Exemplo n.º 1
0
function DLM_uploadNewFile($newfile, $directory, $name = '')
{
    global $_DLM_CONF;
    $tmp = $newfile['tmp_name'];
    if (empty($name)) {
        $name = COM_applyFilter($newfile['name']);
        if (empty($name)) {
            return false;
        }
    }
    $newfilepath = $directory . DLM_encodeFileName($name);
    if (!is_uploaded_file($tmp)) {
        COM_errorLog("Downloads: upload error: Temporary file does not exist: '" . $tmp . "'");
        DLM_showErrorMessage('1003');
        return false;
    }
    if (file_exists($newfilepath)) {
        COM_errorLog("Downloads: warning: Added new filelisting for a file that already exists " . $newfilepath);
        return true;
        // not uploaded. this OK? or upload and overwrite force.
    }
    if (!move_uploaded_file($tmp, $newfilepath)) {
        COM_errorLog("Downloads: upload error: Could not move an uploaded file: " . $tmp . " to " . $name);
        DLM_showErrorMessage('1004');
        return false;
    }
    @chmod($newfilepath, intval((string) $_DLM_CONF['filepermissions'], 8));
    return true;
}
Exemplo n.º 2
0
 function _unlinkCatImage($name)
 {
     global $_TABLES, $_DLM_CONF;
     if (empty($name)) {
         return;
     }
     $target = $_DLM_CONF['path_snapcat'] . DLM_encodeFileName($name);
     $count = DB_count($_TABLES['downloadcategories'], 'imgurl', addslashes($name));
     if ($count == 0) {
         $this->_unlink($target);
     }
 }
Exemplo n.º 3
0
$uid = isset($_USER['uid']) ? $_USER['uid'] : 1;
COM_setArgNames(array('id'));
$lid = addslashes(COM_applyFilter(COM_getArgument('id')));
$sql = "SELECT COUNT(*) FROM {$_TABLES['downloads']} a " . "LEFT JOIN {$_TABLES['downloadcategories']} b ON a.cid=b.cid " . "WHERE a.lid='{$lid}' " . COM_getPermSQL('AND', 0, 2, 'b');
list($count) = DB_fetchArray(DB_query($sql));
if ($count == 0 || DB_count($_TABLES['downloads'], "lid", $lid) == 0) {
    COM_errorLog("Downloads: invalid attempt to download a file. " . "User:{$_USER['username']}, IP:{$_SERVER['REMOTE_ADDR']}, File ID:{$lid}");
    echo COM_refresh($_CONF['site_url'] . '/downloads/index.php');
    exit;
}
$result = DB_query("SELECT url, secret_id, owner_id FROM {$_TABLES['downloads']} WHERE lid='{$lid}'");
list($url, $secret_id, $owner_id) = DB_fetchArray($result);
if ($uid !== $owner_id || $uid == $owner_id && $_DLM_CONF['cut_own_download'] == 0) {
    DB_query("INSERT INTO {$_TABLES['downloadhistories']} (uid, lid, remote_ip, date) " . "VALUES ({$uid}, '{$lid}', '{$_SERVER['REMOTE_ADDR']}', NOW())");
    DB_query("UPDATE {$_TABLES['downloads']} SET hits=hits+1 " . "WHERE lid='{$lid}'");
}
$filename = $secret_id . '_' . DLM_encodeFileName($url);
$filepath = $_DLM_CONF['path_filestore'] . $filename;
if (file_exists($filepath)) {
    header('Content-Disposition: attachment; filename="' . $url . '"');
    header('Content-Type: application/octet-stream');
    header('Content-Description: File Transfer');
    header('Content-Transfer-Encoding: binary');
    header('Expires: 0');
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header('Pragma: public');
    header('Content-Length: ' . filesize($filepath));
    ob_clean();
    flush();
    @readfile($filepath);
}