function download_file()
{
$this->check_level = array(9, 8, 7, 0);
if (isset($_GET['id']) && isset($_GET['client'])) {
/** Do a permissions check for logged in user */
if (isset($this->check_level) && in_session_or_cookies($this->check_level)) {
/**
* Get the file name
*/
$this->get_file_uri_sql = 'SELECT url, expires, expiry_date FROM tbl_files WHERE id="' . (int) $_GET['id'] . '"';
$this->get_file_uri = $this->database->query($this->get_file_uri_sql);
$this->got_url = mysql_fetch_array($this->get_file_uri);
$this->real_file_url = $this->got_url['url'];
$this->expires = $this->got_url['expires'];
$this->expiry_date = $this->got_url['expiry_date'];
$this->expired = false;
if ($this->expires == '1' && time() > strtotime($this->expiry_date)) {
$this->expired = true;
}
$this->can_download = false;
if (CURRENT_USER_LEVEL == 0) {
if ($this->expires == '0' || $this->expired == false) {
/**
* Does the client have permission to download the file?
* First, get the list of different groups the client belongs to.
*/
$sql_groups = $this->database->query("SELECT DISTINCT group_id FROM tbl_members WHERE client_id='" . CURRENT_USER_ID . "'");
$count_groups = mysql_num_rows($sql_groups);
if ($count_groups > 0) {
while ($row_groups = mysql_fetch_array($sql_groups)) {
$groups_ids[] = $row_groups["group_id"];
}
$found_groups = implode(',', $groups_ids);
}
/** Then, check on the client's own or gruops files */
$files_own_query = 'SELECT * FROM tbl_files_relations WHERE (client_id="' . CURRENT_USER_ID . '"';
if (!empty($found_groups)) {
$files_own_query .= ' OR group_id IN ("' . $found_groups . '")';
}
$files_own_query .= ') AND file_id="' . (int) $_GET['id'] . '" AND hidden = "0"';
$files_own = $this->database->query($files_own_query);
$count_files = mysql_num_rows($files_own);
if ($count_files > 0) {
$this->can_download = true;
}
/** Continue */
if ($this->can_download == true) {
/**
* If the file is being downloaded by a client, add +1 to
* the download count
*/
$this->add_download_sql = 'INSERT INTO tbl_downloads (user_id , file_id) VALUES ("' . CURRENT_USER_ID . '", "' . (int) $_GET['id'] . '")';
$this->sql = $this->database->query($this->add_download_sql);
/**
* The owner ID is generated here to prevent false results
* from a modified GET url.
*/
$log_action = 8;
$log_action_owner_id = CURRENT_USER_ID;
}
}
} else {
$this->can_download = true;
$log_action = 7;
$global_user = get_current_user_username();
$global_id = get_logged_account_id($global_user);
$log_action_owner_id = $global_id;
}
if ($this->can_download == true) {
/** Record the action log */
$new_log_action = new LogActions();
$log_action_args = array('action' => $log_action, 'owner_id' => $log_action_owner_id, 'affected_file' => (int) $_GET['id'], 'affected_file_name' => $this->real_file_url, 'affected_account' => (int) $_GET['client_id'], 'affected_account_name' => mysql_real_escape_string($_GET['client']), 'get_user_real_name' => true, 'get_file_real_name' => true);
$new_record_action = $new_log_action->log_action_save($log_action_args);
$this->real_file = UPLOADED_FILES_FOLDER . $this->real_file_url;
if (file_exists($this->real_file)) {
while (ob_get_level()) {
ob_end_clean();
}
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . basename($this->real_file));
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Cache-Control: private', false);
header('Content-Length: ' . get_real_size($this->real_file));
header('Connection: close');
readfile($this->real_file);
exit;
} else {
header("HTTP/1.1 404 Not Found");
exit;
}
}
}
}
}
function download_file()
{
$this->check_level = array(9, 8, 7, 0);
if (isset($_GET['id']) && isset($_GET['client'])) {
/** Do a permissions check for logged in user */
if (isset($this->check_level) && in_session_or_cookies($this->check_level)) {
/**
* Get the file name
*/
$this->statement = $this->dbh->prepare("SELECT url, expires, expiry_date FROM " . TABLE_FILES . " WHERE id=:id");
$this->statement->bindParam(':id', $_GET['id'], PDO::PARAM_INT);
$this->statement->execute();
$this->statement->setFetchMode(PDO::FETCH_ASSOC);
$this->row = $this->statement->fetch();
$this->real_file_url = $this->row['url'];
$this->expires = $this->row['expires'];
$this->expiry_date = $this->row['expiry_date'];
$this->expired = false;
if ($this->expires == '1' && time() > strtotime($this->expiry_date)) {
$this->expired = true;
}
$this->can_download = false;
if (CURRENT_USER_LEVEL == 0) {
if ($this->expires == '0' || $this->expired == false) {
/**
* Does the client have permission to download the file?
* First, get the list of different groups the client belongs to.
*/
$this->groups = $this->dbh->prepare("SELECT DISTINCT group_id FROM " . TABLE_MEMBERS . " WHERE client_id=:id");
$this->groups->bindValue(':id', CURRENT_USER_ID, PDO::PARAM_INT);
$this->groups->execute();
if ($this->groups->rowCount() > 0) {
$this->groups->setFetchMode(PDO::FETCH_ASSOC);
while ($this->row_groups = $this->groups->fetch()) {
$this->groups_ids[] = $this->row_groups["group_id"];
}
if (!empty($this->groups_ids)) {
$this->found_groups = implode(',', $this->groups_ids);
}
}
$this->params = array(':client_id' => CURRENT_USER_ID);
$this->fq = "SELECT * FROM " . TABLE_FILES_RELATIONS . " WHERE (client_id=:client_id";
// Add found groups, if any
if (!empty($this->found_groups)) {
$this->fq .= ' OR FIND_IN_SET(group_id, :groups)';
$this->params[':groups'] = $this->found_groups;
}
// Continue assembling the query
$this->fq .= ') AND file_id=:file_id AND hidden = "0"';
$this->params[':file_id'] = (int) $_GET['id'];
$this->files = $this->dbh->prepare($this->fq);
$this->files->execute($this->params);
if ($this->files->rowCount() > 0) {
$this->can_download = true;
}
/** Continue */
if ($this->can_download == true) {
/**
* If the file is being downloaded by a client, add +1 to
* the download count
*/
$this->statement = $this->dbh->prepare("INSERT INTO " . TABLE_DOWNLOADS . " (user_id , file_id) VALUES (:user_id, :file_id)");
$this->statement->bindValue(':user_id', CURRENT_USER_ID, PDO::PARAM_INT);
$this->statement->bindParam(':file_id', $_GET['id'], PDO::PARAM_INT);
$this->statement->execute();
/**
* The owner ID is generated here to prevent false results
* from a modified GET url.
*/
$log_action = 8;
$log_action_owner_id = CURRENT_USER_ID;
}
}
} else {
$this->can_download = true;
$log_action = 7;
$global_user = get_current_user_username();
$global_id = get_logged_account_id($global_user);
$log_action_owner_id = $global_id;
}
if ($this->can_download == true) {
/** Record the action log */
$new_log_action = new LogActions();
$log_action_args = array('action' => $log_action, 'owner_id' => $log_action_owner_id, 'affected_file' => (int) $_GET['id'], 'affected_file_name' => $this->real_file_url, 'affected_account' => (int) $_GET['client_id'], 'affected_account_name' => $_GET['client'], 'get_user_real_name' => true, 'get_file_real_name' => true);
$new_record_action = $new_log_action->log_action_save($log_action_args);
$this->real_file = UPLOADED_FILES_FOLDER . $this->real_file_url;
if (file_exists($this->real_file)) {
while (ob_get_level()) {
ob_end_clean();
}
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . basename($this->real_file));
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Cache-Control: private', false);
header('Content-Length: ' . get_real_size($this->real_file));
header('Connection: close');
readfile($this->real_file);
exit;
} else {
header("HTTP/1.1 404 Not Found");
exit;
}
}
}
}
}
