/** * Download File * @global type $wpdb * @global type $user_ID */ public function download_file() { global $wpdb, $user_ID; $dl_id = (int) get_query_var('dl_id'); $dl_name = get_query_var('dl_name'); $dl_name = addslashes($this->download_file_name_decode($dl_name)); //do this ONLY when dl_name is NOT EMPTY and is NOT remote file! if (!self::is_remote_file($dl_name) && !empty($dl_name) && '/' != substr($dl_name, 0, 1)) { $dl_name = '/' . $dl_name; } $download_options = $this->get_opt('download_options'); if ($dl_id > 0 || !empty($dl_name)) { //check if the header already sent.This may be PHP error messages genareated by other WordPress plugins. hacklogdm::check_headers_sent(); if ($dl_id > 0 && $download_options['use_filename'] == 0) { $file = $wpdb->get_row("SELECT file_id, file, file_name , file_permission FROM {$wpdb->downloads} WHERE file_id = {$dl_id} AND file_permission != -2"); } elseif (!empty($dl_name) && $download_options['use_filename'] == 1) { $file = $wpdb->get_row("SELECT file_id, file, file_name , file_permission FROM {$wpdb->downloads} WHERE file = '{$dl_name}' AND file_permission != -2"); } if (!$file) { status_header(404); wp_die(__('Invalid File ID or File Name.', self::textdomain)); } $file_path = stripslashes($this->get_opt('download_path')); $file_url = stripslashes($this->get_opt('download_path_url')); $download_method = intval($this->get_opt('download_method')); $file_id = intval($file->file_id); $file_name = stripslashes($file->file); $down_name = stripslashes($file->file_name); $file_permission = intval($file->file_permission); $current_user = wp_get_current_user(); if ($file_permission > 0 && intval($current_user->wp_user_level) >= $file_permission && intval($user_ID) > 0 || $file_permission == 0 && intval($user_ID) > 0 || $file_permission == -1) { if ($download_options['check_referer']) { if (!isset($_SERVER['HTTP_REFERER']) || $_SERVER['HTTP_REFERER'] == '') { wp_die(__('Please do not leech.', self::textdomain)); } $refererhost = parse_url($_SERVER['HTTP_REFERER']); //如果本站下载也被误认为盗链,请修改下面www.your-domain.com为你的博客域名 $validReferer = array('www.your-domain.com', $_SERVER['HTTP_HOST']); if (!in_array($refererhost['host'], $validReferer)) { wp_die(__('Please do not leech.', self::textdomain)); } } if (!self::is_remote_file($file_name)) { if (!is_file($file_path . $file_name)) { status_header(404); wp_die(__('File does not exist.', self::textdomain)); } $update_hits = $wpdb->query("UPDATE {$wpdb->downloads} SET file_hits = (file_hits + 1), file_last_downloaded_date = '" . current_time('timestamp') . "' WHERE file_id = {$file_id} AND file_permission != -2"); if ($download_method == 0) { //这里还是重新计算一下大小 $filesize = filesize($file_path . $file_name); $fp = fopen($file_path . $file_name, 'rb'); if (!$fp) { wp_die(__('Error: can not read the file!Please contact the webmaster.', self::textdomain)); } if ($filesize <= 0) { wp_die(__('Error: filesize is zero.', self::textdomain)); } header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Type: application/force-download"); header("Content-Type: application/octet-stream"); header("Content-Type: application/download"); header('Content-Disposition: attachment; ' . self::_header_filename(htmlspecialchars_decode(self::get_download_name($down_name)))); header("Content-Transfer-Encoding: binary"); header("Content-Length: " . $filesize); $download_options = $this->get_opt('download_options'); // maximum execution time in seconds @set_time_limit($download_options['time_limit']); //memory linit 256M @ini_set('memory_limit', 8 * 1024 * 1024 * 256); $length = $filesize; define('CHUNK_SIZE', 4096); $data = ''; while ($length > 0) { $to_read = $length > CHUNK_SIZE ? CHUNK_SIZE : $length; echo fread($fp, $to_read); $length -= $to_read; } fclose($fp); //@readfile ( $file_path . $file_name ); } else { header('Location: ' . $file_url . $file_name); } exit; } else { $update_hits = $wpdb->query("UPDATE {$wpdb->downloads} SET file_hits = (file_hits + 1), file_last_downloaded_date = '" . current_time('timestamp') . "' WHERE file_id = {$file_id} AND file_permission != -2"); header('Location: ' . $file_name); exit; } } else { wp_die(__('You do not have permission to download this file.', self::textdomain)); } } }