function DLM_uploadNewFile($newfile, $directory, $name = '') { global $_DLM_CONF; $tmp = $newfile['tmp_name']; if (empty($name)) { $name = COM_applyFilter($newfile['name']); if (empty($name)) { return false; } } $newfilepath = $directory . DLM_encodeFileName($name); if (!is_uploaded_file($tmp)) { COM_errorLog("Downloads: upload error: Temporary file does not exist: '" . $tmp . "'"); DLM_showErrorMessage('1003'); return false; } if (file_exists($newfilepath)) { COM_errorLog("Downloads: warning: Added new filelisting for a file that already exists " . $newfilepath); return true; // not uploaded. this OK? or upload and overwrite force. } if (!move_uploaded_file($tmp, $newfilepath)) { COM_errorLog("Downloads: upload error: Could not move an uploaded file: " . $tmp . " to " . $name); DLM_showErrorMessage('1004'); return false; } @chmod($newfilepath, intval((string) $_DLM_CONF['filepermissions'], 8)); return true; }
function _unlinkCatImage($name) { global $_TABLES, $_DLM_CONF; if (empty($name)) { return; } $target = $_DLM_CONF['path_snapcat'] . DLM_encodeFileName($name); $count = DB_count($_TABLES['downloadcategories'], 'imgurl', addslashes($name)); if ($count == 0) { $this->_unlink($target); } }
$uid = isset($_USER['uid']) ? $_USER['uid'] : 1; COM_setArgNames(array('id')); $lid = addslashes(COM_applyFilter(COM_getArgument('id'))); $sql = "SELECT COUNT(*) FROM {$_TABLES['downloads']} a " . "LEFT JOIN {$_TABLES['downloadcategories']} b ON a.cid=b.cid " . "WHERE a.lid='{$lid}' " . COM_getPermSQL('AND', 0, 2, 'b'); list($count) = DB_fetchArray(DB_query($sql)); if ($count == 0 || DB_count($_TABLES['downloads'], "lid", $lid) == 0) { COM_errorLog("Downloads: invalid attempt to download a file. " . "User:{$_USER['username']}, IP:{$_SERVER['REMOTE_ADDR']}, File ID:{$lid}"); echo COM_refresh($_CONF['site_url'] . '/downloads/index.php'); exit; } $result = DB_query("SELECT url, secret_id, owner_id FROM {$_TABLES['downloads']} WHERE lid='{$lid}'"); list($url, $secret_id, $owner_id) = DB_fetchArray($result); if ($uid !== $owner_id || $uid == $owner_id && $_DLM_CONF['cut_own_download'] == 0) { DB_query("INSERT INTO {$_TABLES['downloadhistories']} (uid, lid, remote_ip, date) " . "VALUES ({$uid}, '{$lid}', '{$_SERVER['REMOTE_ADDR']}', NOW())"); DB_query("UPDATE {$_TABLES['downloads']} SET hits=hits+1 " . "WHERE lid='{$lid}'"); } $filename = $secret_id . '_' . DLM_encodeFileName($url); $filepath = $_DLM_CONF['path_filestore'] . $filename; if (file_exists($filepath)) { header('Content-Disposition: attachment; filename="' . $url . '"'); header('Content-Type: application/octet-stream'); header('Content-Description: File Transfer'); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); header('Content-Length: ' . filesize($filepath)); ob_clean(); flush(); @readfile($filepath); }