1<?php 2if (!defined('e107_INIT')) 3{ 4 require_once("../../class2.php"); 5} 6 7 8e107::lan('download','download'); 9 10 11$log = e107::getAdminLog(); 12$id = FALSE; 13 14 15 16if (!is_numeric(e_QUERY) && empty($_GET['id'])) 17{ 18 if ($sql->select('download', 'download_id', "download_url='".$tp->toDB(e_QUERY)."'")) 19 { 20 $row = $sql->fetch(); 21 $type = 'file'; 22 $id = $row['download_id']; 23 } 24 elseif((strpos(e_QUERY, "http://") === 0) || (strpos(e_QUERY, "ftp://") === 0) || (strpos(e_QUERY, "https://") === 0)) 25 { 26 header("location: ".e_QUERY); 27 exit(); 28 } 29 elseif(file_exists(e_DOWNLOAD.e_QUERY)) // 1 - should we allow this? 30 { 31 e107::getFile()->send(e_DOWNLOAD.e_QUERY); 32 exit(); 33 } 34} 35 36 37 38 39if(strstr(e_QUERY, "mirror")) 40{ // Download from mirror 41 list($action, $download_id, $mirror_id) = explode(".", e_QUERY); 42 $download_id = intval($download_id); 43 $mirror_id = intval($mirror_id); 44 $qry = "SELECT d.*, dc.download_category_class FROM #download as d LEFT JOIN #download_category AS dc ON dc.download_category_id = d.download_category WHERE d.download_id = {$download_id}"; 45 if ($sql->gen($qry)) 46 { 47 $row = $sql->fetch(); 48 extract($row); 49 if (check_class($download_category_class) && check_class($download_class)) 50 { 51 if($pref['download_limits'] && $download_active == 1) 52 { 53 check_download_limits(); 54 } 55 $mirrorList = explode(chr(1), $download_mirror); 56 $mstr = ""; 57 foreach($mirrorList as $mirror) 58 { 59 if($mirror) 60 { 61 $tmp = explode(",", $mirror); 62 $mid = intval($tmp[0]); 63 $address = $tmp[1]; 64 $requests = $tmp[2]; 65 if($tmp[0] == $mirror_id) 66 { 67 $gaddress = trim($address); 68 $requests ++; 69 } 70 $mstr .= $mid.",".$address.",".$requests.chr(1); 71 } 72 } 73 $sql->update("download", "download_requested = download_requested + 1, download_mirror = '{$mstr}' WHERE download_id = '".intval($download_id)."'"); 74 $sql->update("download_mirror", "mirror_count = mirror_count + 1 WHERE mirror_id = '".intval($mirror_id)."'"); 75 header("Location: ".decorate_download_location($gaddress)); 76 exit(); 77 } 78 79 $goUrl = e107::url('download', 'index', null, array('query'=>array('action'=>'error','id'=>1))); // ."?action=error&id=1"; 80 e107::redirect($goUrl); 81 //header("Location: ".e_BASE."download.php?error.{$download_id}.1"); 82 exit; 83 } 84} 85 86$tmp = explode(".", e_QUERY); 87if (!$tmp[1] || strstr(e_QUERY, "pub_")) 88{ 89 $id = intval($tmp[0]); 90 $type = "file"; 91} 92else 93{ 94 $table = preg_replace("#\W#", "", $tp->toDB($tmp[0], true)); 95 $id = intval($tmp[1]); 96 $type = "image"; 97} 98 99if(vartrue($_GET['id'])) // SEF URL 100{ 101 $id = intval($_GET['id']); 102 $type = 'file'; 103} 104 105 106 107if (preg_match("#.*\.[a-z,A-Z]{3,4}#", e_QUERY)) 108{ 109 if(strstr(e_QUERY, "pub_")) 110 { 111 $bid = str_replace("pub_", "", e_QUERY); 112 if (file_exists(e_UPLOAD.$bid)) 113 { 114 e107::getFile()->send(e_UPLOAD.$bid); 115 exit(); 116 } 117 $log->addError("Line".__LINE__.": Couldn't find ".e_UPLOAD.$bid.""); 118 } 119 if (file_exists(e_DOWNLOAD.e_QUERY)) 120 { 121 e107::getFile()->send(e_DOWNLOAD.e_QUERY); 122 exit(); 123 } 124 $log->addError("Line".__LINE__.": Couldn't find ".e_DOWNLOAD.e_QUERY); 125 $log->toFile('download_requests','Download Requests', true); // Create a log file and add the log messages 126 require_once(HEADERF); 127 $ns->tablerender(LAN_ERROR, "<div style='text-align:center'>".LAN_FILE_NOT_FOUND."\n<br /><br />\n<a href='javascript:history.back(1)'>".LAN_BACK."</a></div>"); 128 require_once(FOOTERF); 129 exit(); 130} 131 132if ($type == "file") 133{ 134 $qry = "SELECT d.*, dc.download_category_class FROM #download as d LEFT JOIN #download_category AS dc ON dc.download_category_id = d.download_category WHERE d.download_id = {$id}"; 135 if ($sql->gen($qry)) 136 { 137 $row = $sql->fetch(); 138 139 $row['download_url'] = $tp->replaceConstants($row['download_url']); // must be relative file-path. 140 141 if (check_class($row['download_category_class']) && check_class($row['download_class'])) 142 { 143 if ($row['download_active'] == 0) // Inactive download - don't allow 144 { 145 require_once(HEADERF); 146 $search = array("[","]"); 147 $replace = array("<a href='".e_HTTP."download.php'>", "</a>"); 148 149 $ns->tablerender(LAN_ERROR, "<div class='alert alert-warning' style='text-align:center'>".str_replace($search, $replace, LAN_dl_78).'</div>'); 150 require_once(FOOTERF); 151 exit(); 152 } 153 154 if($pref['download_limits'] && $row['download_active'] == 1) 155 { 156 check_download_limits(); 157 } 158 extract($row); 159 if($download_mirror) 160 { 161 $array = explode(chr(1), $download_mirror); 162 $c = (count($array)-1); 163 for ($i=1; $i < $c; $i++) 164 { 165 $d = mt_rand(0, $i); 166 $tmp = $array[$i]; 167 $array[$i] = $array[$d]; 168 $array[$d] = $tmp; 169 } 170 $tmp = explode(",", $array[0]); 171 $mirror_id = $tmp[0]; 172 $mstr = ""; 173 foreach($array as $mirror) 174 { 175 if($mirror) 176 { 177 $tmp = explode(",", $mirror); 178 $mid = $tmp[0]; 179 $address = $tmp[1]; 180 $requests = $tmp[2]; 181 if($tmp[0] == $mirror_id) 182 { 183 $gaddress = trim($address); 184 $requests ++; 185 } 186 $mstr .= $mid.",".$address.",".$requests.chr(1); 187 } 188 } 189 $sql->update("download", "download_requested = download_requested + 1, download_mirror = '{$mstr}' WHERE download_id = '".intval($download_id)."'"); 190 $sql->update("download_mirror", "mirror_count = mirror_count + 1 WHERE mirror_id = '".intval($mirror_id)."'"); 191 192 header("Location: ".decorate_download_location($gaddress)); 193 exit(); 194 } 195 196 // increment download count 197 $sql->update("download", "download_requested = download_requested + 1 WHERE download_id = '{$id}'"); 198 $user_id = USER ? USERID : 0; 199 $ip = e107::getIPHandler()->getIP(FALSE); 200 $request_data = "'0', '{$user_id}', '{$ip}', '{$id}', '".time()."'"; 201 //add request info to db 202 $sql->db_Insert("download_requests", $request_data, FALSE); 203 if (preg_match("/Binary\s(.*?)\/.*/", $download_url, $result)) 204 { 205 $bid = $result[1]; 206 $result = @mysql_query("SELECT * FROM ".MPREFIX."rbinary WHERE binary_id = '{$bid}'"); 207 $binary_data = @mysql_result($result, 0, "binary_data"); 208 $binary_filetype = @mysql_result($result, 0, "binary_filetype"); 209 $binary_name = @mysql_result($result, 0, "binary_name"); 210 header("Content-type: {$binary_filetype}"); 211 header("Content-length: {$download_filesize}"); 212 header("Content-Disposition: attachment; filename={$binary_name}"); 213 header("Content-Description: PHP Generated Data"); 214 echo $binary_data; 215 exit(); 216 } 217 if (strstr($download_url, "http://") || strstr($download_url, "ftp://") || strstr($download_url, "https://")) 218 { 219 $download_url = e107::getParser()->parseTemplate($download_url,true); // support for shortcode-driven dynamic URLS. 220 e107::redirect(decorate_download_location($download_url)); 221 // header("Location: {$download_url}"); 222 exit(); 223 } 224 else 225 { 226 if (file_exists(e_DOWNLOAD.$download_url)) 227 { 228 e107::getFile()->send(e_DOWNLOAD.$download_url); 229 exit(); 230 } 231 elseif(file_exists($download_url)) 232 { 233 e107::getFile()->send($download_url); 234 exit(); 235 } 236 elseif(file_exists(e_UPLOAD.$download_url)) 237 { 238 e107::getFile()->send(e_UPLOAD.$download_url); 239 exit(); 240 } 241 $log->addError("Couldn't find ".e_DOWNLOAD.$download_url." or ".$download_url." or ".e_UPLOAD.$download_ur); 242 $log->toFile('download_requests','Download Requests', true); // Create a log file and add the log messages 243 } 244 } 245 else 246 { // Download Access Denied. 247 if((!strpos($pref['download_denied'],".php") && 248 !strpos($pref['download_denied'],".htm") && 249 !strpos($pref['download_denied'],".html") && 250 !strpos($pref['download_denied'],".shtml") || 251 (strpos($pref['download_denied'],"signup.php") && USER == TRUE) 252 )) 253 { 254 // $goUrl = e107::getUrl()->create('download/index')."?action=error&id=1"; 255 $goUrl = e107::url('download', 'index', null, array('query'=>array('action'=>'error','id'=>1))); 256 e107::redirect($goUrl); 257 exit(); 258 } 259 else 260 { 261 e107::redirect(trim($pref['download_denied'])); 262 exit(); 263 } 264 } 265 } 266 else if(strstr(e_QUERY, "pub_")) 267 { 268 /* check to see if public upload and not in download table ... */ 269 $bid = str_replace("pub_", "", e_QUERY); 270 if($result = @mysql_query("SELECT * FROM ".MPREFIX."rbinary WHERE binary_id = '$bid' ")) 271 { 272 $binary_data = @mysql_result($result, 0, "binary_data"); 273 $binary_filetype = @mysql_result($result, 0, "binary_filetype"); 274 $binary_name = @mysql_result($result, 0, "binary_name"); 275 header("Content-type: {$binary_filetype}"); 276 header("Content-length: {$download_filesize}"); 277 header("Content-Disposition: attachment; filename={$binary_name}"); 278 header("Content-Description: PHP Generated Data"); 279 echo $binary_data; 280 exit(); 281 } 282 } 283 284 285 $log->addError("Line".__LINE__.": Couldn't find ".e_DOWNLOAD.e_QUERY); 286 $log->toFile('download_requests','Download Requests', true); // Create a log file and add the log messages 287 require_once(HEADERF); 288 $ns -> tablerender(LAN_ERROR, "<div style='text-align:center'>".LAN_FILE_NOT_FOUND."<br /><br /><a href='javascript:history.back(1)'>".LAN_BACK."</a></div>"); 289 require_once(FOOTERF); 290 exit(); 291} 292 293$sql->select($table, "*", "{$table}_id = '{$id}'"); 294$row = $sql->fetch(); 295extract($row); 296$image = ($table == "upload" ? $upload_ss : $download_image); 297if (preg_match("/Binary\s(.*?)\/.*/", $image, $result)) 298{ 299 $bid = $result[1]; 300 $result = @mysql_query("SELECT * FROM ".MPREFIX."rbinary WHERE binary_id = '{$bid}'"); 301 $binary_data = @mysql_result($result, 0, "binary_data"); 302 $binary_filetype = @mysql_result($result, 0, "binary_filetype"); 303 $binary_name = @mysql_result($result, 0, "binary_name"); 304 header("Content-type: {$binary_filetype}"); 305 header("Content-Disposition: inline; filename={$binary_name}"); 306 echo $binary_data; 307 exit(); 308} 309 310 311$image = ($table == "upload" ? $upload_ss : $download_image); 312 313if (strpos($image, "http") !== FALSE) 314{ 315 e107::redirect($image); 316 exit(); 317} 318else 319{ 320 if ($table == "download") 321 { 322 require_once(HEADERF); 323 $imagecaption = ''; // TODO ?name or text Screenshot 324 325 if (file_exists(e_FILE."download/{$image}")) 326 { 327 $disp = "<div style='text-align:center'><img class='img-responsive img-fluid' src='".e_FILE_ABS."download/{$image}' alt='' /></div>"; 328 } 329 else if(file_exists(e_FILE."downloadimages/{$image}")) 330 { 331 $disp = "<div style='text-align:center'><img class='img-responsive img-fluid' src='".e_FILE_ABS."downloadimages/{$image}' alt='' /></div>"; 332 } 333 else 334 { 335 $image = $tp->replaceConstants($image,'abs'); 336 $disp = "<div style='text-align:center'><img class='img-responsive img-fluid' src='".$image."' alt='' /></div>"; 337 } 338 339 $disp .= "<br /><div style='text-align:center'><a href='javascript:history.back(1)'>".LAN_BACK."</a></div>"; 340 341 $ns->tablerender($imagecaption, $disp); 342 343 require_once(FOOTERF); 344 } else 345 { 346 if (is_file(e_UPLOAD.$image)) 347 { 348 echo "<img src='".e_UPLOAD.$image."' alt='' />"; 349 } 350 elseif(is_file(e_FILE."downloadimages/{$image}")) 351 { 352 echo "<img src='".e_FILE_ABS."downloadimages/{$image}' alt='' />"; 353 } 354 else 355 { 356 require_once(HEADERF); 357 $ns->tablerender(LAN_ERROR, "<div style='text-align:center'>".LAN_FILE_NOT_FOUND."<br /><br /><a href='javascript:history.back(1)'>".LAN_BACK."</a></div>"); 358 require_once(FOOTERF); 359 exit; 360 } 361 exit(); 362 } 363} 364 365 366 367function check_download_limits() 368{ 369 global $pref, $sql, $ns, $HEADER, $e107, $tp; 370 // Check download count limits 371 $qry = "SELECT gen_intdata, gen_chardata, (gen_intdata/gen_chardata) as count_perday FROM #generic WHERE gen_type = 'download_limit' AND gen_datestamp IN (".USERCLASS_LIST.") AND (gen_chardata >= 0 AND gen_intdata >= 0) ORDER BY count_perday DESC"; 372 if($sql->gen($qry)) 373 { 374 $limits = $sql->fetch(); 375 $cutoff = time() - (86400 * $limits['gen_chardata']); 376 if(USER) 377 { 378 $where = "dr.download_request_datestamp > {$cutoff} AND dr.download_request_userid = ".USERID; 379 } 380 else 381 { 382 $ip = e107::getIPHandler()->getIP(FALSE); 383 $where = "dr.download_request_datestamp > {$cutoff} AND dr.download_request_ip = '{$ip}'"; 384 } 385 $qry = "SELECT COUNT(d.download_id) as count FROM #download_requests as dr LEFT JOIN #download as d ON dr.download_request_download_id = d.download_id AND d.download_active = 1 WHERE {$where} GROUP by dr.download_request_userid"; 386 if($sql->gen($qry)) 387 { 388 $row = $sql->fetch(); 389 if($row['count'] >= $limits['gen_intdata']) 390 { 391 // Exceeded download count limit 392 // $goUrl = e107::getUrl()->create('download/index')."?action=error&id=2"; 393 $goUrl = e107::url('download', 'index', null, array('query'=>array('action'=>'error','id'=>2))); 394 e107::redirect($goUrl); 395 // e107::redirect(e_BASE."download.php?error.{$cutoff}.2"); 396 /* require_once(HEADERF); 397 $ns->tablerender(LAN_ERROR, LAN_dl_62); 398 require(FOOTERF); */ 399 exit(); 400 } 401 } 402 } 403 // Check download bandwidth limits 404 $qry = "SELECT gen_user_id, gen_ip, (gen_user_id/gen_ip) as bw_perday FROM #generic WHERE gen_type='download_limit' AND gen_datestamp IN (".USERCLASS_LIST.") AND (gen_user_id >= 0 AND gen_ip >= 0) ORDER BY bw_perday DESC"; 405 if($sql->gen($qry)) 406 { 407 $limit = $sql->fetch(); 408 $cutoff = time() - (86400*$limit['gen_ip']); 409 if(USER) 410 { 411 $where = "dr.download_request_datestamp > {$cutoff} AND dr.download_request_userid = ".USERID; 412 } 413 else 414 { 415 $ip = e107::getIPHandler()->getIP(FALSE); 416 $where = "dr.download_request_datestamp > {$cutoff} AND dr.download_request_ip = '{$ip}'"; 417 } 418 $qry = "SELECT SUM(d.download_filesize) as total_bw FROM #download_requests as dr LEFT JOIN #download as d ON dr.download_request_download_id = d.download_id AND d.download_active = 1 WHERE {$where} GROUP by dr.download_request_userid"; 419 if($sql->gen($qry)) 420 { 421 $row = $sql->fetch(); 422 423 if($row['total_bw'] / 1024 > $limit['gen_user_id']) 424 { //Exceed bandwith limit 425 // $goUrl = e107::getUrl()->create('download/index')."?action=error&id=2"; 426 $goUrl = e107::url('download', 'index', null, array('query'=>array('action'=>'error','id'=>2))); 427 e107::redirect($goUrl); 428 // e107::redirect(e_BASE."download.php?error.{$cutoff}.2"); 429 /* require(HEADERF); 430 $ns->tablerender(LAN_ERROR, LAN_dl_62); 431 require(FOOTERF); */ 432 exit(); 433 } 434 } 435 } 436} 437 438function decorate_download_location($url) 439{ 440 $pref = e107::getPref(); 441 if ($pref['download_security_mode'] !== 'nginx-secure_link_md5') 442 return $url; 443 require_once(__DIR__."/handlers/NginxSecureLinkMd5Decorator.php"); 444 $decorator = new NginxSecureLinkMd5Decorator($url, $pref); 445 return $decorator->decorate(); 446}