_id'] = (int) $_GET['id']; $this->files = $this->dbh->prepare($this->fq); $this->files->execute($this->params); if ($this->files->rowCount() > 0) { $this->can_download = true; } /** Continue */ if ($this->can_download == true) { /** * If the file is being downloaded by a client, add +1 to * the download count */ $this->statement = $this->dbh->prepare("INSERT INTO " . TABLE_DOWNLOADS . " (user_id , file_id) VALUES (:user_id, :file_id)"); $this->statement->bindValue(':user_id', CURRENT_USER_ID, PDO::PARAM_INT); $this->statement->bindParam(':file_id', $_GET['id'], PDO::PARAM_INT); $this->statement->execute(); /** * The owner ID is generated here to prevent false results * from a modified GET url. */ $log_action = 8; $log_action_owner_id = CURRENT_USER_ID; } } } else { $this->can_download = true; $log_action = 7; $global_user = get_current_user_username(); $global_id = get_logged_account_id($global_user); $log_action_owner_id = $global_id; } if ($this->can_download == true) { /** Record the action log */ $new_log_action = new LogActions(); $log_action_args = array('action' => $log_action, 'owner_id' => $log_action_owner_id, 'affected_file' => (int) $_GET['id'], 'affected_file_name' => $this->real_file_url, 'affected_account' => (int) $_GET['client_id'], 'affected_account_name' => $_GET['client'], 'get_user_real_name' => true, 'get_file_real_name' => true); $new_record_action = $new_log_action->log_action_save($log_action_args); $this->real_file = UPLOADED_FILES_FOLDER . $this->real_file_url; if (file_exists($this->real_file)) { while (ob_get_level()) { ob_end_clean(); } header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename=' . basename($this->real_file)); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); header('Cache-Control: private', false); header('Content-Length: ' . get_real_size($this->real_file)); header('Connection: close'); readfile($this->real_file); exit; } else { header("HTTP/1.1 404 Not Found"); exit; } } } } }