forked from slackero/phpwcms
/
download.php
152 lines (106 loc) · 3.87 KB
/
download.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
<?php
/**
* phpwcms content management system
*
* @author Oliver Georgi <og@phpwcms.org>
* @copyright Copyright (c) 2002-2015, Oliver Georgi
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
* @link http://www.phpwcms.de
*
**/
$phpwcms = array();
require_once 'include/config/conf.inc.php';
if( !empty($phpwcms['SESSION_FEinit']) ) {
@session_start();
}
require_once 'include/inc_lib/default.inc.php';
require_once PHPWCMS_ROOT.'/include/inc_lib/helper.session.php';
require_once PHPWCMS_ROOT.'/include/inc_lib/dbcon.inc.php';
require_once PHPWCMS_ROOT.'/include/inc_lib/general.inc.php';
if(empty($phpwcms['sanitize_dlname'])) {
$phpwcms['sanitize_dlname'] = false;
} else {
$phpwcms['sanitize_dlname'] = true;
require_once PHPWCMS_ROOT.'/include/inc_lib/charset_helper.inc.php';
}
// try to get hash for file download
$success = false;
$hash = false;
$countonly = empty($_GET['countonly']) ? false : true;
$hash = empty($_GET['f']) ? '' : clean_slweg($_GET['f']);
if(isset($_GET['target'])) {
$phpwcms["inline_download"] = empty($_GET['target']) ? 0 : 1;
} elseif(!isset($phpwcms["inline_download"])) {
$phpwcms["inline_download"] = 0;
}
if(!empty($hash) && strlen($hash) == 32) {
require_once PHPWCMS_ROOT.'/include/inc_lib/functions.file.inc.php';
require_once PHPWCMS_ROOT.'/include/inc_front/front.func.inc.php';
_checkFrontendUserAutoLogin();
// get file info - limit 1 entry
$download = _getFileInfo($hash, 1);
if(is_array($download) && count($download)) {
// all we need is the first array value
$download = current($download);
// ok fine - we have download information
// then count up download try for this file
$sql = "UPDATE ".DB_PREPEND."phpwcms_file SET f_dlstart=f_dlstart+1 ";
$sql .= "WHERE f_hash="._dbEscape($download["f_hash"])." LIMIT 1";
_dbQuery($sql, 'UPDATE');
$fileinfo = array();
$fileinfo['filename'] = $download["f_hash"];
if($download["f_ext"]) {
$fileinfo['filename'] .= '.'.$download["f_ext"];
}
// just count up a download
if($countonly) {
$success = true;
// just use built-in download
} else {
$fileinfo['path'] = PHPWCMS_ROOT.$phpwcms["file_path"];
$fileinfo['filesize'] = $download['f_size'];
$fileinfo['method'] = empty($phpwcms["inline_download"]) ? 'attachment' : 'inline';
$fileinfo['mimetype'] = $download["f_type"];
$fileinfo['file'] = $fileinfo['path'].$fileinfo['filename'];
$fileinfo['extension'] = $download["f_ext"];
$fileinfo['realfname'] = $phpwcms['sanitize_dlname'] ? phpwcms_remove_accents($download["f_name"]) : $download["f_name"];
// start download
$success = dl_file_resume($fileinfo['file'], $fileinfo, true);
}
}
// we hack in the stream.php here
} elseif( ($file = isset($_GET['file']) ? clean_slweg($_GET['file'], 40) : '') ) {
$filename = basename($file);
$file = PHPWCMS_ROOT.'/'.PHPWCMS_FILES . $filename;
if(is_file($file)) {
$mime = empty($_GET['type']) ? '' : clean_slweg($_GET['type'], 100);
if(!is_mimetype_format($mime)) {
$mime = get_mimetype_by_extension( which_ext($file) );
}
header('Content-Type: ' . $mime);
if(BROWSER_OS == 'iOS') {
require_once PHPWCMS_ROOT.'/include/inc_lib/functions.file.inc.php';
rangeDownload($file);
} else {
header('Content-Transfer-Encoding: binary');
if(!isset($_GET['ios'])) {
header('Content-Disposition: inline; filename="'.($phpwcms['sanitize_dlname'] ? phpwcms_remove_accents($filename) : $filename).'"');
}
header('Content-Length: ' . filesize($file));
readfile($file);
}
$success = true;
}
}
if($success) {
$sql = "UPDATE ".DB_PREPEND."phpwcms_file SET f_dlfinal=f_dlfinal+1 ";
$sql .= "WHERE f_hash="._dbEscape($download["f_hash"])." LIMIT 1";
_dbQuery($sql, 'UPDATE');
if($countonly) {
headerRedirect(PHPWCMS_URL . PHPWCMS_FILES . $fileinfo['filename']);
}
} else {
headerRedirect('', 404);
echo '<h1>404 File Not Found</h1>';
}
exit();