/
act_download.php
107 lines (82 loc) · 2.96 KB
/
act_download.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
<?php
/**
* phpwcms content management system
*
* @author Oliver Georgi <og@phpwcms.org>
* @copyright Copyright (c) 2002-2021, Oliver Georgi
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
* @link http://www.phpwcms.org
*
**/
$phpwcms = array('SESSION_START' => true);
require_once '../../include/config/conf.inc.php';
require_once '../inc_lib/default.inc.php';
require_once PHPWCMS_ROOT.'/include/inc_lib/helper.session.php';
require_once PHPWCMS_ROOT.'/include/inc_lib/dbcon.inc.php';
require_once PHPWCMS_ROOT.'/include/inc_lib/general.inc.php';
checkLogin();
validate_csrf_tokens();
require_once PHPWCMS_ROOT.'/include/inc_lib/backend.functions.inc.php';
$dl = isset($_GET["dl"]) ? intval($_GET["dl"]) : 0;
$pl = isset($_GET["pl"]) ? intval($_GET["pl"]) : 0;
if($dl) {
$err = 0;
$sql = "SELECT * FROM ".DB_PREPEND."phpwcms_file WHERE f_trash=0 AND f_kid=1 AND f_id=".$dl." ";
if($pl === 0) {
if(empty($_SESSION["wcs_user_admin"])) {
$sql .= "AND f_uid=".intval($_SESSION["wcs_user_id"]).' ';
}
} else {
$sql .= "AND f_aktiv=1 AND (f_public=1";
if(empty($_SESSION["wcs_user_admin"])) {
$sql .= " OR f_uid=".intval($_SESSION["wcs_user_id"]);
}
$sql .= ") ";
}
$sql .= "LIMIT 1";
$result = _dbQuery($sql);
if(isset($result[0]['f_id'])) {
$download = $result[0];
$dl_filename = $download["f_hash"];
if($download["f_ext"]) {
$dl_filename .= '.'.$download["f_ext"];
}
$dl_path = PHPWCMS_ROOT.$phpwcms["file_path"];
if(is_file($dl_path.$dl_filename)) {
if(!is_mimetype_format($download["f_type"])) {
$download["f_type"] = get_mimetype_by_extension($download["f_ext"]);
}
header("Content-type: ".$download["f_type"]);
header('Content-Disposition: attachment; filename="'.$download["f_name"].'"');
header("Content-Length: " . filesize($dl_path.$dl_filename));
if(readfile($dl_path.$dl_filename)) {
exit();
} else {
$err = 'Error reading file (4)';
}
} else {
$err = 'File does not exist (1)';
}
} else {
$err = 'File not found in database (2)';
}
} else {
$err = 'False ID given (3)';
}
if($err):
session_destroy();
?><html>
<head>
<title>phpwcms File Error</title>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo PHPWCMS_CHARSET ?>">
<link href="../inc_css/phpwcms.min.css" rel="stylesheet" type="text/css">
</head>
<body>
<h1>Download Error</h1>
<p><strong><?php echo $err ?></strong> occured while trying to download a file of your directory.</p>
<p>Please <a href="<?php echo PHPWCMS_URL.get_login_file() ?>"><strong>login</strong></a> again and try another file.</p>
<p>If you think that this might be a technical problem send an email to the webmaster.</p>
</body>
</html>
<?php
endif;