}
if ($cmd) {
dheader("{$cmd}: {$url}");
exit;
}
}
if ($readmod == 4) {
dheader('Accept-Ranges: bytes');
if (!empty($_SERVER['HTTP_RANGE'])) {
$rangesize = $filesize - $range > 0 ? $filesize - $range : 0;
dheader('Content-Length: ' . $rangesize);
dheader('HTTP/1.1 206 Partial Content');
dheader('Content-Range: bytes=' . $range . '-' . ($filesize - 1) . '/' . $filesize);
}
}
$attach['remote'] ? getremotefile($attach['attachment']) : getlocalfile($filename, $readmod, $range);
function getremotefile($file)
{
global $_G;
@set_time_limit(0);
if (!@readfile($_G['setting']['ftp']['attachurl'] . 'forum/' . $file)) {
$ftp = ftpcmd('object');
$tmpfile = @tempnam($_G['setting']['attachdir'], '');
if ($ftp->ftp_get($tmpfile, 'forum/' . $file, FTP_BINARY)) {
@readfile($tmpfile);
@unlink($tmpfile);
} else {
@unlink($tmpfile);
return FALSE;
}
}
$filepath = preg_replace('/\\/' . ADMIN_DIR . '\\//i', '/', $filepath);
//ob_end_clean();
header("HTTP/1.1 301 Moved Permanently");
header("Last-Modified:" . date('r'));
header("Expires: " . date('r', time() + 86400));
header("Location:{$filepath}");
exit;
}
$filepath = ATT_PATH . "/uploadfile/attachment/" . $row['filepath'];
$filename = stristr($_SERVER['HTTP_USER_AGENT'], 'MSIE') ? urlencode($row['filename']) : $row['filename'];
ob_end_clean();
_header_('Content-Encoding: none');
_header_('Content-Type: application/octet-stream');
_header_('Content-Disposition: attachment; filename="' . $filename . '"');
_header_('Content-Length: ' . filesize($filepath));
getlocalfile($filepath, 1);
function getlocalfile($filename, $readmod = 2, $range = 0)
{
if ($readmod == 1 || $readmod == 3 || $readmod == 4) {
if ($fp = @fopen($filename, 'rb')) {
@fseek($fp, $range);
if (function_exists('fpassthru') && ($readmod == 3 || $readmod == 4)) {
@fpassthru($fp);
} else {
echo @fread($fp, filesize($filename));
}
}
@fclose($fp);
} else {
@readfile($filename);
}
function attachment()
{
$host_referer = parse_url($_SERVER['HTTP_REFERER']);
$host_server = $_SERVER['HTTP_HOST'];
if (($pos = strpos($host_server, ':')) !== FALSE) {
$host_server = substr($host_server, 0, $pos);
}
if ($_SERVER['HTTP_REFERER'] && !($host_referer['host'] == $host_server)) {
$this->error('来源错误');
}
$id = I('get.id');
$id = empty($id) ? 0 : intval(I('get.id'));
if (empty($id)) {
$this->error('文件ID不存在');
}
$attach = D('attachments');
$row = $attach->where("id={$id}")->find();
if (empty($row)) {
$this->error('文件不存在');
}
$filepath = "/Public/uploadfile/images/" . $row['filepath'];
//if is image and redirect
//if(intval($_GET['r'])==1 && $row['type']==1){
if ($row['type'] == 1) {
if (!file_exists("." . $filepath)) {
$this->error('文件已经被删除');
}
//ob_end_clean();
$filepath = __ROOT__ . $filepath;
header("HTTP/1.1 301 Moved Permanently");
header("Last-Modified:" . date('r'));
header("Expires: " . date('r', time() + 86400));
header("Location:{$filepath}");
exit;
}
$filepath = ATT_PATH . "/uploadfile/attachment/" . $row['filepath'];
$filename = stristr($_SERVER['HTTP_USER_AGENT'], 'MSIE') ? urlencode($row['filename']) : $row['filename'];
ob_end_clean();
_header_('Content-Encoding: none');
_header_('Content-Type: application/octet-stream');
_header_('Content-Disposition: attachment; filename="' . $filename . '"');
_header_('Content-Length: ' . filesize($filepath));
getlocalfile($filepath, 1);
function getlocalfile($filename, $readmod = 2, $range = 0)
{
if ($readmod == 1 || $readmod == 3 || $readmod == 4) {
if ($fp = @fopen($filename, 'rb')) {
@fseek($fp, $range);
if (function_exists('fpassthru') && ($readmod == 3 || $readmod == 4)) {
@fpassthru($fp);
} else {
echo @fread($fp, filesize($filename));
}
}
@fclose($fp);
} else {
@readfile($filename);
}
@flush();
@ob_flush();
@ob_end_flush();
}
}
/************************************** download BEGIN ************************************************/
/************************************** sqllist END ************************************************/
/************************************** download BEGIN ************************************************/
case "download":
ob_end_clean();
$fileid = strFilter($_GET['fileid']);
$filepath = "{$backdir}/" . $fileid;
if (!file_exists($filepath)) {
exit('file not exist');
}
$filename = stristr($_SERVER['HTTP_USER_AGENT'], 'MSIE') ? urlencode($fileid) : $fileid;
_header_('Content-Encoding: none');
_header_('Content-Type: application/octet-stream');
_header_('Content-Disposition: attachment; filename="' . $filename . '"');
_header_('Content-Length: ' . filesize($filepath));
getlocalfile($filepath);
break;
/************************************** download END ************************************************/
/************************************** delete BEGIN ************************************************/
/************************************** download END ************************************************/
/************************************** delete BEGIN ************************************************/
case "delete":
$fileids = $_POST['fileids'];
if (!empty($fileids) && is_array($fileids)) {
foreach ($fileids as $fileid) {
if (file_exists("./{$backdir}/" . $fileid)) {
@unlink("./{$backdir}/" . $fileid);
$msgs[] = $_AL['database.d.succeed'] . $fileid;
}
}
} else {
dheader('Content-Type: ' . $attach['filetype']);
dheader('Content-Length: ' . $filesize);
$range = 0;
if ($readmod == 4) {
dheader('Accept-Ranges: bytes');
if (!empty($_SERVER['HTTP_RANGE'])) {
list($range) = explode('-', str_replace('bytes=', '', $_SERVER['HTTP_RANGE']));
$rangesize = $filesize - $range > 0 ? $filesize - $range : 0;
dheader('Content-Length: ' . $rangesize);
dheader('HTTP/1.1 206 Partial Content');
dheader('Content-Range: bytes=' . $range . '-' . ($filesize - 1) . '/' . $filesize);
}
}
if (!$attach['remote']) {
error_reporting(0);
getlocalfile($filename, $readmod, $range);
} else {
if (!getremotefile($attach['attachment'])) {
showmessage('attachment_nonexistence');
}
}
function getremotefile($file)
{
global $authkey, $ftp, $attachdir;
@set_time_limit(0);
if (!@readfile($ftp['attachurl'] . '/' . $file)) {
require_once DISCUZ_ROOT . './include/ftp.func.php';
if (!($ftp['connid'] = dftp_connect($ftp['host'], $ftp['username'], authcode($ftp['password'], 'DECODE', md5($authkey)), $ftp['attachdir'], $ftp['port'], $ftp['ssl']))) {
return FALSE;
}
$tmpfile = @tempnam($attachdir, '');