function DLM_uploadNewFile($newfile, $directory, $name = '')
{
global $_DLM_CONF;
$tmp = $newfile['tmp_name'];
if (empty($name)) {
$name = COM_applyFilter($newfile['name']);
if (empty($name)) {
return false;
}
}
$newfilepath = $directory . DLM_encodeFileName($name);
if (!is_uploaded_file($tmp)) {
COM_errorLog("Downloads: upload error: Temporary file does not exist: '" . $tmp . "'");
DLM_showErrorMessage('1003');
return false;
}
if (file_exists($newfilepath)) {
COM_errorLog("Downloads: warning: Added new filelisting for a file that already exists " . $newfilepath);
return true;
// not uploaded. this OK? or upload and overwrite force.
}
if (!move_uploaded_file($tmp, $newfilepath)) {
COM_errorLog("Downloads: upload error: Could not move an uploaded file: " . $tmp . " to " . $name);
DLM_showErrorMessage('1004');
return false;
}
@chmod($newfilepath, intval((string) $_DLM_CONF['filepermissions'], 8));
return true;
}
function _unlinkCatImage($name)
{
global $_TABLES, $_DLM_CONF;
if (empty($name)) {
return;
}
$target = $_DLM_CONF['path_snapcat'] . DLM_encodeFileName($name);
$count = DB_count($_TABLES['downloadcategories'], 'imgurl', addslashes($name));
if ($count == 0) {
$this->_unlink($target);
}
}
$uid = isset($_USER['uid']) ? $_USER['uid'] : 1;
COM_setArgNames(array('id'));
$lid = addslashes(COM_applyFilter(COM_getArgument('id')));
$sql = "SELECT COUNT(*) FROM {$_TABLES['downloads']} a " . "LEFT JOIN {$_TABLES['downloadcategories']} b ON a.cid=b.cid " . "WHERE a.lid='{$lid}' " . COM_getPermSQL('AND', 0, 2, 'b');
list($count) = DB_fetchArray(DB_query($sql));
if ($count == 0 || DB_count($_TABLES['downloads'], "lid", $lid) == 0) {
COM_errorLog("Downloads: invalid attempt to download a file. " . "User:{$_USER['username']}, IP:{$_SERVER['REMOTE_ADDR']}, File ID:{$lid}");
echo COM_refresh($_CONF['site_url'] . '/downloads/index.php');
exit;
}
$result = DB_query("SELECT url, secret_id, owner_id FROM {$_TABLES['downloads']} WHERE lid='{$lid}'");
list($url, $secret_id, $owner_id) = DB_fetchArray($result);
if ($uid !== $owner_id || $uid == $owner_id && $_DLM_CONF['cut_own_download'] == 0) {
DB_query("INSERT INTO {$_TABLES['downloadhistories']} (uid, lid, remote_ip, date) " . "VALUES ({$uid}, '{$lid}', '{$_SERVER['REMOTE_ADDR']}', NOW())");
DB_query("UPDATE {$_TABLES['downloads']} SET hits=hits+1 " . "WHERE lid='{$lid}'");
}
$filename = $secret_id . '_' . DLM_encodeFileName($url);
$filepath = $_DLM_CONF['path_filestore'] . $filename;
if (file_exists($filepath)) {
header('Content-Disposition: attachment; filename="' . $url . '"');
header('Content-Type: application/octet-stream');
header('Content-Description: File Transfer');
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($filepath));
ob_clean();
flush();
@readfile($filepath);
}
