*/
include_once $_SERVER['DOCUMENT_ROOT'] . '/wp-load.php';
global $wpdb;
if (isset($_GET['lease'])) {
/* get code & release details */
$release = $wpdb->get_row($wpdb->prepare("SELECT r.*, c.ID as code, c.code_prefix, c.code_suffix FROM " . dc_tbl_releases() . " r INNER JOIN " . dc_tbl_codes() . " c ON c.release = r.ID WHERE MD5(CONCAT('wp-dl-hash',c.ID)) = %s", array($_GET['lease'])));
/* get numbwe of downloads for current code */
$downloads = $wpdb->get_row($wpdb->prepare("SELECT COUNT(*) AS downloads FROM " . dc_tbl_downloads() . " WHERE code= %s", array($release->code)));
// Start download if maximum of allowed downloads is not reached
if ($downloads->downloads < $release->allowed_downloads) {
// Get current IP
$IP = $_SERVER['REMOTE_ADDR'];
// Insert download in downloads table
$wpdb->insert(dc_tbl_downloads(), array('code' => $release->code, 'IP' => $IP), array('%d', '%s'));
// If Apache's xsendfile is enabled (must be installed and working on server side)
if (dc_xsendfile_enabled()) {
header('X-Sendfile: ' . dc_file_location() . $release->filename);
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=\\"' . urlencode($release->filename) . '\\"');
exit;
}
// Increase timeout for slow connections
set_time_limit(0);
// Deactivate output compression (required for IE, otherwise Content-Disposition is ignored)
if (ini_get('zlib.output_compression')) {
ini_set('zlib.output_compression', 'Off');
}
// Content description
header('Content-Description: File Transfer');
// Content disposition
if (strpos($_SERVER['HTTP_USER_AGENT'], "MSIE") > 0) {
/**
* General download code plugin settings
*/
function dc_manage_settings()
{
echo '<div class="wrap">';
echo '<h2>Download Codes » Settings</h2>';
// Overwrite existing options
if (isset($_POST['submit'])) {
$dc_file_location = trim('' != trim($_POST['dc_file_location_abs']) ? $_POST['dc_file_location_abs'] : $_POST['dc_file_location']);
$dc_max_attempts = $_POST['dc_max_attempts'];
// Update zip location
if ($dc_file_location != '') {
if (substr($dc_file_location, -1) != '/') {
$dc_file_location .= '/';
}
update_option('dc_file_location', $dc_file_location);
}
// Update number of maximum attempts
if (is_numeric($dc_max_attempts)) {
update_option('dc_max_attempts', $dc_max_attempts);
}
// Update file types
if ('' != trim($_POST['dc_file_types'])) {
update_option('dc_file_types', trim($_POST['dc_file_types']));
}
// Update character list
update_option('dc_code_chars', $_POST['dc_code_chars'] == '' ? DC_CODE_CHARS : $_POST['dc_code_chars']);
// Update header settings
update_option('dc_header_content_type', $_POST['dc_header_content_type'] == '' ? DC_HEADER_CONTENT_TYPE : $_POST['dc_header_content_type']);
// Update xsenfile enabled flag
update_option('dc_xsendfile_enabled', isset($_POST['dc_xsendfile_enabled']) ? 'true' : 'false');
// Update messages
update_option('dc_msg_code_enter', $_POST['dc_msg_code_enter']);
update_option('dc_msg_code_valid', $_POST['dc_msg_code_valid']);
update_option('dc_msg_code_invalid', $_POST['dc_msg_code_invalid']);
update_option('dc_msg_max_downloads_reached', $_POST['dc_msg_max_downloads_reached']);
update_option('dc_msg_max_attempts_reached', $_POST['dc_msg_max_attempts_reached']);
// Print message
echo dc_admin_message('The settings have been updated.');
}
echo '<form action="admin.php?page=dc-manage-settings" method="post">';
echo '<h3>File Settings</h3>';
echo '<table class="form-table">';
/**
* Location of download files
*/
echo '<tr valign="top">';
echo '<th scope="row"><label for="settings-location">Location of download files</label></th>';
if ('' == get_option('dc_file_location') || '' != get_option('dc_file_location') && '/' != substr(get_option('dc_file_location'), 0, 1)) {
// If current location of download files is empty or relative, try to locate the upload folder
$wp_upload_dir = wp_upload_dir();
$files = scandir($wp_upload_dir['basedir']);
echo '<td>' . $wp_upload_dir['basedir'] . '/ <select name="dc_file_location" id="settings-location">';
foreach ($files as $folder) {
if (is_dir($wp_upload_dir['basedir'] . '/' . $folder) && $folder != '.' && $folder != '..') {
echo '<option' . ($folder . '/' == get_option('dc_file_location') ? ' selected="selected"' : '') . '>' . $folder . '</option>';
}
}
echo '</select>';
// Provide possibility to define upload path directly
echo '<p>If the upload folder cannot be determined or if the release management does not work (or if you want to have another download file location) you may specify the absolute path of the download file location here:</p>';
echo '<input type="text" name="dc_file_location_abs" class="large-text" / >';
echo '</td>';
} else {
echo '<td><input type="text" name="dc_file_location" id="settings-location" class="large-text" value="' . get_option('dc_file_location') . '" /></td>';
}
echo '</tr>';
echo '<tr valign="top">';
echo '<th scope="row"><label for="settings-max">Maximum attempts</label></th>';
echo '<td><input type="text" name="dc_max_attempts" id="settings-max" class="small-text" value="' . dc_max_attempts() . '" />';
echo ' <span class="description">Maximum invalid download attempts</span></td>';
echo '</tr>';
echo '<tr valign="top">';
echo '<th scope="row"><label for="settings-filetypes">Allowed file types</label></th>';
echo '<td><input type="text" name="dc_file_types" id="settings-filetypes" class="regular-text" value="' . implode(', ', dc_file_types()) . '" />';
echo ' <span class="description">Separated by comma</span></td>';
echo '</tr>';
echo '<tr valign="top">';
echo '<th scope="row"><label for="settings-chars">Allowed characters</label></th>';
echo '<td><input type="text" name="dc_code_chars" id="settings-chars" class="regular-text" value="' . dc_code_chars() . '" />';
echo ' <span class="description">Codes will contain a random mix of these characters</span></td>';
echo '</tr>';
echo '</table>';
/**
* Headers
*/
echo '<h3>Header Settings</h3>';
echo '<p>Finetune request headers to fix client-server issues:</p>';
echo '<table class="form-table">';
// Content type
$dc_header_content_type = dc_header_content_type();
$content_type_options = array('Default (MIME Type)', 'application/force-download', 'application/octet-stream', 'application/download');
echo '<tr valign="top">';
echo '<th scope="row"><label for="headers-content-type">Content type</label></th>';
echo '<td><select name="dc_header_content_type" id="headers-content-type">';
foreach ($content_type_options as $option) {
echo '<option' . ($option == $dc_header_content_type ? ' selected="selected"' : '') . '>' . $option . '</option>';
}
echo '</select> <span class="description">Override default content type (which is the MIME type of the download file)</span></td>';
echo '</tr>';
// Support for x-sendfile
echo '<tr valign="top">';
echo '<th scope="row"><label for="headers-xsendfile-enabled">Apache X-Sendfile</label></th>';
echo '<td><input type="checkbox" name="dc_xsendfile_enabled" id="dc-xsendfile-enabled" ' . (dc_xsendfile_enabled() ? 'checked' : '') . ' />';
echo '<span class="description">Only check this setting if Apache\'s x-sendfile module is installed and configured properly</span>';
echo '</td>';
echo '</tr>';
echo '</table>';
/**
* Messages
*/
echo '<h3>Messages</h3>';
echo '<p>Specify custom messages that your users see while downloading releases:</p>';
echo '<table class="form-table">';
echo '<tr valign="top">';
echo '<th scope="row"><label for="settings-msg-enter">"Enter code"</label></th>';
echo '<td><input type="text" name="dc_msg_code_enter" id="settings-msg-enter" class="large-text" value="' . dc_msg('code_enter') . '" /></td>';
echo '</tr>';
echo '<tr valign="top">';
echo '<th scope="row"><label for="settings-msg-valid">"Code valid"</label></th>';
echo '<td><input type="text" name="dc_msg_code_valid" id="settings-msg-valid" class="large-text" value="' . dc_msg('code_valid') . '" /></td>';
echo '</tr>';
echo '<tr valign="top">';
echo '<th scope="row"><label for="settings-msg-invalid">"Code invalid"</label></th>';
echo '<td><input type="text" name="dc_msg_code_invalid" id="settings-msg-invalid" class="large-text" value="' . dc_msg('code_invalid') . '" /></td>';
echo '</tr>';
echo '<tr valign="top">';
echo '<th scope="row"><label for="settings-msg-downloads">"Maximum downloads reached"</label></th>';
echo '<td><input type="text" name="dc_msg_max_downloads_reached" id="settings-msg-downloads" class="large-text" value="' . dc_msg('max_downloads_reached') . '" /></td>';
echo '</tr>';
echo '<tr valign="top">';
echo '<th scope="row"><label for="settings-msg-attempts">"Maximum attempts reached"</label></th>';
echo '<td><input type="text" name="dc_msg_max_attempts_reached" id="settings-msg-attempts" class="large-text" value="' . dc_msg('max_attempts_reached') . '" /></td>';
echo '</tr>';
echo '</table>';
echo '<p class="submit">';
echo '<input type="submit" name="submit" class="button-primary" value="Save Changes" />';
echo '</p>';
echo '</form>';
echo '</div>';
}
/**
* Sends headers to download file when download code was entered successfully
*/
function dc_send_download_headers()
{
global $wpdb;
// Only continue if lease is provided as a query parameter
if (isset($_GET['lease'])) {
// Get details for code and release
$release = $wpdb->get_row($wpdb->prepare("SELECT r.*, c.ID as code, c.code_prefix, c.code_suffix FROM " . dc_tbl_releases() . " r INNER JOIN " . dc_tbl_codes() . " c ON c.release = r.ID WHERE MD5(CONCAT('wp-dl-hash',c.ID)) = %s", array($_GET['lease'])));
// Get # of downloads with this code
$downloads = $wpdb->get_row($wpdb->prepare("SELECT COUNT(*) AS downloads FROM " . dc_tbl_downloads() . " WHERE code= %s", array($release->code)));
// Start download if maximum of allowed downloads is not reached
if ($downloads->downloads < $release->allowed_downloads) {
// Get current IP
$IP = $_SERVER['REMOTE_ADDR'];
// Insert download in downloads table
$wpdb->insert(dc_tbl_downloads(), array('code' => $release->code, 'IP' => $IP), array('%d', '%s'));
// If Apache's xsendfile is enabled (must be installed and working on server side)
if (dc_xsendfile_enabled()) {
header('X-Sendfile: ' . dc_file_location() . $release->filename);
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=\\"' . urlencode($release->filename) . '\\"');
exit;
}
// Increase timeout for slow connections
set_time_limit(0);
// Deactivate output compression (required for IE, otherwise Content-Disposition is ignored)
if (ini_get('zlib.output_compression')) {
ini_set('zlib.output_compression', 'Off');
}
// Content description
header('Content-Description: File Transfer');
// Content disposition
if (strpos($_SERVER['HTTP_USER_AGENT'], "MSIE") > 0) {
header('Content-Disposition: attachment; filename="' . urlencode($release->filename) . '"');
} else {
header('Content-Disposition: attachment; filename*=UTF-8\'\'' . urlencode($release->filename));
}
// Content type
$content_type = dc_header_content_type();
if ($content_type == DC_HEADER_CONTENT_TYPE) {
// Send MIME type of current file
header('Content-Type: ' . get_mime_content_type(dc_file_location() . $release->filename));
} else {
// Override content type with header setting
header('Content-Type: ' . $content_type);
}
// Transfer encoding
header('Content-Transfer-Encoding: binary');
// Content length
header('Content-Length: ' . filesize(dc_file_location() . $release->filename));
// Cache handling
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Expires: 0');
// Stream file
ob_clean();
flush();
$handle = fopen(dc_file_location() . $release->filename, 'rb');
$chunksize = 1 * (1024 * 1024);
$buffer = '';
if ($handle === false) {
exit;
}
while (!feof($handle)) {
$buffer = fread($handle, $chunksize);
echo $buffer;
flush();
}
// Close file
fclose($handle);
// Exit
exit;
}
}
}
