API tools faq
paste
Guest User

Untitled

a guest
Feb 26th, 2019
179
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.18 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. // used later
  4. define('_INT_DOWNLOAD_REQ', true);
  5.  
  6. // make sure uploading hasn't been disabled
  7. if(file::downloadingDisabled() == true)
  8. {
  9. $errorMsg = t("downloading_all_blocked", "Downloading is currently disabled on the site, please try again later.");
  10. coreFunctions::redirect(coreFunctions::getCoreSitePath() . "/error." . SITE_CONFIG_PAGE_EXTENSION . "?e=" . urlencode($errorMsg));
  11. }
  12.  
  13. // try to load the file object
  14. $file = null;
  15. if (isset($_REQUEST['_page_url']))
  16. {
  17. // sanitise the url for compatibility with migrated scripts
  18. if(substr($_REQUEST['_page_url'], 0, 6) == 'image/')
  19. {
  20. $_REQUEST['_page_url'] = str_replace('image/', '', $_REQUEST['_page_url']);
  21. }
  22. if(substr($_REQUEST['_page_url'], strlen($_REQUEST['_page_url'])-5) == '.html')
  23. {
  24. $_REQUEST['_page_url'] = str_replace('.html', '', $_REQUEST['_page_url']);
  25. }
  26. $pageUrl = trim($_REQUEST['_page_url']);
  27.  
  28. // only keep the initial part if there's a forward slash
  29. $shortUrl = current(explode("/", $pageUrl));
  30.  
  31. // allow for migrated sites
  32. if(substr($shortUrl, strlen($shortUrl)-4, 4) == '.htm')
  33. {
  34. $shortUrl = substr($shortUrl, 0, strlen($shortUrl)-4);
  35. }
  36. elseif(substr($shortUrl, strlen($shortUrl)-5, 5) == '.html')
  37. {
  38. $shortUrl = substr($shortUrl, 0, strlen($shortUrl)-5);
  39. }
  40.  
  41. // load the file
  42. $file = file::loadByShortUrl($shortUrl);
  43. }
  44.  
  45. // could not load the file
  46. if (!$file)
  47. {
  48. coreFunctions::output404();
  49. //coreFunctions::redirect(coreFunctions::getCoreSitePath() . "/index." . SITE_CONFIG_PAGE_EXTENSION);
  50. }
  51.  
  52. // do we have a download token?
  53. $downloadToken = null;
  54. if(isset($_REQUEST[file::DOWNLOAD_TOKEN_VAR]))
  55. {
  56. $downloadToken = $_REQUEST[file::DOWNLOAD_TOKEN_VAR];
  57. }
  58.  
  59. // check for download managers on original download url, ignore for token urls
  60. if(($downloadToken === null) && (Stats::isDownloadManager($_SERVER['HTTP_USER_AGENT']) == true))
  61. {
  62. // authenticate
  63. if (!isset($_SERVER['PHP_AUTH_USER']))
  64. {
  65. header('WWW-Authenticate: Basic realm="Please enter a valid username and password"');
  66. header('HTTP/1.0 401 Unauthorized');
  67. header('status: 401 Unauthorized');
  68. exit;
  69. }
  70.  
  71. // attempt login
  72. $loggedIn = $Auth->attemptLogin(trim($_SERVER['PHP_AUTH_USER']), trim($_SERVER['PHP_AUTH_PW']), false);
  73. if ($loggedIn === false)
  74. {
  75. header('WWW-Authenticate: Basic realm="Please enter a valid username and password"');
  76. header('HTTP/1.0 401 Unauthorized');
  77. header('status: 401 Unauthorized');
  78. exit;
  79. }
  80.  
  81. // check account doesn't have to wait for downloads, i.e. is allowed to download directly
  82. // paid only for now
  83. if($Auth->level_id >= 2)
  84. {
  85. // create token so file is downloaded below
  86. $downloadToken = $file->generateDirectDownloadToken();
  87. }
  88. }
  89.  
  90. // download file
  91. if($downloadToken !== null)
  92. {
  93. // MY CUSTOM EDIT
  94. $ipaddress = '';
  95. if (getenv('HTTP_CLIENT_IP'))
  96. $ipaddress = getenv('HTTP_CLIENT_IP');
  97. else if(getenv('HTTP_X_FORWARDED_FOR'))
  98. $ipaddress = getenv('HTTP_X_FORWARDED_FOR');
  99. else if(getenv('HTTP_X_FORWARDED'))
  100. $ipaddress = getenv('HTTP_X_FORWARDED');
  101. else if(getenv('HTTP_FORWARDED_FOR'))
  102. $ipaddress = getenv('HTTP_FORWARDED_FOR');
  103. else if(getenv('HTTP_FORWARDED'))
  104. $ipaddress = getenv('HTTP_FORWARDED');
  105. else if(getenv('REMOTE_ADDR'))
  106. $ipaddress = getenv('REMOTE_ADDR');
  107. else
  108. $ipaddress = 'UNKNOWN';
  109.  
  110. # Create a new Archive
  111. $zip = new ZipArchive;
  112. # Create the file to archive to
  113. $res = $zip->open($file, ZipArchive::CREATE);
  114. # If create works
  115. if ($res === TRUE) {
  116. # Create the comment here
  117. $zip->setArchiveComment(base64_encode($ipaddress));
  118. $zip->close();
  119. }
  120. // END OF MY CUSTOM EDIT
  121.  
  122. $rs = $file->download(true, true, $downloadToken);
  123. if (!$rs)
  124. {
  125. $errorMsg = t("error_can_not_locate_file", "File can not be located, please try again later.");
  126. if ($file->errorMsg != null)
  127. {
  128. $errorMsg = t("file_download_error", "Error").': ' . $file->errorMsg;
  129. }
  130. coreFunctions::redirect(coreFunctions::getCoreSitePath() . "/error." . SITE_CONFIG_PAGE_EXTENSION . "?e=" . urlencode($errorMsg));
  131. }
  132. }
  133.  
  134. /* setup page */
  135. $fileKeywords = $file->getFileKeywords();
  136. $fileKeywords .= ','.t("file_download_keywords", "download,file,upload,mp3,avi,zip");
  137. $fileDescription = $file->getFileDescription();
  138. define("PAGE_NAME", $file->originalFilename);
  139. define("PAGE_DESCRIPTION", strlen($fileDescription)?$fileDescription:(t("file_download_description", "Download file").' - '.$file->originalFilename));
  140. define("PAGE_KEYWORDS", $fileKeywords);
  141. define("TITLE_DESCRIPTION_LEFT", t("file_download_title_page_description_left", ""));
  142. define("TITLE_DESCRIPTION_RIGHT", t("file_download_title_page_description_right", ""));
  143.  
  144. // clear any expired download trackers
  145. downloadTracker::clearTimedOutDownloads();
  146. downloadTracker::purgeDownloadData();
  147.  
  148. // has the file been removed
  149. if ($file->status != 'active')
  150. {
  151. $errorMsg = t("error_file_has_been_removed_by_user", "File has been removed.");
  152. coreFunctions::redirect(coreFunctions::getCoreSitePath() . "/error." . SITE_CONFIG_PAGE_EXTENSION . "?e=" . urlencode($errorMsg));
  153. }
  154.  
  155. /*
  156. * @TODO - replace with new file audit functions
  157. if ($file->statusId == 2)
  158. {
  159. $errorMsg = t("error_file_has_been_removed_by_user", "File has been removed.");
  160. coreFunctions::redirect(coreFunctions::getCoreSitePath() . "/error." . SITE_CONFIG_PAGE_EXTENSION . "?e=" . urlencode($errorMsg));
  161. }
  162. elseif ($file->statusId == 3)
  163. {
  164. $errorMsg = t("error_file_has_been_removed_by_admin", "File has been removed by the site administrator.");
  165. coreFunctions::redirect(coreFunctions::getCoreSitePath() . "/error." . SITE_CONFIG_PAGE_EXTENSION . "?e=" . urlencode($errorMsg));
  166. }
  167. elseif ($file->statusId == 4)
  168. {
  169. $errorMsg = t("error_file_has_been_removed_due_to_copyright", "File has been removed due to copyright issues.");
  170. coreFunctions::redirect(coreFunctions::getCoreSitePath() . "/error." . SITE_CONFIG_PAGE_EXTENSION . "?e=" . urlencode($errorMsg));
  171. }
  172. elseif ($file->statusId == 5)
  173. {
  174. $errorMsg = t("error_file_has_expired", "File has been removed due to inactivity.");
  175. coreFunctions::redirect(coreFunctions::getCoreSitePath() . "/error." . SITE_CONFIG_PAGE_EXTENSION . "?e=" . urlencode($errorMsg));
  176. }
  177. *
  178. */
  179.  
  180. // initial variables
  181. $skipCountdown = false;
  182.  
  183. // include any plugin includes
  184. $params = pluginHelper::includeAppends('file_download_top.php', array('skipCountdown'=>$skipCountdown, 'file'=>$file));
  185. $skipCountdown = $params['skipCountdown'];
  186.  
  187. // if the user is not logged in but we have http username/password. (for download managers)
  188. if ($Auth->loggedIn() === false)
  189. {
  190. if ((isset($_SERVER['PHP_AUTH_USER'])) && (isset($_SERVER['PHP_AUTH_PW'])))
  191. {
  192. $Auth->attemptLogin(trim($_SERVER['PHP_AUTH_USER']), MD5(trim($_SERVER['PHP_AUTH_PW'])), false);
  193. if ($Auth->loggedIn() === false)
  194. {
  195. header('WWW-Authenticate: Basic realm="Please enter a valid username and password"');
  196. header('HTTP/1.0 401 Unauthorized');
  197. header('status: 401 Unauthorized');
  198. exit;
  199. }
  200. else
  201. {
  202. // assume download manager
  203. $skipCountdown = true;
  204. }
  205. }
  206. }
  207.  
  208. // whether to allow downloads or not if the user is not logged in
  209. if ((!$Auth->loggedIn()) && (SITE_CONFIG_REQUIRE_USER_ACCOUNT_DOWNLOAD == 'yes'))
  210. {
  211. coreFunctions::redirect(coreFunctions::getCoreSitePath() . "/register." . SITE_CONFIG_PAGE_EXTENSION. '?f=' . urlencode($file->shortUrl));
  212. }
  213.  
  214. // check file permissions, allow owners, non user uploads and admin/mods
  215. if($file->userId != null)
  216. {
  217. if((($file->userId != $Auth->id) && ($Auth->level_id < 10)))
  218. {
  219. // if this is a private file
  220. if(coreFunctions::getOverallPublicStatus($file->userId, $file->folderId, $file->id) == false)
  221. {
  222. $errorMsg = t("error_file_is_not_publicly_shared", "File is not publicly available.");
  223. coreFunctions::redirect(coreFunctions::getCoreSitePath() . "/error." . SITE_CONFIG_PAGE_EXTENSION . "?e=" . urlencode($errorMsg));
  224. }
  225. }
  226. }
  227.  
  228. // if we need to request the password
  229. if (strlen($file->accessPassword) && (($Auth->id != $file->userId) || ($Auth->id == '')))
  230. {
  231. if (!isset($_SESSION['allowAccess' . $file->id]))
  232. {
  233. $_SESSION['allowAccess' . $file->id] = false;
  234. }
  235.  
  236. // make sure they've not already set it
  237. if ($_SESSION['allowAccess' . $file->id] === false)
  238. {
  239. coreFunctions::redirect(coreFunctions::getCoreSitePath() . "/file_password." . SITE_CONFIG_PAGE_EXTENSION . '?file=' . urlencode($file->shortUrl));
  240. }
  241. }
  242.  
  243. // if the file is limited to a specific user type, check that they are permitted to see it
  244. if($file->minUserLevel != NULL)
  245. {
  246. // check that the user has the correct file level
  247. if((int)$Auth->level_id < (int)$file->minUserLevel)
  248. {
  249. if(($file->userId != NULL) && ($Auth->user_id == $file->userId))
  250. {
  251. // ignore the restriction if this is the original user which uploaded the file
  252. }
  253. else
  254. {
  255. $userTypeLabel = $db->getValue('SELECT label FROM user_level WHERE level_id = '.(int)$file->minUserLevel.' LIMIT 1');
  256. $errorMsg = t("error_you_must_be_a_x_user_to_download_this_file", "You must be a [[[USER_TYPE]]] to download this file.", array('USER_TYPE' => $userTypeLabel));
  257. coreFunctions::redirect(coreFunctions::getCoreSitePath() . "/error." . SITE_CONFIG_PAGE_EXTENSION . "?e=" . urlencode($errorMsg));
  258. }
  259. }
  260. }
  261.  
  262. // free or non logged in users
  263. if ($Auth->level_id <= 1)
  264. {
  265. // make sure the user is permitted to download files of this size
  266. if ((int) UserPeer::getMaxDownloadSize() > 0)
  267. {
  268. if ((int) UserPeer::getMaxDownloadSize() < $file->fileSize)
  269. {
  270. $errorMsg = t("error_you_must_register_for_a_premium_account_for_filesize", "You must register for a premium account to download files of this size. Please use the links above to register or login.");
  271. coreFunctions::redirect(coreFunctions::getCoreSitePath() . "/error." . SITE_CONFIG_PAGE_EXTENSION . "?e=" . urlencode($errorMsg));
  272. }
  273. }
  274.  
  275. $maxThreads = SITE_CONFIG_NON_USER_MAX_DOWNLOAD_THREADS;
  276. if($Auth->level_id == 1)
  277. {
  278. $maxThreads = SITE_CONFIG_FREE_USER_MAX_DOWNLOAD_THREADS;
  279. }
  280. // check if the user has reached the max permitted concurrent downloads
  281. if ((int) $maxThreads > 0)
  282. {
  283. // allow for the extra calls on an iphone
  284. if(($maxThreads == 1) && (Stats::currentDeviceIsIos()))
  285. {
  286. $maxThreads = 2;
  287. }
  288.  
  289. $sQL = "SELECT COUNT(download_tracker.id) AS total_threads ";
  290. $sQL .= "FROM download_tracker ";
  291. $sQL .= "WHERE download_tracker.status='downloading' AND download_tracker.ip_address = " . $db->quote(coreFunctions::getUsersIPAddress()) . " ";
  292. $sQL .= "GROUP BY download_tracker.ip_address ";
  293. $totalThreads = (int) $db->getValue($sQL);
  294. if ($totalThreads >= (int) $maxThreads)
  295. {
  296. $errorMsg = t("error_you_have_reached_the_max_permitted_downloads", "You have reached the maximum concurrent downloads. Please wait for your existing downloads to complete or register for a premium account above.");
  297. coreFunctions::redirect(coreFunctions::getCoreSitePath() . "/error." . SITE_CONFIG_PAGE_EXTENSION . "?e=" . urlencode($errorMsg));
  298. }
  299. }
  300.  
  301. // make sure the user is permitted to download
  302. if ((int) UserPeer::getWaitTimeBetweenDownloads() > 0)
  303. {
  304. $sQL = "SELECT (UNIX_TIMESTAMP()-UNIX_TIMESTAMP(date_updated)) AS seconds ";
  305. $sQL .= "FROM download_tracker ";
  306. $sQL .= "WHERE download_tracker.status='finished' AND download_tracker.ip_address = " . $db->quote(coreFunctions::getUsersIPAddress()) . " ";
  307. $sQL .= "ORDER BY download_tracker.date_updated DESC ";
  308. $longAgoSeconds = (int) $db->getValue($sQL);
  309. if (($longAgoSeconds > 0) && ($longAgoSeconds < (int) UserPeer::getWaitTimeBetweenDownloads()))
  310. {
  311. $errorMsg = t("error_you_must_wait_between_downloads", "You must wait [[[WAITING_TIME_LABEL]]] between downloads. Please try again later or register for a premium account above to remove the restriction.", array('WAITING_TIME_LABEL' => coreFunctions::secsToHumanReadable(UserPeer::getWaitTimeBetweenDownloads())));
  312. coreFunctions::redirect(coreFunctions::getCoreSitePath() . "/error." . SITE_CONFIG_PAGE_EXTENSION . "?e=" . urlencode($errorMsg));
  313. }
  314. }
  315. }
  316.  
  317. // make sure the user is permitted to download files of this size
  318. if ((int) UserPeer::getMaxDailyDownloads() > 0)
  319. {
  320. // get total user downloads today
  321. $sQL = "SELECT COUNT(id) AS total ";
  322. $sQL .= "FROM download_tracker ";
  323. $sQL .= "WHERE download_tracker.status='finished' AND download_tracker.ip_address = " . $db->quote(coreFunctions::getUsersIPAddress()) . " ";
  324. $sQL .= "AND UNIX_TIMESTAMP(date_updated) >= UNIX_TIMESTAMP(DATE_SUB(NOW(), INTERVAL 1 day))";
  325. $totalDownloads24Hour = (int) $db->getValue($sQL);
  326. if ((int) UserPeer::getMaxDailyDownloads() < $totalDownloads24Hour)
  327. {
  328. $errorMsg = t("error_you_have_reached_the_maximum_permitted_downloads_in_the_last_24_hours", "You have reached the maximum permitted downloads in the last 24 hours.");
  329. coreFunctions::redirect(coreFunctions::getCoreSitePath() . "/error." . SITE_CONFIG_PAGE_EXTENSION . "?e=" . urlencode($errorMsg));
  330. }
  331. }
  332.  
  333. // if user owns this file, skip download pages
  334. if(((int)$file->userId > 0) && ($file->userId === $Auth->id))
  335. {
  336. $skipCountdown = true;
  337. }
  338.  
  339. // show the download pages
  340. if($skipCountdown == false)
  341. {
  342. $file->showDownloadPages(isset($_REQUEST['pt'])?$_REQUEST['pt']:null);
  343. }
  344.  
  345. // do we need to display the captcha?
  346. if (UserPeer::showDownloadCaptcha() == true)
  347. {
  348. if(isset($_REQUEST['pt']))
  349. {
  350. $_SESSION['_download_page_next_page_'.$file->id] = $file->decodeNextPageHash($_REQUEST['pt']);
  351. }
  352.  
  353. /* do we require captcha validation? */
  354. $showCaptcha = false;
  355. if (!isset($_REQUEST['g-recaptcha-response']))
  356. {
  357. $showCaptcha = true;
  358. }
  359.  
  360. /* check captcha */
  361. if (isset($_REQUEST['g-recaptcha-response']))
  362. {
  363. $rs = coreFunctions::captchaCheck($_POST["g-recaptcha-response"]);
  364. if (!$rs)
  365. {
  366. notification::setError(t("invalid_captcha", "Captcha confirmation text is invalid."));
  367. $showCaptcha = true;
  368. }
  369. }
  370.  
  371. if ($showCaptcha == true)
  372. {
  373. include_once(SITE_TEMPLATES_PATH . '/partial/_download_page_captcha.inc.php');
  374. exit();
  375. }
  376. else
  377. {
  378. if(isset($_REQUEST['pt']))
  379. {
  380. $_SESSION['_download_page_next_page_'.$file->id] = 1;
  381. }
  382. }
  383. }
  384.  
  385. // include any plugin includes
  386. pluginHelper::includeAppends('file_download_bottom.php');
  387.  
  388. // close database so we don't cause locks during the download
  389. $db = Database::getDatabase();
  390. $db->close();
  391.  
  392. // clear session tracker
  393. $_SESSION['_download_page_next_page_'.$file->id] = 1;
  394.  
  395. // generate unique download url
  396. $downloadUrl = $file->generateDirectDownloadUrl();
  397. coreFunctions::redirect($downloadUrl);
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!