Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //Connection vars are set correctly above this line
- $link = mysql_connect($dbHost,$dbUser,$dbPass) or die("Unable to connect to database");
- mysql_select_db("$dbName") or die("Unable to select database $dbName");
- $IP_addr = $HTTP_SERVER_VARS["REMOTE_ADDR"];
- $strCurrentUser="";
- $sqlquery = "select username_clean,group_id from phpbb3_users,phpbb3_sessions where phpbb3_users.user_id=session_user_id AND (session_ip='$IP_addr' OR session_id ='".session_id()."') order by session_time DESC";
- $result_user=mysql_query($sqlquery);
- if($result_user){
- $aryRow=mysql_fetch_assoc($result_user);
- $strCurrentUser=$aryRow['username_clean'];
- $intGroupID=$aryRow['group_id'];
- }
- if($strCurrentUser==""){
- $sqlquery = "select username_clean,group_id from phpbb3_users where user_ip='$IP_addr'";
- $result_user=mysql_query($sqlquery);
- if($result_user){
- $aryRow=mysql_fetch_assoc($result_user);
- $strCurrentUser=$aryRow['username_clean'];
- $intGroupID=$aryRow['group_id'];
- }
- }
- if($strCurrentUser=="") {
- header('location: download_error.php?Error=Not%20Logged%20In');
- }
- $sqlquery = "select * from gs_vids where title='".mysql_real_escape_string($_GET['t'])."'";
- $results = mysql_query($sqlquery) or die('Query failed: ' . mysql_error());;
- if ($row = mysql_fetch_assoc($results)){
- $filename = $row['filename'];
- $subscription_level=$row['subscription_level'];
- if(!haspermission($intGroupID,$subscription_level)){
- header('location: download_error.php?Error=Permission');
- exit;
- }
- header('location: '.$filename);
- }else{
- header('location: download_error.php?Error=Not%20Found');
- }
- mysql_close($link);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement