/** * Check the IP address during file download and display an error if it doesn't match the purchase records * * @access public * @since 1.0 * @return void */ public function check_ip($download_id = 0, $email = 0) { $payment_key = isset($_GET['download_key']) ? urldecode($_GET['download_key']) : false; if (empty($payment_key)) { return; } $payment_id = edd_get_purchase_id_by_key($payment_key); if (empty($payment_id)) { return; } $payment_ip = get_post_meta($payment_id, '_edd_payment_user_ip', true); if ($payment_ip !== edd_get_ip()) { wp_die(__('You do not have permission to download this file because your IP address doesn\'t match our records.', 'edd-iplock'), __('Error', 'edd-iplock')); } }
/** * Generates a token for a given URL. * * An 'o' query parameter on a URL can include optional variables to test * against when verifying a token without passing those variables around in * the URL. For example, downloads can be limited to the IP that the URL was * generated for by adding 'o=ip' to the query string. * * Or suppose when WordPress requested a URL for automatic updates, the user * agent could be tested to ensure the URL is only valid for requests from * that user agent. * * @since 2.3 * * @param string $url The URL to generate a token for. * @return string The token for the URL. */ function edd_get_download_token($url = '') { $args = array(); $hash = apply_filters('edd_get_url_token_algorithm', 'sha256'); $secret = apply_filters('edd_get_url_token_secret', hash($hash, wp_salt())); /* * Add additional args to the URL for generating the token. * Allows for restricting access to IP and/or user agent. */ $parts = parse_url($url); $options = array(); if (isset($parts['query'])) { wp_parse_str($parts['query'], $query_args); // o = option checks (ip, user agent). if (!empty($query_args['o'])) { // Multiple options can be checked by separating them with a colon in the query parameter. $options = explode(':', rawurldecode($query_args['o'])); if (in_array('ip', $options)) { $args['ip'] = edd_get_ip(); } if (in_array('ua', $options)) { $ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; $args['user_agent'] = rawurlencode($ua); } } } /* * Filter to modify arguments and allow custom options to be tested. * Be sure to rawurlencode any custom options for consistent results. */ $args = apply_filters('edd_get_url_token_args', $args, $url, $options); $args['secret'] = $secret; $args['token'] = false; // Removes a token if present. $url = add_query_arg($args, $url); $parts = parse_url($url); // In the event there isn't a path, set an empty one so we can MD5 the token if (!isset($parts['path'])) { $parts['path'] = ''; } $token = md5($parts['path'] . '?' . $parts['query']); return $token; }
/** * Log each API request, if enabled * * @access private * @since 1.5 * @global $edd_logs * @global $wp_query * @param array $data * @return void */ private function log_request($data = array()) { if (!$this->log_requests) { return; } global $edd_logs, $wp_query; $query = array('edd-api' => $wp_query->query_vars['edd-api'], 'key' => isset($wp_query->query_vars['key']) ? $wp_query->query_vars['key'] : null, 'token' => isset($wp_query->query_vars['token']) ? $wp_query->query_vars['token'] : null, 'query' => isset($wp_query->query_vars['query']) ? $wp_query->query_vars['query'] : null, 'type' => isset($wp_query->query_vars['type']) ? $wp_query->query_vars['type'] : null, 'product' => isset($wp_query->query_vars['product']) ? $wp_query->query_vars['product'] : null, 'customer' => isset($wp_query->query_vars['customer']) ? $wp_query->query_vars['customer'] : null, 'date' => isset($wp_query->query_vars['date']) ? $wp_query->query_vars['date'] : null, 'startdate' => isset($wp_query->query_vars['startdate']) ? $wp_query->query_vars['startdate'] : null, 'enddate' => isset($wp_query->query_vars['enddate']) ? $wp_query->query_vars['enddate'] : null, 'id' => isset($wp_query->query_vars['id']) ? $wp_query->query_vars['id'] : null, 'purchasekey' => isset($wp_query->query_vars['purchasekey']) ? $wp_query->query_vars['purchasekey'] : null, 'email' => isset($wp_query->query_vars['email']) ? $wp_query->query_vars['email'] : null); $log_data = array('log_type' => 'api_request', 'post_excerpt' => http_build_query($query), 'post_content' => !empty($data['error']) ? $data['error'] : ''); $log_meta = array('request_ip' => edd_get_ip(), 'user' => $this->user_id, 'key' => isset($wp_query->query_vars['key']) ? $wp_query->query_vars['key'] : null, 'token' => isset($wp_query->query_vars['token']) ? $wp_query->query_vars['token'] : null, 'time' => $data['request_speed'], 'version' => $this->get_queried_version()); $edd_logs->insert_log($log_data, $log_meta); }
/** * Insert Payment * * @since 1.0 * @param array $payment_data * @return int|bool Payment ID if payment is inserted, false otherwise */ function edd_insert_payment($payment_data = array()) { if (empty($payment_data)) { return false; } // Make sure the payment is inserted with the correct timezone date_default_timezone_set(edd_get_timezone_id()); // Construct the payment title if (isset($payment_data['user_info']['first_name']) || isset($payment_data['user_info']['last_name'])) { $payment_title = $payment_data['user_info']['first_name'] . ' ' . $payment_data['user_info']['last_name']; } else { $payment_title = $payment_data['user_email']; } // Retrieve the ID of the discount used, if any if ($payment_data['user_info']['discount'] != 'none') { $discount = edd_get_discount_by('code', $payment_data['user_info']['discount']); } // Find the next payment number, if enabled if (edd_get_option('enable_sequential')) { $number = edd_get_next_payment_number(); } $args = apply_filters('edd_insert_payment_args', array('post_title' => $payment_title, 'post_status' => isset($payment_data['status']) ? $payment_data['status'] : 'pending', 'post_type' => 'edd_payment', 'post_parent' => isset($payment_data['parent']) ? $payment_data['parent'] : null, 'post_date' => isset($payment_data['post_date']) ? $payment_data['post_date'] : null, 'post_date_gmt' => isset($payment_data['post_date']) ? get_gmt_from_date($payment_data['post_date']) : null), $payment_data); // Create a blank payment $payment = wp_insert_post($args); if ($payment) { if (isset($payment_data['tax'])) { $cart_tax = $payment_data['tax']; } else { $taxes = $payment_data['cart_details'] ? wp_list_pluck($payment_data['cart_details'], 'tax') : array(); $cart_tax = array_sum($taxes); $cart_tax += edd_get_cart_fee_tax(); } $payment_meta = array('currency' => $payment_data['currency'], 'downloads' => $payment_data['downloads'], 'user_info' => $payment_data['user_info'], 'cart_details' => $payment_data['cart_details']); $mode = edd_is_test_mode() ? 'test' : 'live'; $gateway = !empty($payment_data['gateway']) ? $payment_data['gateway'] : ''; $gateway = empty($gateway) && isset($_POST['edd-gateway']) ? $_POST['edd-gateway'] : $gateway; if (!$payment_data['price']) { // Ensures the _edd_payment_total meta key is created for purchases with an amount of 0 $payment_data['price'] = '0.00'; } // Create or update a customer $customer = new EDD_Customer($payment_data['user_email']); $customer_data = array('name' => $payment_data['user_info']['first_name'] . ' ' . $payment_data['user_info']['last_name'], 'email' => $payment_data['user_email'], 'user_id' => $payment_data['user_info']['id']); if (empty($customer->id)) { $customer->create($customer_data); } else { // Only update the customer if their name or email has changed if ($customer_data['email'] !== $customer->email || $customer_data['name'] !== $customer->name) { // We shouldn't be updating the User ID here, that is an admin task unset($customer_data['user_id']); $customer->update($customer_data); } } $customer->attach_payment($payment, false); // Record the payment details edd_update_payment_meta($payment, '_edd_payment_meta', apply_filters('edd_payment_meta', $payment_meta, $payment_data)); edd_update_payment_meta($payment, '_edd_payment_user_id', $payment_data['user_info']['id']); edd_update_payment_meta($payment, '_edd_payment_customer_id', $customer->id); edd_update_payment_meta($payment, '_edd_payment_user_email', $payment_data['user_email']); edd_update_payment_meta($payment, '_edd_payment_user_ip', edd_get_ip()); edd_update_payment_meta($payment, '_edd_payment_purchase_key', $payment_data['purchase_key']); edd_update_payment_meta($payment, '_edd_payment_total', $payment_data['price']); edd_update_payment_meta($payment, '_edd_payment_mode', $mode); edd_update_payment_meta($payment, '_edd_payment_gateway', $gateway); edd_update_payment_meta($payment, '_edd_payment_tax', $cart_tax); if (!empty($discount)) { edd_update_payment_meta($payment, '_edd_payment_discount_id', $discount->ID); } if (edd_get_option('enable_sequential')) { edd_update_payment_meta($payment, '_edd_payment_number', edd_format_payment_number($number)); update_option('edd_last_payment_number', $number); } // Clear the user's purchased cache delete_transient('edd_user_' . $payment_data['user_info']['id'] . '_purchases'); do_action('edd_insert_payment', $payment, $payment_data); return $payment; // Return the ID } // Return false if no payment was inserted return false; }
/** * Create the base of a payment. * * @since 2.5 * @param array $payment_data Base payment data. * @return int|bool Fale on failure, the payment ID on success. */ private function insert_payment() { // Make sure the payment is inserted with the correct timezone date_default_timezone_set(edd_get_timezone_id()); // Construct the payment title $payment_title = ''; if (!empty($this->first_name) && !empty($this->last_name)) { $payment_title = $this->first_name . ' ' . $this->last_name; } else { if (!empty($this->first_name) && empty($this->last_name)) { $payment_title = $this->first_name; } else { if (!empty($this->email) && is_email($this->email)) { $payment_title = $this->email; } } } if (empty($payment_title)) { return false; } if (empty($this->date)) { $this->date = date('Y-m-d H:i:s', current_time('timestamp')); } if (empty($this->key)) { $auth_key = defined('AUTH_KEY') ? AUTH_KEY : ''; $this->key = strtolower(md5($this->email . date('Y-m-d H:i:s') . $auth_key . uniqid('edd', true))); // Unique key $this->pending['key'] = $this->key; } if (empty($this->ip)) { $this->ip = edd_get_ip(); $this->pending['ip'] = $this->ip; } $payment_data = array('price' => $this->total, 'date' => $this->date, 'user_email' => $this->email, 'purchase_key' => $this->key, 'currency' => $this->currency, 'downloads' => $this->downloads, 'user_info' => array('id' => $this->user_id, 'email' => $this->email, 'first_name' => $this->first_name, 'last_name' => $this->last_name, 'discount' => $this->discounts, 'address' => $this->address), 'cart_details' => $this->cart_details, 'status' => $this->status, 'fees' => $this->fees); $args = apply_filters('edd_insert_payment_args', array('post_title' => $payment_title, 'post_status' => $this->status, 'post_type' => 'edd_payment', 'post_parent' => $this->parent_payment, 'post_date' => $this->date, 'post_date_gmt' => get_gmt_from_date($this->date)), $payment_data); // Create a blank payment $payment_id = wp_insert_post($args); if (!empty($payment_id)) { $this->ID = $payment_id; $this->_ID = $payment_id; $customer = new stdClass(); if (did_action('edd_pre_process_purchase') && is_user_logged_in()) { $customer = new EDD_customer(get_current_user_id(), true); } if (empty($customer->id)) { $customer = new EDD_Customer($this->email); } if (empty($customer->id)) { $customer_data = array('name' => !is_email($payment_title) ? $this->first_name . ' ' . $this->last_name : '', 'email' => $this->email, 'user_id' => $this->user_id); $customer->create($customer_data); } $this->customer_id = $customer->id; $this->pending['customer_id'] = $this->customer_id; $customer->attach_payment($this->ID, false); $this->payment_meta = apply_filters('edd_payment_meta', $this->payment_meta, $payment_data); if (!empty($this->payment_meta['fees'])) { $this->fees = array_merge($this->fees, $this->payment_meta['fees']); foreach ($this->fees as $fee) { $this->increase_fees($fee['amount']); } } $this->update_meta('_edd_payment_meta', $this->payment_meta); $this->new = true; } return $this->ID; }
/** * Get Detected Currency From IP * * Handles to get customer detected currncey * based on IP Address * * @package Easy Digital Downloads - Currency Converter * @since 1.0.0 **/ function edd_currency_get_detected_currency() { global $edd_options; //get currency code detected $currency_detected = wp_cache_get('edd_currency_detected'); //check currency detected is not empty if (empty($currency_detected)) { $detecteddata = array(); //get currency from IP address of customer $currency_url = 'http://www.geoplugin.net/php.gp?ip=' . edd_get_ip(); $remotedata = wp_remote_get($currency_url, array('sslverify' => false)); if (!is_wp_error($remotedata)) { // Check error are not set $detecteddata = isset($remotedata['body']) && !empty($remotedata['body']) ? maybe_unserialize($remotedata['body']) : false; } //check currency detection data should not empty if (!empty($detecteddata)) { //check currency code is detected or not if (isset($detecteddata['geoplugin_currencyCode'])) { $currency_detected = $detecteddata['geoplugin_currencyCode']; //get all currencies data $currencies = edd_currency_get_currency_list(); //check base currency & detected currency is same if ($currency_detected == edd_get_currency()) { $currency_detected = false; } //check detected currency is empty and not set in currency list if (empty($currency_detected) && !isset($currencies[$currency_detected])) { $currency_detected = false; } } else { $currency_detected = false; } } //end if to check detected currecny data is not empty //check detected currency is empty then set it false if (empty($currency_detected)) { $currency_detected = false; } //store detected currency in cache wp_cache_set('edd_currency_detected', $currency_detected); } //end if to check detected currency is not empty //check detected currency is empty then set it false if (empty($currency_detected)) { $currency_detected = false; } return apply_filters('edd_currency_get_customer_detected_currency', $currency_detected); }
/** * Process Download * * Handles the file download process. * * @access private * @since 1.0 * @return void */ function edd_process_download() { if (!isset($_GET['download_id']) && isset($_GET['download'])) { $_GET['download_id'] = $_GET['download']; } $args = apply_filters('edd_process_download_args', array('download' => isset($_GET['download_id']) ? (int) $_GET['download_id'] : '', 'email' => isset($_GET['email']) ? rawurldecode($_GET['email']) : '', 'expire' => isset($_GET['expire']) ? rawurldecode($_GET['expire']) : '', 'file_key' => isset($_GET['file']) ? (int) $_GET['file'] : '', 'price_id' => isset($_GET['price_id']) ? (int) $_GET['price_id'] : false, 'key' => isset($_GET['download_key']) ? $_GET['download_key'] : '', 'eddfile' => isset($_GET['eddfile']) ? $_GET['eddfile'] : '', 'ttl' => isset($_GET['ttl']) ? $_GET['ttl'] : '', 'token' => isset($_GET['token']) ? $_GET['token'] : '')); if (!empty($args['eddfile']) && !empty($args['ttl']) && !empty($args['token'])) { // Validate a signed URL that edd_process_signed_download_urlcontains a token $args = edd_process_signed_download_url($args); // Backfill some legacy super globals for backwards compatibility $_GET['download_id'] = $args['download']; $_GET['email'] = $args['email']; $_GET['expire'] = $args['expire']; $_GET['download_key'] = $args['key']; $_GET['price_id'] = $args['price_id']; } elseif (!empty($args['download']) && !empty($args['key']) && !empty($args['email']) && !empty($args['expire']) && isset($args['file_key'])) { // Validate a legacy URL without a token $args = edd_process_legacy_download_url($args); } else { return; } $args['has_access'] = apply_filters('edd_file_download_has_access', $args['has_access'], $args['payment'], $args); //$args['has_access'] = ( edd_logged_in_only() && is_user_logged_in() ) || !edd_logged_in_only() ? true : false; if ($args['payment'] && $args['has_access']) { do_action('edd_process_verified_download', $args['download'], $args['email'], $args['payment'], $args); // Determine the download method set in settings $method = edd_get_file_download_method(); // Payment has been verified, setup the download $download_files = edd_get_download_files($args['download']); $attachment_id = !empty($download_files[$args['file_key']]['attachment_id']) ? absint($download_files[$args['file_key']]['attachment_id']) : false; /* * If we have an attachment ID stored, use get_attached_file() to retrieve absolute URL * If this fails or returns a relative path, we fail back to our own absolute URL detection */ if ($attachment_id && 'attachment' == get_post_type($attachment_id)) { if ('redirect' == $method) { $attached_file = wp_get_attachment_url($attachment_id); } else { $attached_file = get_attached_file($attachment_id, false); // Confirm the file exists if (!file_exists($attached_file)) { $attached_file = false; } } if ($attached_file) { $requested_file = $attached_file; } } // If we didn't find a file from the attachment, grab the given URL if (!isset($requested_file)) { $requested_file = isset($download_files[$args['file_key']]['file']) ? $download_files[$args['file_key']]['file'] : ''; } // Allow the file to be altered before any headers are sent $requested_file = apply_filters('edd_requested_file', $requested_file, $download_files, $args['file_key']); if ('x_sendfile' == $method && (!function_exists('apache_get_modules') || !in_array('mod_xsendfile', apache_get_modules()))) { // If X-Sendfile is selected but is not supported, fallback to Direct $method = 'direct'; } $file_details = parse_url($requested_file); $schemes = array('http', 'https'); // Direct URL schemes if ((!isset($file_details['scheme']) || !in_array($file_details['scheme'], $schemes)) && isset($file_details['path']) && file_exists($requested_file)) { /** * Download method is seto to Redirect in settings but an absolute path was provided * We need to switch to a direct download in order for the file to download properly */ $method = 'direct'; } /** * Allow extensions to run actions prior to recording the file download log entry * * @since 2.6.14 */ do_action('edd_process_download_pre_record_log', $requested_file, $args, $method); // Record this file download in the log $user_info = array(); $user_info['email'] = $args['email']; if (is_user_logged_in()) { $user_data = get_userdata(get_current_user_id()); $user_info['id'] = get_current_user_id(); $user_info['name'] = $user_data->display_name; } edd_record_download_in_log($args['download'], $args['file_key'], $user_info, edd_get_ip(), $args['payment'], $args['price_id']); $file_extension = edd_get_file_extension($requested_file); $ctype = edd_get_file_ctype($file_extension); if (!edd_is_func_disabled('set_time_limit') && !ini_get('safe_mode')) { @set_time_limit(0); } if (function_exists('get_magic_quotes_runtime') && get_magic_quotes_runtime() && version_compare(phpversion(), '5.4', '<')) { set_magic_quotes_runtime(0); } @session_write_close(); if (function_exists('apache_setenv')) { @apache_setenv('no-gzip', 1); } @ini_set('zlib.output_compression', 'Off'); do_action('edd_process_download_headers', $requested_file, $args['download'], $args['email'], $args['payment']); nocache_headers(); header("Robots: none"); header("Content-Type: " . $ctype . ""); header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=\"" . apply_filters('edd_requested_file_name', basename($requested_file)) . "\""); header("Content-Transfer-Encoding: binary"); // If the file isn't locally hosted, process the redirect if (filter_var($requested_file, FILTER_VALIDATE_URL) && !edd_is_local_file($requested_file)) { edd_deliver_download($requested_file, true); exit; } switch ($method) { case 'redirect': // Redirect straight to the file edd_deliver_download($requested_file, true); break; case 'direct': default: $direct = false; $file_path = $requested_file; if ((!isset($file_details['scheme']) || !in_array($file_details['scheme'], $schemes)) && isset($file_details['path']) && file_exists($requested_file)) { /** This is an absolute path */ $direct = true; $file_path = $requested_file; } else { if (defined('UPLOADS') && strpos($requested_file, UPLOADS) !== false) { /** * This is a local file given by URL so we need to figure out the path * UPLOADS is always relative to ABSPATH * site_url() is the URL to where WordPress is installed */ $file_path = str_replace(site_url(), '', $requested_file); $file_path = realpath(ABSPATH . $file_path); $direct = true; } else { if (strpos($requested_file, content_url()) !== false) { /** This is a local file given by URL so we need to figure out the path */ $file_path = str_replace(content_url(), WP_CONTENT_DIR, $requested_file); $file_path = realpath($file_path); $direct = true; } else { if (strpos($requested_file, set_url_scheme(content_url(), 'https')) !== false) { /** This is a local file given by an HTTPS URL so we need to figure out the path */ $file_path = str_replace(set_url_scheme(content_url(), 'https'), WP_CONTENT_DIR, $requested_file); $file_path = realpath($file_path); $direct = true; } } } } // Set the file size header header("Content-Length: " . @filesize($file_path)); // Now deliver the file based on the kind of software the server is running / has enabled if (stristr(getenv('SERVER_SOFTWARE'), 'lighttpd')) { header("X-LIGHTTPD-send-file: {$file_path}"); } elseif ($direct && (stristr(getenv('SERVER_SOFTWARE'), 'nginx') || stristr(getenv('SERVER_SOFTWARE'), 'cherokee'))) { // We need a path relative to the domain $file_path = str_ireplace(realpath($_SERVER['DOCUMENT_ROOT']), '', $file_path); header("X-Accel-Redirect: /{$file_path}"); } if ($direct) { edd_deliver_download($file_path); } else { // The file supplied does not have a discoverable absolute path edd_deliver_download($requested_file, true); } break; } edd_die(); } else { $error_message = __('You do not have permission to download this file', 'easy-digital-downloads'); wp_die(apply_filters('edd_deny_download_message', $error_message, __('Purchase Verification Failed', 'easy-digital-downloads')), __('Error', 'easy-digital-downloads'), array('response' => 403)); } exit; }
/** * Insert Payment * * @since 1.0 * @param array $payment_data * @return int|bool Payment ID if payment is inserted, false otherwise */ function edd_insert_payment($payment_data = array()) { if (empty($payment_data)) { return false; } $payment = new EDD_Payment(); if (is_array($payment_data['cart_details']) && !empty($payment_data['cart_details'])) { foreach ($payment_data['cart_details'] as $item) { $args = array('quantity' => $item['quantity'], 'price_id' => isset($item['item_number']['options']['price_id']) ? $item['item_number']['options']['price_id'] : null, 'tax' => $item['tax'], 'item_price' => isset($item['item_price']) ? $item['item_price'] : $item['price'], 'fees' => isset($item['fees']) ? $item['fees'] : array(), 'discount' => isset($item['discount']) ? $item['discount'] : 0); $options = isset($item['item_number']['options']) ? $item['item_number']['options'] : array(); $payment->add_download($item['id'], $args, $options); } } $payment->increase_tax(edd_get_cart_fee_tax()); $gateway = !empty($payment_data['gateway']) ? $payment_data['gateway'] : ''; $gateway = empty($gateway) && isset($_POST['edd-gateway']) ? $_POST['edd-gateway'] : $gateway; $payment->status = !empty($payment_data['status']) ? $payment_data['status'] : 'pending'; $payment->currency = !empty($payment_data['currency']) ? $payment_data['currency'] : edd_get_currency(); $payment->user_info = $payment_data['user_info']; $payment->gateway = $gateway; $payment->user_id = $payment_data['user_info']['id']; $payment->email = $payment_data['user_email']; $payment->first_name = $payment_data['user_info']['first_name']; $payment->last_name = $payment_data['user_info']['last_name']; $payment->email = $payment_data['user_info']['email']; $payment->ip = edd_get_ip(); $payment->key = $payment_data['purchase_key']; $payment->mode = edd_is_test_mode() ? 'test' : 'live'; $payment->parent_payment = !empty($payment_data['parent']) ? absint($payment_data['parent']) : ''; $payment->discounts = !empty($payment_data['user_info']['discount']) ? $payment_data['user_info']['discount'] : array(); if (isset($payment_data['post_date'])) { $payment->date = $payment_data['post_date']; } if (edd_get_option('enable_sequential')) { $number = edd_get_next_payment_number(); $payment->number = edd_format_payment_number($number); update_option('edd_last_payment_number', $number); } // Clear the user's purchased cache delete_transient('edd_user_' . $payment_data['user_info']['id'] . '_purchases'); $payment->save(); do_action('edd_insert_payment', $payment->ID, $payment_data); if (!empty($payment->ID)) { return $payment->ID; } // Return false if no payment was inserted return false; }
/** * The free download process. * * Modified from: * /includes/process-download.php -> edd_process_download() * Modifed parts: * Stripping the purchase validation process. * * @return void */ function vp_edd_fd_process_download() { global $edd_options; $valid = true; $payment = -1; $download = isset($_GET['did']) ? (int) $_GET['did'] : ''; $expire = isset($_GET['expire']) ? base64_decode(rawurldecode($_GET['expire'])) : ''; $file_key = isset($_GET['file']) ? (int) $_GET['file'] : ''; // if( $download === '' || $email === '' || $file_key === '' ) if ($download === '' || $file_key === '') { return false; } // make sure user logged in $must_logged_in = isset($edd_options['vp_edd_fd_must_logged_in']) ? $edd_options['vp_edd_fd_must_logged_in'] : false; if ($must_logged_in) { if (!is_user_logged_in()) { $valid = false; } } // Make sure the link hasn't expired if (current_time('timestamp') > $expire) { wp_die(apply_filters('edd_download_link_expired_text', __('Sorry but your download link has expired.', 'edd')), __('Error', 'edd')); } // Check to see if the file download limit has been reached if (edd_is_file_at_download_limit($download, -1, $file_key)) { wp_die(apply_filters('edd_download_limit_reached_text', __('Sorry but you have hit your download limit for this file.', 'edd')), __('Error', 'edd')); } if ($valid) { // setup the download $download_files = edd_get_download_files($download); $requested_file = apply_filters('edd_requested_file', $download_files[$file_key]['file'], $download_files, $file_key); // gather user data $user_info = array(); if ($must_logged_in) { global $user_ID; $user_data = get_userdata($user_ID); $user_info['email'] = $user_data->user_email; $user_info['id'] = $user_ID; $user_info['name'] = $user_data->display_name; } else { $user_info['email'] = 'anonymous'; $user_info['id'] = 'anonymous'; } edd_record_download_in_log($download, $file_key, $user_info, edd_get_ip(), $payment); $file_extension = edd_get_file_extension($requested_file); $ctype = edd_get_file_ctype($file_extension); if (!edd_is_func_disabled('set_time_limit') && !ini_get('safe_mode')) { set_time_limit(0); } if (function_exists('get_magic_quotes_runtime') && get_magic_quotes_runtime()) { set_magic_quotes_runtime(0); } @session_write_close(); if (function_exists('apache_setenv')) { @apache_setenv('no-gzip', 1); } @ini_set('zlib.output_compression', 'Off'); nocache_headers(); header("Robots: none"); header("Content-Type: " . $ctype . ""); header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=\"" . apply_filters('edd_requested_file_name', basename($requested_file)) . "\";"); header("Content-Transfer-Encoding: binary"); $file_path = realpath($requested_file); if (strpos($requested_file, 'http://') === false && strpos($requested_file, 'https://') === false && strpos($requested_file, 'ftp://') === false && file_exists($file_path)) { /** This is an absolute path */ edd_deliver_download($file_path); } else { if (strpos($requested_file, WP_CONTENT_URL) !== false) { /** This is a local file given by URL */ $upload_dir = wp_upload_dir(); $file_path = str_replace(WP_CONTENT_URL, WP_CONTENT_DIR, $requested_file); $file_path = realpath($file_path); if (file_exists($file_path)) { edd_deliver_download($file_path); } else { // Absolute path couldn't be discovered so send straight to the file URL header("Location: " . $requested_file); } } else { // This is a remote file header("Location: " . $requested_file); } } exit; } else { wp_die(apply_filters('edd_deny_download_message', __('You do not have permission to download this file.', 'vp_edd_fd')), __('Error', 'edd')); } exit; }
/** * Process add-on Downloads * * Handles the file download process for add-ons. * * @access private * @since 1.1 * @return void */ function affwp_process_add_on_download() { if (!isset($_GET['add_on'])) { return; } if (!is_user_logged_in()) { return; } $add_on = absint($_GET['add_on']); if ('download' != get_post_type($add_on)) { return; } $has_ultimate_license = in_array(3, affwp_get_users_price_ids()); $has_professional_license = in_array(2, affwp_get_users_price_ids()); if (!($has_ultimate_license || $has_professional_license)) { wp_die('You need either an Ultimate or Professional license to download this add-on', 'Error', array('response' => 403)); } $user_info = array(); $user_data = get_userdata(get_current_user_id()); $user_info['email'] = $user_data->user_email; $user_info['id'] = $user_data->ID; $user_info['name'] = $user_data->display_name; edd_record_download_in_log($add_on, 0, $user_info, edd_get_ip(), 0, 0); $download_files = edd_get_download_files($add_on); $requested_file = $download_files[0]['file']; $file_extension = edd_get_file_extension($requested_file); $ctype = edd_get_file_ctype($file_extension); if (!edd_is_func_disabled('set_time_limit') && !ini_get('safe_mode')) { set_time_limit(0); } if (function_exists('get_magic_quotes_runtime') && get_magic_quotes_runtime()) { set_magic_quotes_runtime(0); } @session_write_close(); if (function_exists('apache_setenv')) { @apache_setenv('no-gzip', 1); } @ini_set('zlib.output_compression', 'Off'); nocache_headers(); header("Robots: none"); header("Content-Type: " . $ctype . ""); header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=\"" . basename($requested_file) . "\""); header("Content-Transfer-Encoding: binary"); $method = edd_get_file_download_method(); if ('x_sendfile' == $method && (!function_exists('apache_get_modules') || !in_array('mod_xsendfile', apache_get_modules()))) { // If X-Sendfile is selected but is not supported, fallback to Direct $method = 'direct'; } switch ($method) { case 'redirect': // Redirect straight to the file header("Location: " . $requested_file); break; case 'direct': default: $direct = false; $file_details = parse_url($requested_file); $schemes = array('http', 'https'); // Direct URL schemes if ((!isset($file_details['scheme']) || !in_array($file_details['scheme'], $schemes)) && isset($file_details['path']) && file_exists($requested_file)) { /** This is an absolute path */ $direct = true; $file_path = $requested_file; } else { if (defined('UPLOADS') && strpos($requested_file, UPLOADS) !== false) { /** * This is a local file given by URL so we need to figure out the path * UPLOADS is always relative to ABSPATH * site_url() is the URL to where WordPress is installed */ $file_path = str_replace(site_url(), '', $requested_file); $file_path = realpath(ABSPATH . $file_path); $direct = true; } else { if (strpos($requested_file, WP_CONTENT_URL) !== false) { /** This is a local file given by URL so we need to figure out the path */ $file_path = str_replace(WP_CONTENT_URL, WP_CONTENT_DIR, $requested_file); $file_path = realpath($file_path); $direct = true; } } } // Now deliver the file based on the kind of software the server is running / has enabled if (function_exists('apache_get_modules') && in_array('mod_xsendfile', apache_get_modules())) { header("X-Sendfile: {$file_path}"); } elseif (stristr(getenv('SERVER_SOFTWARE'), 'lighttpd')) { header("X-LIGHTTPD-send-file: {$file_path}"); } elseif (stristr(getenv('SERVER_SOFTWARE'), 'nginx') || stristr(getenv('SERVER_SOFTWARE'), 'cherokee')) { // We need a path relative to the domain $file_path = str_ireplace($_SERVER['DOCUMENT_ROOT'], '', $file_path); header("X-Accel-Redirect: /{$file_path}"); } else { if ($direct) { edd_deliver_download($file_path); } else { // The file supplied does not have a discoverable absolute path header("Location: " . $requested_file); } } break; } edd_die(); exit; }
/** * Process Download * * Handles the file download process. * * @access private * @since 1.0 * @return void */ function edd_process_download() { $args = apply_filters('edd_process_download_args', array('download' => isset($_GET['download']) ? (int) $_GET['download'] : '', 'email' => isset($_GET['email']) ? rawurldecode($_GET['email']) : '', 'expire' => isset($_GET['expire']) ? base64_decode(rawurldecode($_GET['expire'])) : '', 'file_key' => isset($_GET['file']) ? (int) $_GET['file'] : '', 'key' => isset($_GET['download_key']) ? $_GET['download_key'] : '')); if ($args['download'] === '' || $args['email'] === '' || $args['file_key'] === '') { return false; } extract($args); $payment = edd_verify_download_link($download, $key, $email, $expire, $file_key); // Defaulting this to true for now because the method below doesn't work well $has_access = apply_filters('edd_file_download_has_access', true, $payment, $args); //$has_access = ( edd_logged_in_only() && is_user_logged_in() ) || !edd_logged_in_only() ? true : false; if ($payment && $has_access) { do_action('edd_process_verified_download', $download, $email); // payment has been verified, setup the download $download_files = edd_get_download_files($download); $requested_file = apply_filters('edd_requested_file', $download_files[$file_key]['file']); $user_info = array(); $user_info['email'] = $email; if (is_user_logged_in()) { global $user_ID; $user_data = get_userdata($user_ID); $user_info['id'] = $user_ID; $user_info['name'] = $user_data->display_name; } edd_record_download_in_log($download, $file_key, $user_info, edd_get_ip(), $payment); $file_extension = edd_get_file_extension($requested_file); $ctype = edd_get_file_ctype($file_extension); if (!edd_is_func_disabled('set_time_limit') && !ini_get('safe_mode')) { set_time_limit(0); } if (function_exists('get_magic_quotes_runtime') && get_magic_quotes_runtime()) { set_magic_quotes_runtime(0); } @session_write_close(); if (function_exists('apache_setenv')) { @apache_setenv('no-gzip', 1); } @ini_set('zlib.output_compression', 'Off'); @ob_end_clean(); if (ob_get_level()) { @ob_end_clean(); } // Zip corruption fix nocache_headers(); header("Robots: none"); header("Content-Type: " . $ctype . ""); header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=\"" . apply_filters('edd_requested_file_name', basename($requested_file)) . "\";"); header("Content-Transfer-Encoding: binary"); if (strpos($requested_file, 'http://') === false && strpos($requested_file, 'https://') === false && strpos($requested_file, 'ftp://') === false) { // this is an absolute path $requested_file = realpath($requested_file); if (file_exists($requested_file)) { if ($size = @filesize($requested_file)) { header("Content-Length: " . $size); } @edd_readfile_chunked($requested_file); } else { wp_die(__('Sorry but this file does not exist.', 'edd'), __('Error', 'edd')); } } else { if (strpos($requested_file, WP_CONTENT_URL) !== false) { // This is a local file given by URL $upload_dir = wp_upload_dir(); $requested_file = str_replace(WP_CONTENT_URL, WP_CONTENT_DIR, $requested_file); $requested_file = realpath($requested_file); if (file_exists($requested_file)) { if ($size = @filesize($requested_file)) { header("Content-Length: " . $size); } @edd_readfile_chunked($requested_file); } else { wp_die(__('Sorry but this file does not exist.', 'edd'), __('Error', 'edd')); } } else { // This is a remote file header("Location: " . $requested_file); } } exit; } else { $error_message = __('You do not have permission to download this file', 'edd'); wp_die(apply_filters('edd_deny_download_message', $error_message, __('Purchase Verification Failed', 'edd'))); } exit; }
/** * Insert Payment * * @access public * @since 1.0 * @return void */ function edd_insert_payment($payment_data = array()) { if (empty($payment_data)) { return false; } // construct the payment title if (isset($payment_data['user_info']['first_name']) || isset($payment_data['user_info']['last_name'])) { $payment_title = $payment_data['user_info']['first_name'] . ' ' . $payment_data['user_info']['last_name']; } else { $payment_title = $payment_data['user_email']; } if (isset($payment_data['status'])) { $status = $payment_data['status']; } else { $status = 'pending'; } // create a blank payment $payment = wp_insert_post(array('post_title' => $payment_title, 'post_status' => $status, 'post_type' => 'edd_payment', 'post_date' => $payment_data['date'])); if ($payment) { $payment_meta = array('amount' => $payment_data['price'], 'date' => $payment_data['date'], 'email' => $payment_data['user_email'], 'key' => $payment_data['purchase_key'], 'currency' => $payment_data['currency'], 'downloads' => serialize($payment_data['downloads']), 'user_info' => serialize($payment_data['user_info']), 'cart_details' => serialize($payment_data['cart_details']), 'user_id' => $payment_data['user_info']['id']); $mode = edd_is_test_mode() ? 'test' : 'live'; $gateway = isset($_POST['edd-gateway']) ? $_POST['edd-gateway'] : ''; // record the payment details update_post_meta($payment, '_edd_payment_meta', apply_filters('edd_payment_meta', $payment_meta, $payment_data)); update_post_meta($payment, '_edd_payment_user_id', $payment_data['user_info']['id']); update_post_meta($payment, '_edd_payment_user_email', $payment_data['user_email']); update_post_meta($payment, '_edd_payment_user_ip', edd_get_ip()); update_post_meta($payment, '_edd_payment_purchase_key', $payment_data['purchase_key']); update_post_meta($payment, '_edd_payment_total', $payment_data['price']); update_post_meta($payment, '_edd_payment_mode', $mode); update_post_meta($payment, '_edd_payment_gateway', $gateway); // clear the user's purchased cache delete_transient('edd_user_' . $payment_data['user_info']['id'] . '_purchases'); do_action('edd_insert_payment', $payment, $payment_data); return $payment; // return the ID } // return false if no payment was inserted return false; }
/** * Insert Payment * * @since 1.0 * @param array $payment_data * @return bool true if payment is inserted, false otherwise */ function edd_insert_payment($payment_data = array()) { if (empty($payment_data)) { return false; } // Construct the payment title if (isset($payment_data['user_info']['first_name']) || isset($payment_data['user_info']['last_name'])) { $payment_title = $payment_data['user_info']['first_name'] . ' ' . $payment_data['user_info']['last_name']; } else { $payment_title = $payment_data['user_email']; } // Retrieve the ID of the discount used, if any if ($payment_data['user_info']['discount'] != 'none') { $discount = edd_get_discount_by_code($payment_data['user_info']['discount']); } $args = apply_filters('edd_insert_payment_args', array('post_title' => $payment_title, 'post_status' => isset($payment_data['status']) ? $payment_data['status'] : 'pending', 'post_type' => 'edd_payment', 'post_parent' => isset($payment_data['parent']) ? $payment_data['parent'] : null, 'post_date' => isset($payment_data['post_date']) ? $payment_data['post_date'] : null, 'post_date_gmt' => isset($payment_data['post_date']) ? $payment_data['post_date'] : null), $payment_data); // Create a blank payment $payment = wp_insert_post($args); if ($payment) { $payment_meta = array('currency' => $payment_data['currency'], 'downloads' => serialize($payment_data['downloads']), 'user_info' => serialize($payment_data['user_info']), 'cart_details' => serialize($payment_data['cart_details']), 'tax' => edd_is_cart_taxed() ? edd_get_cart_tax() : 0); $mode = edd_is_test_mode() ? 'test' : 'live'; $gateway = isset($_POST['edd-gateway']) ? $_POST['edd-gateway'] : ''; // Record the payment details update_post_meta($payment, '_edd_payment_meta', apply_filters('edd_payment_meta', $payment_meta, $payment_data)); update_post_meta($payment, '_edd_payment_user_id', $payment_data['user_info']['id']); update_post_meta($payment, '_edd_payment_user_email', $payment_data['user_email']); update_post_meta($payment, '_edd_payment_user_ip', edd_get_ip()); update_post_meta($payment, '_edd_payment_purchase_key', $payment_data['purchase_key']); update_post_meta($payment, '_edd_payment_total', $payment_data['price']); update_post_meta($payment, '_edd_payment_mode', $mode); update_post_meta($payment, '_edd_payment_gateway', $gateway); if (!empty($discount)) { update_post_meta($payment, '_edd_payment_discount_id', $discount->ID); } // Clear the user's purchased cache delete_transient('edd_user_' . $payment_data['user_info']['id'] . '_purchases'); do_action('edd_insert_payment', $payment, $payment_data); return $payment; // Return the ID } // Return false if no payment was inserted return false; }
/** * Process Download * * Handles the file download process. * * @access private * @since 1.0 * @return void */ function edd_process_download() { if (isset($_GET['download']) && isset($_GET['email']) && isset($_GET['file'])) { $download = urldecode($_GET['download']); $key = urldecode($_GET['download_key']); $email = rawurldecode($_GET['email']); $file_key = urldecode($_GET['file']); $expire = urldecode(base64_decode($_GET['expire'])); $payment = edd_verify_download_link($download, $key, $email, $expire, $file_key); // defaulting this to true for now because the method below doesn't work well $has_access = true; //$has_access = ( edd_logged_in_only() && is_user_logged_in() ) || !edd_logged_in_only() ? true : false; if ($payment && $has_access) { do_action('edd_process_verified_download', $download, $email); // payment has been verified, setup the download $download_files = edd_get_download_files($download); $requested_file = apply_filters('edd_requested_file', $download_files[$file_key]['file']); $user_info = array(); $user_info['email'] = $email; if (is_user_logged_in()) { global $user_ID; $user_data = get_userdata($user_ID); $user_info['id'] = $user_ID; $user_info['name'] = $user_data->display_name; } edd_record_download_in_log($download, $file_key, $user_info, edd_get_ip(), date('Y-m-d H:i:s')); $file_extension = edd_get_file_extension($requested_file); switch ($file_extension) { case 'ai': $ctype = "application/postscript"; break; case 'aif': $ctype = "audio/x-aiff"; break; case 'aifc': $ctype = "audio/x-aiff"; break; case 'aiff': $ctype = "audio/x-aiff"; break; case 'asc': $ctype = "text/plain"; break; case 'atom': $ctype = "application/atom+xml"; break; case 'au': $ctype = "audio/basic"; break; case 'avi': $ctype = "video/x-msvideo"; break; case 'bcpio': $ctype = "application/x-bcpio"; break; case 'bin': $ctype = "application/octet-stream"; break; case 'bmp': $ctype = "image/bmp"; break; case 'cdf': $ctype = "application/x-netcdf"; break; case 'cgm': $ctype = "image/cgm"; break; case 'class': $ctype = "application/octet-stream"; break; case 'cpio': $ctype = "application/x-cpio"; break; case 'cpt': $ctype = "application/mac-compactpro"; break; case 'csh': $ctype = "application/x-csh"; break; case 'css': $ctype = "text/css"; break; case 'dcr': $ctype = "application/x-director"; break; case 'dif': $ctype = "video/x-dv"; break; case 'dir': $ctype = "application/x-director"; break; case 'djv': $ctype = "image/vnd.djvu"; break; case 'djvu': $ctype = "image/vnd.djvu"; break; case 'dll': $ctype = "application/octet-stream"; break; case 'dmg': $ctype = "application/octet-stream"; break; case 'dms': $ctype = "application/octet-stream"; break; case 'doc': $ctype = "application/msword"; break; case 'dtd': $ctype = "application/xml-dtd"; break; case 'dv': $ctype = "video/x-dv"; break; case 'dvi': $ctype = "application/x-dvi"; break; case 'dxr': $ctype = "application/x-director"; break; case 'eps': $ctype = "application/postscript"; break; case 'etx': $ctype = "text/x-setext"; break; case 'exe': $ctype = "application/octet-stream"; break; case 'ez': $ctype = "application/andrew-inset"; break; case 'gif': $ctype = "image/gif"; break; case 'gram': $ctype = "application/srgs"; break; case 'grxml': $ctype = "application/srgs+xml"; break; case 'gtar': $ctype = "application/x-gtar"; break; case 'hdf': $ctype = "application/x-hdf"; break; case 'hqx': $ctype = "application/mac-binhex40"; break; case 'htm': $ctype = "text/html"; break; case 'html': $ctype = "text/html"; break; case 'ice': $ctype = "x-conference/x-cooltalk"; break; case 'ico': $ctype = "image/x-icon"; break; case 'ics': $ctype = "text/calendar"; break; case 'ief': $ctype = "image/ief"; break; case 'ifb': $ctype = "text/calendar"; break; case 'iges': $ctype = "model/iges"; break; case 'igs': $ctype = "model/iges"; break; case 'jnlp': $ctype = "application/x-java-jnlp-file"; break; case 'jp2': $ctype = "image/jp2"; break; case 'jpe': $ctype = "image/jpeg"; break; case 'jpeg': $ctype = "image/jpeg"; break; case 'jpg': $ctype = "image/jpeg"; break; case 'js': $ctype = "application/x-javascript"; break; case 'kar': $ctype = "audio/midi"; break; case 'latex': $ctype = "application/x-latex"; break; case 'lha': $ctype = "application/octet-stream"; break; case 'lzh': $ctype = "application/octet-stream"; break; case 'm3u': $ctype = "audio/x-mpegurl"; break; case 'm4a': $ctype = "audio/mp4a-latm"; break; case 'm4b': $ctype = "audio/mp4a-latm"; break; case 'm4p': $ctype = "audio/mp4a-latm"; break; case 'm4u': $ctype = "video/vnd.mpegurl"; break; case 'm4v': $ctype = "video/x-m4v"; break; case 'mac': $ctype = "image/x-macpaint"; break; case 'man': $ctype = "application/x-troff-man"; break; case 'mathml': $ctype = "application/mathml+xml"; break; case 'me': $ctype = "application/x-troff-me"; break; case 'mesh': $ctype = "model/mesh"; break; case 'mid': $ctype = "audio/midi"; break; case 'midi': $ctype = "audio/midi"; break; case 'mif': $ctype = "application/vnd.mif"; break; case 'mov': $ctype = "video/quicktime"; break; case 'movie': $ctype = "video/x-sgi-movie"; break; case 'mp2': $ctype = "audio/mpeg"; break; case 'mp3': $ctype = "audio/mpeg"; break; case 'mp4': $ctype = "video/mp4"; break; case 'mpe': $ctype = "video/mpeg"; break; case 'mpeg': $ctype = "video/mpeg"; break; case 'mpg': $ctype = "video/mpeg"; break; case 'mpga': $ctype = "audio/mpeg"; break; case 'ms': $ctype = "application/x-troff-ms"; break; case 'msh': $ctype = "model/mesh"; break; case 'mxu': $ctype = "video/vnd.mpegurl"; break; case 'nc': $ctype = "application/x-netcdf"; break; case 'oda': $ctype = "application/oda"; break; case 'ogg': $ctype = "application/ogg"; break; case 'pbm': $ctype = "image/x-portable-bitmap"; break; case 'pct': $ctype = "image/pict"; break; case 'pdb': $ctype = "chemical/x-pdb"; break; case 'pdf': $ctype = "application/pdf"; break; case 'pgm': $ctype = "image/x-portable-graymap"; break; case 'pgn': $ctype = "application/x-chess-pgn"; break; case 'pic': $ctype = "image/pict"; break; case 'pict': $ctype = "image/pict"; break; case 'png': $ctype = "image/png"; break; case 'pnm': $ctype = "image/x-portable-anymap"; break; case 'pnt': $ctype = "image/x-macpaint"; break; case 'pntg': $ctype = "image/x-macpaint"; break; case 'ppm': $ctype = "image/x-portable-pixmap"; break; case 'ppt': $ctype = "application/vnd.ms-powerpoint"; break; case 'ps': $ctype = "application/postscript"; break; case 'qt': $ctype = "video/quicktime"; break; case 'qti': $ctype = "image/x-quicktime"; break; case 'qtif': $ctype = "image/x-quicktime"; break; case 'ra': $ctype = "audio/x-pn-realaudio"; break; case 'ram': $ctype = "audio/x-pn-realaudio"; break; case 'ras': $ctype = "image/x-cmu-raster"; break; case 'rdf': $ctype = "application/rdf+xml"; break; case 'rgb': $ctype = "image/x-rgb"; break; case 'rm': $ctype = "application/vnd.rn-realmedia"; break; case 'roff': $ctype = "application/x-troff"; break; case 'rtf': $ctype = "text/rtf"; break; case 'rtx': $ctype = "text/richtext"; break; case 'sgm': $ctype = "text/sgml"; break; case 'sgml': $ctype = "text/sgml"; break; case 'sh': $ctype = "application/x-sh"; break; case 'shar': $ctype = "application/x-shar"; break; case 'silo': $ctype = "model/mesh"; break; case 'sit': $ctype = "application/x-stuffit"; break; case 'skd': $ctype = "application/x-koan"; break; case 'skm': $ctype = "application/x-koan"; break; case 'skp': $ctype = "application/x-koan"; break; case 'skt': $ctype = "application/x-koan"; break; case 'smi': $ctype = "application/smil"; break; case 'smil': $ctype = "application/smil"; break; case 'snd': $ctype = "audio/basic"; break; case 'so': $ctype = "application/octet-stream"; break; case 'spl': $ctype = "application/x-futuresplash"; break; case 'src': $ctype = "application/x-wais-source"; break; case 'sv4cpio': $ctype = "application/x-sv4cpio"; break; case 'sv4crc': $ctype = "application/x-sv4crc"; break; case 'svg': $ctype = "image/svg+xml"; break; case 'swf': $ctype = "application/x-shockwave-flash"; break; case 't': $ctype = "application/x-troff"; break; case 'tar': $ctype = "application/x-tar"; break; case 'tcl': $ctype = "application/x-tcl"; break; case 'tex': $ctype = "application/x-tex"; break; case 'texi': $ctype = "application/x-texinfo"; break; case 'texinfo': $ctype = "application/x-texinfo"; break; case 'tif': $ctype = "image/tiff"; break; case 'tiff': $ctype = "image/tiff"; break; case 'tr': $ctype = "application/x-troff"; break; case 'tsv': $ctype = "text/tab-separated-values"; break; case 'txt': $ctype = "text/plain"; break; case 'ustar': $ctype = "application/x-ustar"; break; case 'vcd': $ctype = "application/x-cdlink"; break; case 'vrml': $ctype = "model/vrml"; break; case 'vxml': $ctype = "application/voicexml+xml"; break; case 'wav': $ctype = "audio/x-wav"; break; case 'wbmp': $ctype = "image/vnd.wap.wbmp"; break; case 'wbmxl': $ctype = "application/vnd.wap.wbxml"; break; case 'wml': $ctype = "text/vnd.wap.wml"; break; case 'wmlc': $ctype = "application/vnd.wap.wmlc"; break; case 'wmls': $ctype = "text/vnd.wap.wmlscript"; break; case 'wmlsc': $ctype = "application/vnd.wap.wmlscriptc"; break; case 'wrl': $ctype = "model/vrml"; break; case 'xbm': $ctype = "image/x-xbitmap"; break; case 'xht': $ctype = "application/xhtml+xml"; break; case 'xhtml': $ctype = "application/xhtml+xml"; break; case 'xls': $ctype = "application/vnd.ms-excel"; break; case 'xml': $ctype = "application/xml"; break; case 'xpm': $ctype = "image/x-xpixmap"; break; case 'xsl': $ctype = "application/xml"; break; case 'xslt': $ctype = "application/xslt+xml"; break; case 'xul': $ctype = "application/vnd.mozilla.xul+xml"; break; case 'xwd': $ctype = "image/x-xwindowdump"; break; case 'xyz': $ctype = "chemical/x-xyz"; break; case 'zip': $ctype = "application/zip"; break; default: $ctype = "application/force-download"; } if (!ini_get('safe_mode')) { set_time_limit(0); } if (function_exists('get_magic_quotes_runtime') && get_magic_quotes_runtime()) { set_magic_quotes_runtime(0); } @session_write_close(); if (function_exists('apache_setenv')) { @apache_setenv('no-gzip', 1); } @ini_set('zlib.output_compression', 'Off'); @ob_end_clean(); if (ob_get_level()) { @ob_end_clean(); } // Zip corruption fix header("Pragma: no-cache"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Robots: none"); header("Content-Type: " . $ctype . ""); header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=\"" . apply_filters('edd_requested_file_name', basename($requested_file)) . "\";"); header("Content-Transfer-Encoding: binary"); if (strpos($requested_file, 'http://') === false && strpos($requested_file, 'https://') === false && strpos($requested_file, 'ftp://') === false) { // this is an absolute path $requested_file = realpath($requested_file); if (file_exists($requested_file)) { if ($size = @filesize($requested_file)) { header("Content-Length: " . $size); } @edd_readfile_chunked($requested_file); } else { wp_die(__('Sorry but this file does not exist.', 'edd'), __('Error')); } } else { if (strpos($requested_file, WP_CONTENT_URL) !== false) { // this is a local file given by URL $upload_dir = wp_upload_dir(); $requested_file = str_replace(WP_CONTENT_URL, WP_CONTENT_DIR, $requested_file); $requested_file = realpath($requested_file); if (file_exists($requested_file)) { if ($size = @filesize($requested_file)) { header("Content-Length: " . $size); } @edd_readfile_chunked($requested_file); } else { wp_die(__('Sorry but this file does not exist.', 'edd'), __('Error')); } } else { // this is a remote file header("Location: " . $requested_file); } } exit; } else { wp_die(__('You do not have permission to download this file', 'edd'), __('Purchase Verification Failed', 'edd')); } exit; } }