.'</a></div>'; } } } else { echo '<div class="pd-file"><div class="ph-top"></div>'; } if (!empty($this->file[0])) { $v = $this->file[0]; // USER RIGHT - Access of categories (if file is included in some not accessed category) - - - - - // ACCESS is handled in SQL query, ACCESS USER ID is handled here (specific users) $rightDisplay = 0; if (!empty($this->category[0])) { $rightDisplay = PhocaDownloadAccess::getUserRight('accessuserid', $v->cataccessuserid, $v->cataccess, $this->t['user']->getAuthorisedViewLevels(), $this->t['user']->get('id', 0), 0); } // - - - - - - - - - - - - - - - - - - - - - - if ($rightDisplay == 1) { $l = new PhocaDownloadLayout(); echo '<h3 class="pdfv-name">'.$l->getName($v->title, $v->filename, 1). '</h3>'; // ===================================================================================== // BEGIN LAYOUT AREA // ===================================================================================== // Is this direct menu link to File View
public static function getDownloadData($id, $return, $type = 0) { $outcome = array(); $wheres = array(); $db = JFactory::getDBO(); $app = JFactory::getApplication(); $params = $app->getParams(); $user = JFactory::getUser(); $redirectUrl = urlencode(base64_encode($return)); $returnUrl = 'index.php?option=com_users&view=login&return=' . $redirectUrl; $userLevels = implode(',', $user->getAuthorisedViewLevels()); $limitEnabled = $params->get('user_files_max_count_download', 0); if ((int) $limitEnabled > 0) { if ((int) $user->id < 1) { $app->redirect(JRoute::_($returnUrl, false), JText::_("COM_PHOCADOWNLOAD_NOT_LOGGED_IN_USERS_NOT_ALLOWED_DOWNLOAD")); exit; } $userFileCount = PhocaDownloadStat::getCountFilePerUser($id); (int) $userFileCount++; // Because we need to count this attempt too. if ((int) $userFileCount > (int) $limitEnabled) { $app->redirect(JRoute::_($returnUrl, false), JText::_("COM_PHOCADOWNLOAD_MAX_LIMIT_DOWNLOAD_PER_FILE_REACHED")); exit; } } $pQ = $params->get('enable_plugin_query', 0); $wheres[] = " c.id = " . (int) $id; $wheres[] = " c.published = 1"; $wheres[] = " c.approved \t= 1"; $wheres[] = " c.catid = cc.id"; if ($type == 1) { // Unique download link does not have any access $rightDisplay = 1; } else { $wheres[] = " cc.access IN (" . $userLevels . ")"; } // Active $jnow = JFactory::getDate(); $now = $jnow->toSql(); $nullDate = $db->getNullDate(); $wheres[] = ' ( c.publish_up = ' . $db->Quote($nullDate) . ' OR c.publish_up <= ' . $db->Quote($now) . ' )'; $wheres[] = ' ( c.publish_down = ' . $db->Quote($nullDate) . ' OR c.publish_down >= ' . $db->Quote($now) . ' )'; if ($pQ == 1) { // GWE MOD - to allow for access restrictions JPluginHelper::importPlugin("phoca"); $dispatcher =& JDispatcher::getInstance(); $joins = array(); $results = $dispatcher->trigger('onGetDownload', array(&$wheres, &$joins, $id, $paramsC)); // END GWE MOD } /*$query = " SELECT c.filename, c.directlink, c.access" ." FROM #__phocadownload AS c" . ($pQ == 1 ? ((count($joins)>0?( " LEFT JOIN " .implode( " LEFT JOIN ", $joins )):"")):"") // GWE MOD . " WHERE " . implode( " AND ", $wheres ) . " ORDER BY c.ordering";*/ $query = ' SELECT c.catid, c.filename, c.directlink, c.link_external, c.access, c.confirm_license, c.metakey, c.metadesc, cc.access as cataccess, cc.accessuserid as cataccessuserid, c.tokenhits ' . ' FROM #__phocadownload AS c, #__phocadownload_categories AS cc ' . ($pQ == 1 ? count($joins) > 0 ? ' LEFT JOIN ' . implode(' LEFT JOIN ', $joins) : '' : '') . ' WHERE ' . implode(' AND ', $wheres) . ' ORDER BY c.ordering'; $db->setQuery($query, 0, 1); $filename = $db->loadObjectList(); $limitTokenEnabled = $params->get('token_files_max_count_download', 0); if ((int) $limitTokenEnabled > 0) { if (isset($filename[0]->tokenhits)) { $tokenFileCount = $filename[0]->tokenhits; (int) $tokenFileCount++; // Because we need to count this attempt too. if ((int) $tokenFileCount > (int) $limitTokenEnabled) { $app->redirect(JRoute::_(htmlspecialchars($return)), JText::_("COM_PHOCADOWNLOAD_MAX_LIMIT_DOWNLOAD_TOKEN_REACHED")); exit; } } } //OSE Modified Start; if (!empty($filename[0])) { phocadownloadimport('phocadownload.utils.external'); PhocaDownloadExternal::checkOSE($filename[0]); } //OSE Modified End; // - - - - - - - - - - - - - - - // USER RIGHT - Access of categories (if file is included in some not accessed category) - - - - - // ACCESS is handled in SQL query, ACCESS USER ID is handled here (specific users) $rightDisplay = 0; if ($type == 1) { // Unique download link does not have any access $rightDisplay = 1; } else { if (!empty($filename[0])) { $rightDisplay = PhocaDownloadAccess::getUserRight('accessuserid', $filename[0]->cataccessuserid, $filename[0]->cataccess, $user->getAuthorisedViewLevels(), $user->get('id', 0), 0); } // - - - - - - - - - - - - - - - - - - - - - - if ($rightDisplay == 0) { $app->redirect(JRoute::_($returnUrl, false), JText::_("COM_PHOCADOWNLOAD_NO_RIGHTS_ACCESS_CATEGORY_FILE")); exit; } } if (empty($filename)) { $outcome['file'] = "COM_PHOCADOWNLOAD_ERROR_NO_DB_RESULT"; $outcome['directlink'] = 0; $outcome['externallink'] = 0; return $outcome; } if ($type == 1) { // Unique download link } else { if (isset($filename[0]->access)) { if (!in_array($filename[0]->access, $user->getAuthorisedViewLevels())) { $app->redirect(JRoute::_($returnUrl, false), JText::_('COM_PHOCADOWNLOAD_PLEASE_LOGIN_DOWNLOAD_FILE')); exit; } } else { $outcome['file'] = "COM_PHOCADOWNLOAD_ERROR_NO_DB_RESULT"; $outcome['directlink'] = 0; $outcome['externallink'] = 0; return $outcome; } } // - - - - - - - - - - - - - - - - $filenameT = $filename[0]->filename; $directlinkT = $filename[0]->directlink; $linkExternalT = $filename[0]->link_external; // Unique Download Link if ($type == 1) { $directlinkT = 0; // Unique Download Link cannot work with direct link } $filePath = PhocaDownloadPath::getPathSet('file'); if ($filenameT != '') { // Important - you cannot use direct link if you have selected absolute path // Absolute Path defined by user $absolutePath = $params->get('absolute_path', ''); if ($absolutePath != '') { $directlinkT = 0; } if ($directlinkT == 1) { $relFile = JURI::base(true) . '/' . $params->get('download_folder', 'phocadownload') . '/' . $filenameT; $outcome['file'] = $relFile; $outcome['directlink'] = $directlinkT; $outcome['externallink'] = $linkExternalT; return $outcome; } else { if ($directlinkT == 0 && $linkExternalT != '') { $relFile = JURI::base(true) . '/' . $params->get('download_folder', 'phocadownload') . '/' . $filenameT; $outcome['file'] = $relFile; $outcome['directlink'] = $directlinkT; $outcome['externallink'] = $linkExternalT; return $outcome; } else { $absFile = str_replace('/', DS, JPath::clean($filePath['orig_abs_ds'] . $filenameT)); } } if (JFile::exists($absFile)) { $outcome['file'] = $absFile; $outcome['directlink'] = $directlinkT; $outcome['externallink'] = $linkExternalT; return $outcome; } else { $outcome['file'] = "COM_PHOCADOWNLOAD_ERROR_NO_ABS_FILE"; $outcome['directlink'] = 0; $outcome['externallink'] = $linkExternalT; return $outcome; } } else { $outcome['file'] = "COM_PHOCADOWNLOAD_ERROR_NO_DB_FILE"; $outcome['directlink'] = 0; $outcome['externallink'] = $linkExternalT; return $outcome; } }
function display($tpl = null) { $app = JFactory::getApplication(); $user = JFactory::getUser(); $userLevels = implode(',', $user->getAuthorisedViewLevels()); $db = JFactory::getDBO(); $menu = $app->getMenu(); $document = JFactory::getDocument(); $params = $app->getParams(); $moduleId = $app->input->get('id', 0, 'int'); $table =& JTable::getInstance('module'); if ((int) $moduleId > 0) { $db = JFactory::getDBO(); $query = 'SELECT a.params' . ' FROM #__modules AS a' . ' WHERE a.published = 1' . ' AND a.id =' . (int) $moduleId . ' ORDER BY a.ordering'; $db->setQuery($query); if (!$db->query()) { $this->setError($db->getErrorMsg()); return false; } $module = $db->loadObject(); if (isset($module->params) && $module->params != '') { jimport('joomla.html.parameter'); $paramsM = new JRegistry(); $paramsM->loadString($module->params); //$paramsM->loadJSON($module->params); // Params $categories = $paramsM->get('category_ids', ''); $ordering = $paramsM->get('file_ordering', 6); $fileCount = $paramsM->get('file_count', 5); $feedTitle = $paramsM->get('feed_title', JText::_('COM_PHOCADOWNLOAD_DOWNLOAD')); $displayDateType = $paramsM->get('display_date_type', 1); $document->setTitle($this->escape(html_entity_decode($feedTitle))); $wheres = array(); if (is_array($categories) && count($categories) > 0) { JArrayHelper::toInteger($categories); $categoriesString = implode(',', $categories); $wheres[] = ' c.catid IN ( ' . $categoriesString . ' ) '; } else { if ((int) $categories > 0) { $wheres[] = ' c.catid IN ( ' . $categories . ' ) '; } } $wheres[] = ' c.catid= cc.id'; $wheres[] = '( (unaccessible_file = 1 ) OR (unaccessible_file = 0 AND c.access IN (' . $userLevels . ') ) )'; $wheres[] = '( (unaccessible_file = 1 ) OR (unaccessible_file = 0 AND cc.access IN (' . $userLevels . ') ) )'; $wheres[] = ' c.published = 1'; $wheres[] = ' c.approved = 1'; $wheres[] = ' cc.published = 1'; $wheres[] = ' c.textonly = 0'; // Active $jnow = JFactory::getDate(); $now = $jnow->toSql(); $nullDate = $db->getNullDate(); $wheres[] = ' ( c.publish_up = ' . $db->Quote($nullDate) . ' OR c.publish_up <= ' . $db->Quote($now) . ' )'; $wheres[] = ' ( c.publish_down = ' . $db->Quote($nullDate) . ' OR c.publish_down >= ' . $db->Quote($now) . ' )'; $fileOrdering = PhocaDownloadOrdering::getOrderingText($ordering); $query = ' SELECT c.*, cc.id AS categoryid, cc.title AS categorytitle, cc.alias AS categoryalias, cc.access as cataccess, cc.accessuserid as cataccessuserid ' . ' FROM #__phocadownload AS c' . ' LEFT JOIN #__phocadownload_categories AS cc ON cc.id = c.catid' . ' WHERE ' . implode(' AND ', $wheres) . ' ORDER BY c.' . $fileOrdering; $db->setQuery($query, 0, $fileCount); $files = $db->loadObjectList(); foreach ($files as $keyDoc => $valueDoc) { // USER RIGHT - Access of categories (if file is included in some not accessed category) - - - - - // ACCESS is handled in SQL query, ACCESS USER ID is handled here (specific users) $rightDisplay = 0; if (!empty($valueDoc)) { $rightDisplay = PhocaDownloadAccess::getUserRight('accessuserid', $valueDoc->cataccessuserid, $valueDoc->cataccess, $user->getAuthorisedViewLevels(), $user->get('id', 0), 0); } // - - - - - - - - - - - - - - - - - - - - - - if ($rightDisplay == 1) { $item = new JFeedItem(); $title = $this->escape($valueDoc->title . ' (' . PhocaDownloadFile::getTitleFromFilenameWithExt($valueDoc->filename) . ')'); $title = html_entity_decode($title); $item->title = $title; $link = PhocaDownloadRoute::getCategoryRoute($valueDoc->categoryid, $valueDoc->categoryalias); $item->link = JRoute::_($link); // FILEDATE $fileDate = ''; if ((int) $displayDateType > 0) { if ($valueDoc->filename != '') { $fileDate = PhocaDownloadFile::getFileTime($valueDoc->filename, $displayDateType, "Y-m-d H:M:S"); } } else { $fileDate = JHTML::Date($valueDoc->date, "Y-m-d H:i:s"); } if ($fileDate != '') { $item->date = $fileDate; } //$item->description = $valueDoc->description; // $item->description = '<div><img src="media/com_phocadownload/images/phoca-download.png" alt="" /></div><div>New file "' .$valueDoc->title . '" ('. $valueDoc->filename.') released on '. $dateDesc.' is available on <a href="http://www.phoca.cz/download">Phoca download site</a></div>'.$valueDoc->description; $item->description = '<div><img src="media/com_phocadownload/images/phoca-download.png" alt="" /></div>' . $valueDoc->description; $item->category = $valueDoc->categorytitle; // $item->section = $valueDoc->sectiontitle; if ($valueDoc->author != '') { $item->author = $valueDoc->author; } $document->addItem($item); } } } } }
<tbody><?php $k = 0; $i = 0; $n = count($this->t['filesitems']); $rows =& $this->t['filesitems']; if (is_array($rows)) { foreach ($rows as $row) { // USER RIGHT - Delete (Publish/Unpublish) - - - - - - - - - - - // 2, 2 means that user access will be ignored in function getUserRight for display Delete button // because we cannot check the access and delete in one time $user = JFactory::getUser(); $rightDisplayDelete = 0; $catAccess = PhocaDownloadAccess::getCategoryAccessByFileId((int) $row->id); if (!empty($catAccess)) { $rightDisplayDelete = PhocaDownloadAccess::getUserRight('deleteuserid', $catAccess->deleteuserid, 2, $user->getAuthorisedViewLevels(), $user->get('id', 0), 0); } // - - - - - - - - - - - - - - - - - - - - - - ?> <tr class="<?php echo "row{$k}"; ?> "> <td><?php echo $row->title; ?> </td> <?php // Publish Unpublish
function singleFileUpload(&$errUploadMsg, $file, $post) { $app = JFactory::getApplication();; JRequest::checkToken( 'request' ) or jexit( 'Invalid Token' ); jimport('joomla.client.helper'); $user = JFactory::getUser(); $ftp = JClientHelper::setCredentialsFromRequest('ftp'); $path = PhocaDownloadPath::getPathSet(); $folder = $app->input->get( 'folder', '', '', 'path' ); $format = $app->input->get( 'format', 'html', '', 'cmd'); $return = $app->input->get( 'return-url', null, 'post', 'base64' ); $viewBack = $app->input->get( 'viewback', '', 'post', 'string' ); //$catid = $app->input->get( 'catid', '', '', 'int' ); $paramsC = JComponentHelper::getParams('com_phocadownload') ; $overwriteExistingFiles = $paramsC->get( 'overwrite_existing_files', 0 ); // USER RIGHT - UPLOAD - - - - - - - - - - - // 2, 2 means that user access will be ignored in function getUserRight for display Delete button $rightDisplayUpload = 0; $catAccess = PhocaDownloadAccess::getCategoryAccess((int)$post['catidfiles']); if (!empty($catAccess)) { $rightDisplayUpload = PhocaDownloadAccess::getUserRight('uploaduserid', $catAccess->uploaduserid, 2, $user->getAuthorisedViewLevels(), 1, 0); } // - - - - - - - - - - - - - - - - - - - - - - /*$post['sectionid'] = $this->getSection((int)$post['catidfiles']); if(!$post['sectionid']) { $errUploadMsg = JText::_('COM_PHOCADOWNLOAD_WRONG_SECTION'); return false; }*/ //$userFolder = substr(md5($user->username),0, 10); $userFolder = PhocaDownloadUtils::cleanFolderUrlName(htmlspecialchars(strip_tags($user->username))); if ($rightDisplayUpload == 1) { // Make the filename safe if (isset($file['name'])) { $file['name'] = JFile::makeSafe($file['name']); } if($file['tmp_name'] == '') { $errUploadMsg = JText::_("COM_PHOCADOWNLOAD_ERROR_SERVER_NOT_ABLE_TO_STORE_FILE_TEMP_FOLDER"); return false; } if (isset($file['name'])) { $filepath = JPath::clean($path['orig_abs_user_upload']. DS. $userFolder . DS.$file['name']); $filepathUserFolder = JPath::clean($path['orig_abs_user_upload']. DS. $userFolder); if (!PhocaDownloadFileUpload::canUpload( $file, $errUploadMsg, 'file', 2 )) { if ($errUploadMsg == 'COM_PHOCADOWNLOAD_WARNUSERFILESTOOLARGE') { $errUploadMsg = JText::_($errUploadMsg) . ' ('.PhocaDownloadFile::getFileSizeReadable($file['size']).')'; } else { $errUploadMsg = JText::_($errUploadMsg); } return false; } if (JFile::exists($filepath) && $overwriteExistingFiles == 0) { $errUploadMsg = JText::_("COM_PHOCADOWNLOAD_FILE_ALREADY_EXISTS"); return false; } // Overwrite file and add no new item to database $fileExists = 0; if (JFile::exists($filepath) && $overwriteExistingFiles == 1) { $fileExists = 1; } if (!JFile::upload($file['tmp_name'], $filepath, false, true)) { $errUploadMsg = JText::_("COM_PHOCADOWNLOAD_UNABLE_TO_UPLOAD_FILE"); return false; } else { // Saving file name into database with relative path if (!JFile::exists($filepathUserFolder . DS ."index.html")) { $data = "<html>\n<body bgcolor=\"#FFFFFF\">\n</body>\n</html>"; JFile::write($filepathUserFolder . DS ."index.html", $data); } $file['namepap'] = $file['name']; $file['name'] = 'userupload/'.$userFolder.'/' . $file['name']; $succeeded = false; // ================================================= // Make a copy for play and preview $papCopy = $paramsC->get( 'pap_copy', 0 ); if ($papCopy == 1 || $papCopy == 3) { $canPlay = PhocaDownloadFile::canPlay($file['namepap']); $canPreview = PhocaDownloadFile::canPreview($file['namepap']); $filepathPAP = JPath::clean($path['orig_abs_user_upload_pap']. DS. $userFolder . DS.$file['namepap']); $filepathUserFolderPAP = JPath::clean($path['orig_abs_user_upload_pap']. DS. $userFolder); if ($canPlay || $canPreview) { $uploadPAP = 1;// upload file for preview and play if (JFile::exists($filepathPAP) && $overwriteExistingFiles == 0) { //$errUploadMsg = JText::_("COM_PHOCADOWNLOAD_FILE_ALREADY_EXISTS"); //return false; $uploadPAP = 0; // don't upload if it exists, it is not main file, don't do false and exit } // Overwrite file and add no new item to database $fileExistsPAP = 0; if (JFile::exists($filepathPAP) && $overwriteExistingFiles == 1) { $fileExistsPAP = 1; } if ($uploadPAP == 0) { } else { if (!JFolder::exists($filepathUserFolderPAP)) { if (JFolder::create($filepathUserFolderPAP)) { $data = "<html>\n<body bgcolor=\"#FFFFFF\">\n</body>\n</html>"; JFile::write($filepathUserFolderPAP . DS ."index.html", $data); } // else { //$errUploadMsg = JText::_("COM_PHOCADOWNLOAD_UNABLE_TO_CREATE_FOLDER"); //return false; //} } if (!JFile::copy($filepath, $filepathPAP)) { //$errUploadMsg = JText::_("COM_PHOCADOWNLOAD_UNABLE_TO_UPLOAD_FILE"); //return false; } else { // Saving file name into database with relative path if (!JFile::exists($filepathUserFolderPAP . DS ."index.html")) { $data = "<html>\n<body bgcolor=\"#FFFFFF\">\n</body>\n</html>"; JFile::write($filepathUserFolderPAP . DS ."index.html", $data); } if ($canPlay == 1) { $post['filename_play'] = 'userupload/'.$userFolder.'/' . $file['namepap']; } else if ($canPreview == 1) { $post['filename_preview'] = 'userupload/'.$userFolder.'/' . $file['namepap']; } } } } } // ============================================== if ($this->_save($post, $file['name'], $errUploadMsg, $fileExists)) { return true; } else { return false; } } } else { $errUploadMsg = JText::_("COM_PHOCADOWNLOAD_WARNFILETYPE"); $redirectUrl = $return; return false; } } else { $errUploadMsg = JText::_("COM_PHOCADOWNLOAD_NOT_AUTHORISED_TO_UPLOAD"); return false; } return false; }
function delete() { $app = JFactory::getApplication(); $post['id'] = $app->input->get('actionid', '', 'int', 0); $post['limitstart'] = $app->input->get('limitstart', '', 'int', 0); $model = $this->getModel('user'); //$isOwnerCategory = 1;//$model->isOwnerCategoryImage((int)$this->_user->id, (int)$id); // USER RIGHT - Delete - - - - - - - - - - - // 2, 2 means that user access will be ignored in function getUserRight for display Delete button $user = JFactory::getUser(); $rightDisplayDelete = 0; $catAccess = PhocaDownloadAccess::getCategoryAccessByFileId((int) $post['id']); if (!empty($catAccess)) { $rightDisplayDelete = PhocaDownloadAccess::getUserRight('deleteuserid', $catAccess->deleteuserid, 2, $user->getAuthorisedViewLevels(), $user->get('id', 0), 0); } // - - - - - - - - - - - - - - - - - - - - - - if ($rightDisplayDelete) { if (!$model->delete((int) $post['id'])) { $msg = JText::_('COM_PHOCADOWNLOAD_ERROR_DELETING_ITEM'); } else { $msg = JText::_('COM_PHOCADOWNLOAD_SUCCESS_DELETING_ITEM'); } } else { $app->redirect($this->loginUrl, $this->loginString); exit; } $lSO = ''; if ($post['limitstart'] != '') { $lSO = '&limitstart=' . (int) $post['limitstart']; } $this->setRedirect(JRoute::_($this->url . $lSO, false), $msg); }