php-e107/request.php

<?php

/*
+ ----------------------------------------------------------------------------+
|     e107 website system
|
|     Copyright (C) 2008-2009 e107 Inc 
|     http://e107.org
|
|
|     Released under the terms and conditions of the
|     GNU General Public License (http://gnu.org).
|
|     $Source: /cvs_backup/e107_0.8/request.php,v $
|     $Revision$
|     $Date$
|     $Author$
+----------------------------------------------------------------------------+
*/

// ********************************** SEE HIGHLIGHTED AND NUMBERED QUERIES *****************************

require_once("class2.php");
include_lan(e_LANGUAGEDIR.e_LANGUAGE."/lan_download.php");

if (!e_QUERY || isset($_POST['userlogin'])) 
{
	header("location: {$e107->base_path}");
	exit();
}

$id = FALSE;

//TODO e_request.php - allow plugins like 'downloads' to hook into request.php which should only be a generic file-downloading function.  

// Media-Manager direct file download. 
if(vartrue($_GET['file']) && is_numeric($_GET['file']))
{
	if ($sql->db_Select('core_media', 'media_url', "media_id= ".intval($_GET['file'])." AND media_userclass IN (".USERCLASS_LIST.") LIMIT 1 ")) 
	{
		$row = $sql->db_Fetch();
		$file = $tp->replaceConstants($row['media_url'],'rel');
		// echo 'file='.$file;
		send_file($file);
		exit();
	} 	
}


if (!is_numeric(e_QUERY)) 
{
	if ($sql->db_Select('download', 'download_id', "download_url='".$tp -> toDB(e_QUERY)."'")) 
	{
		$row = $sql->db_Fetch();
		$type = 'file';
		$id = $row['download_id'];
	} 
	elseif((strpos(e_QUERY, "http://") === 0) || (strpos(e_QUERY, "ftp://") === 0) || (strpos(e_QUERY, "https://") === 0)) 
	{
		header("location: ".e_QUERY);
		exit();
	} 
	elseif(file_exists($DOWNLOADS_DIRECTORY.e_QUERY)) 		// 1 - should we allow this?
	{
		send_file($DOWNLOADS_DIRECTORY.e_QUERY);
		exit();
	}
}



if(strstr(e_QUERY, "mirror")) 
{	// Download from mirror
	list($action, $download_id, $mirror_id) = explode(".", e_QUERY);
	$download_id = intval($download_id);
	$mirror_id = intval($mirror_id);
	$qry = "SELECT d.*, dc.download_category_class FROM #download as d LEFT JOIN #download_category AS dc ON dc.download_category_id = d.download_category WHERE d.download_id = {$download_id}";
	if ($sql->db_Select_gen($qry)) 
	{
		$row = $sql->db_Fetch();
		extract($row);
		if (check_class($download_category_class) && check_class($download_class)) 
		{
			if($pref['download_limits'] && $download_active == 1) 
			{
				check_download_limits();
			}
			$mirrorList = explode(chr(1), $download_mirror);
			$mstr = "";
			foreach($mirrorList as $mirror) 
			{
				if($mirror) 
				{
					$tmp = explode(",", $mirror);
					$mid = intval($tmp[0]);
					$address = $tmp[1];
					$requests = $tmp[2];
					if($tmp[0] == $mirror_id) 
					{
						$gaddress = trim($address);
						$requests ++;
					}
					$mstr .= $mid.",".$address.",".$requests.chr(1);
				}
			}
			$sql->db_Update("download", "download_requested = download_requested + 1, download_mirror = '{$mstr}' WHERE download_id = '".intval($download_id)."'");
			$sql->db_Update("download_mirror", "mirror_count = mirror_count + 1 WHERE mirror_id = '".intval($mirror_id)."'");
			header("Location: {$gaddress}");
			exit();
		}
		header("Location: ".e_BASE."download.php?error.{$download_id}.1");
		exit;
	}
}

$tmp = explode(".", e_QUERY);
if (!$tmp[1] || strstr(e_QUERY, "pub_")) 
{
	$id = intval($tmp[0]);
	$type = "file";
} 
else 
{
	$table = preg_replace("#\W#", "", $tp -> toDB($tmp[0], true));
	$id = intval($tmp[1]);
	$type = "image";
}


if (preg_match("#.*\.[a-z,A-Z]{3,4}#", e_QUERY)) 
{
	if(strstr(e_QUERY, "pub_"))
	{
		$bid = str_replace("pub_", "", e_QUERY);
		if (file_exists(e_UPLOAD.$bid))
		{
			send_file(e_UPLOAD.$bid);
			exit();
		}
	}
	if (file_exists($DOWNLOADS_DIRECTORY.e_QUERY)) 
	{
		send_file($DOWNLOADS_DIRECTORY.e_QUERY);
		exit();
	}
	require_once(HEADERF);
	$ns->tablerender(LAN_dl_61, "<div style='text-align:center'>".LAN_dl_65."\n<br /><br />\n<a href='javascript:history.back(1)'>".LAN_dl_64."</a></div>");
	require_once(FOOTERF);
	exit();
}

if ($type == "file")
{
	$qry = "SELECT d.*, dc.download_category_class FROM #download as d LEFT JOIN #download_category AS dc ON dc.download_category_id = d.download_category WHERE d.download_id = {$id}";
	if ($sql->db_Select_gen($qry)) 
	{
		$row = $sql->db_Fetch();
		if (check_class($row['download_category_class']) && check_class($row['download_class'])) 
		{
			if ($row['download_active'] == 0)
			{  // Inactive download - don't allow
				require_once(HEADERF);
				$ns -> tablerender(LAN_dl_61, "<div style='text-align:center'>".str_replace('--LINK--',"<a href='".e_HTTP.'download.php'."'>",LAN_dl_78).'</div>');
				require_once(FOOTERF);
				exit();
			}

			if($pref['download_limits'] && $row['download_active'] == 1) 
			{
				check_download_limits();
			}
			extract($row);
			if($download_mirror) 
			{
				$array = explode(chr(1), $download_mirror);
				$c = (count($array)-1);
				for ($i=1; $i < $c; $i++) 
				{
					$d = mt_rand(0, $i);
					$tmp = $array[$i];
					$array[$i] = $array[$d];
					$array[$d] = $tmp;
				}
				$tmp = explode(",", $array[0]);
				$mirror_id = $tmp[0];
				$mstr = "";
				foreach($array as $mirror) 
				{
					if($mirror) 
					{
						$tmp = explode(",", $mirror);
						$mid = $tmp[0];
						$address = $tmp[1];
						$requests = $tmp[2];
						if($tmp[0] == $mirror_id) 
						{
							$gaddress = trim($address);
							$requests ++;
						}
					  $mstr .= $mid.",".$address.",".$requests.chr(1);
					}
				}
				$sql -> db_Update("download", "download_requested = download_requested + 1, download_mirror = '{$mstr}' WHERE download_id = '".intval($download_id)."'");
				$sql -> db_Update("download_mirror", "mirror_count = mirror_count + 1 WHERE mirror_id = '".intval($mirror_id)."'");

				header("Location: ".$gaddress);
				exit();
			}

			// increment download count
			$sql->db_Update("download", "download_requested = download_requested + 1 WHERE download_id = '{$id}'");
			$user_id = USER ? USERID : 0;
			$ip = e107::getIPHandler()->getIP(FALSE);
			$request_data = "'0', '{$user_id}', '{$ip}', '{$id}', '".time()."'";
			//add request info to db
			$sql->db_Insert("download_requests", $request_data, FALSE);
			if (preg_match("/Binary\s(.*?)\/.*/", $download_url, $result)) 
			{
				$bid = $result[1];
				$result = @mysql_query("SELECT * FROM ".MPREFIX."rbinary WHERE binary_id = '{$bid}'");
				$binary_data = @mysql_result($result, 0, "binary_data");
				$binary_filetype = @mysql_result($result, 0, "binary_filetype");
				$binary_name = @mysql_result($result, 0, "binary_name");
				header("Content-type: {$binary_filetype}");
				header("Content-length: {$download_filesize}");
				header("Content-Disposition: attachment; filename={$binary_name}");
				header("Content-Description: PHP Generated Data");
				echo $binary_data;
				exit();
			}
			if (strstr($download_url, "http://") || strstr($download_url, "ftp://") || strstr($download_url, "https://")) {
				header("Location: {$download_url}");
				exit();
			} 
			else 
			{
				if (file_exists($DOWNLOADS_DIRECTORY.$download_url)) 
				{
					send_file($DOWNLOADS_DIRECTORY.$download_url);
					exit();
				} 
				elseif(file_exists(ee_UPLOAD.$download_url)) 
				{
					send_file(e_UPLOAD.$download_url);
					exit();
				}
			}
		} 
		else 
		{	// Download Access Denied.
			if((!strpos($pref['download_denied'],".php") &&
				!strpos($pref['download_denied'],".htm") &&
				!strpos($pref['download_denied'],".html") &&
				!strpos($pref['download_denied'],".shtml") ||
				(strpos($pref['download_denied'],"signup.php") && USER == TRUE)
				))
			{
				header("Location: ".e_BASE."download.php?error.{$id}.1");
				exit();
			}
			else
			{
				header("Location: ".trim($pref['download_denied']));
				exit();
			}
		}
	}
	else if(strstr(e_QUERY, "pub_"))
	{
		/* check to see if public upload and not in download table ... */
		$bid = str_replace("pub_", "", e_QUERY);
		if($result = @mysql_query("SELECT * FROM ".MPREFIX."rbinary WHERE binary_id = '$bid' "))
		{
			$binary_data = @mysql_result($result, 0, "binary_data");
			$binary_filetype = @mysql_result($result, 0, "binary_filetype");
			$binary_name = @mysql_result($result, 0, "binary_name");
			header("Content-type: {$binary_filetype}");
			header("Content-length: {$download_filesize}");
			header("Content-Disposition: attachment; filename={$binary_name}");
			header("Content-Description: PHP Generated Data");
			echo $binary_data;
			exit();
		}
	}

	require_once(HEADERF);
	$ns -> tablerender(LAN_dl_61, "<div style='text-align:center'>".LAN_dl_65."<br /><br /><a href='javascript:history.back(1)'>".LAN_dl_64."</a></div>");
	require_once(FOOTERF);
	exit();
}

$sql->db_Select($table, "*", "{$table}_id = '{$id}'");
$row = $sql->db_Fetch();
extract($row);
$image = ($table == "upload" ? $upload_ss : $download_image);
if (preg_match("/Binary\s(.*?)\/.*/", $image, $result)) 
{
	$bid = $result[1];
	$result = @mysql_query("SELECT * FROM ".MPREFIX."rbinary WHERE binary_id = '{$bid}'");
	$binary_data = @mysql_result($result, 0, "binary_data");
	$binary_filetype = @mysql_result($result, 0, "binary_filetype");
	$binary_name = @mysql_result($result, 0, "binary_name");
	header("Content-type: {$binary_filetype}");
	header("Content-Disposition: inline; filename={$binary_name}");
	echo $binary_data;
	exit();
}


$image = ($table == "upload" ? $upload_ss : $download_image);

if (strpos($image, "http") !== FALSE) 
{
	header("Location: {$image}");
	exit();
} 
else 
{
	if ($table == "download") 
	{
		require_once(HEADERF);
		if (file_exists(e_FILE."download/{$image}")) 
		{
			$disp = "<div style='text-align:center'><img src='".e_FILE."download/{$image}' alt='' /></div>";
		}
		else if(file_exists(e_FILE."downloadimages/{$image}")) 
		{
			$disp = "<div style='text-align:center'><img src='".e_FILE."downloadimages/{$image}' alt='' /></div>";
		} 
		else 
		{
			$disp = "<div style='text-align:center'><img src='".e_UPLOAD.$image."' alt='' /></div>";
		}
		$disp .= "<br /><div style='text-align:center'><a href='javascript:history.back(1)'>".LAN_dl_64."</a></div>";
		$ns->tablerender($image, $disp);

		require_once(FOOTERF);
	} else 
	{
		if (is_file(e_UPLOAD.$image)) 
		{
			echo "<img src='".e_UPLOAD.$image."' alt='' />";
		} 
		elseif(is_file(e_FILE."downloadimages/{$image}")) 
		{
			echo "<img src='".e_FILE."downloadimages/{$image}' alt='' />";
		} 
		else 
		{
			require_once(HEADERF);
			$ns -> tablerender(LAN_dl_61, "<div style='text-align:center'>".LAN_dl_65."<br /><br /><a href='javascript:history.back(1)'>".LAN_dl_64."</a></div>");
			require_once(FOOTERF);
			exit;
		}
		exit();
	}
}



// File retrieval function. by Cam.
function send_file($file) 
{
	global $DOWNLOADS_DIRECTORY,$FILES_DIRECTORY, $e107;
	
	$pref = e107::getPref();
	
	/* PHP handling by default. 
	if (!$pref['download_php'])
	{
		header("Location: ".SITEURL.$file);
		exit();
	}
	*/
	
	@set_time_limit(10 * 60);
	@session_write_close();
	@e107_ini_set("max_execution_time", 10 * 60);
	while (@ob_end_clean()); // kill all output buffering else it eats server resources
	@ob_implicit_flush(TRUE);
	
	
	$filename = $file;
	$file = basename($file);
	$path = realpath($filename);
	$path_downloads = realpath($DOWNLOADS_DIRECTORY);
	$path_public = realpath($FILES_DIRECTORY."public/");
	if(!strstr($path, $path_downloads) && !strstr($path,$path_public)) 
	{
        if(E107_DEBUG_LEVEL > 0 && ADMIN)
		{
			echo "Failed to Download <b>".$file."</b><br />";
			echo "The file-path <b>".$path."<b> didn't match with either <b>{$path_downloads}</b> or <b>{$path_public}</b><br />";
			exit();
        }
		else
		{
			header("location: {$e107->base_path}");
			exit();
		}
	} 
	else 
	{
		if (is_file($filename) && is_readable($filename) && connection_status() == 0) 
		{
			$seek = 0;
			if (strstr($_SERVER['HTTP_USER_AGENT'], "MSIE"))
			{
				$file = preg_replace('/\./', '%2e', $file, substr_count($file, '.') - 1);
			}
			if (isset($_SERVER['HTTP_RANGE']))
			{
				$seek = intval(substr($_SERVER['HTTP_RANGE'] , strlen('bytes=')));
			}
			$bufsize = 2048;
			ignore_user_abort(true);
			$data_len = filesize($filename);
			if ($seek > ($data_len - 1)) { $seek = 0; }
			if ($filename == null) { $filename = basename($this->data); }
			$res =& fopen($filename, 'rb');
			if ($seek)
			{
				fseek($res , $seek);
			}
			$data_len -= $seek;
			header("Expires: 0");
			header("Cache-Control: max-age=30" );
			header("Content-Type: application/force-download");
			header("Content-Disposition: attachment; filename=\"{$file}\"");
			header("Content-Length: {$data_len}");
			header("Pragma: public");
			if ($seek)
			{
				header("Accept-Ranges: bytes");
				header("HTTP/1.0 206 Partial Content");
				header("status: 206 Partial Content");
				header("Content-Range: bytes {$seek}-".($data_len - 1)."/{$data_len}");
			}
			while (!connection_aborted() && $data_len > 0)
			{
				echo fread($res , $bufsize);
				$data_len -= $bufsize;
			}
			fclose($res);
		} 
		else 
		{
            if(E107_DEBUG_LEVEL > 0 && ADMIN)
			{
              	echo "file failed =".$file."<br />";
				echo "path =".$path."<br />";
                exit();
			}
			else
			{
			  	header("location: ".e_BASE."index.php");
				exit();
			}
		}
	}
}


function check_download_limits() 
{
	global $pref, $sql, $ns, $HEADER, $e107, $tp;
	// Check download count limits
	$qry = "SELECT gen_intdata, gen_chardata, (gen_intdata/gen_chardata) as count_perday FROM #generic WHERE gen_type = 'download_limit' AND gen_datestamp IN (".USERCLASS_LIST.") AND (gen_chardata >= 0 AND gen_intdata >= 0) ORDER BY count_perday DESC";
	if($sql->db_Select_gen($qry)) 
	{
		$limits = $sql->db_Fetch();
		$cutoff = time() - (86400 * $limits['gen_chardata']);
		if(USER) 
		{
			$where = "dr.download_request_datestamp > {$cutoff} AND dr.download_request_userid = ".USERID;
		} else {
			$ip = e107::getIPHandler()->getIP(FALSE);
			$where = "dr.download_request_datestamp > {$cutoff} AND dr.download_request_ip = '{$ip}'";
		}
		$qry = "SELECT COUNT(d.download_id) as count FROM #download_requests as dr LEFT JOIN #download as d ON dr.download_request_download_id = d.download_id AND d.download_active = 1 WHERE {$where} GROUP by dr.download_request_userid";
		if($sql->db_Select_gen($qry)) 
		{
			$row=$sql->db_Fetch();
			if($row['count'] >= $limits['gen_intdata']) 
			{
				// Exceeded download count limit
			  header("Location: ".e_BASE."download.php?error.{$cutoff}.2");
/*				require_once(HEADERF);
				$ns->tablerender(LAN_dl_61, LAN_dl_62);
				require(FOOTERF);  */
				exit();
			}
		}
	}
	// Check download bandwidth limits
	$qry = "SELECT gen_user_id, gen_ip, (gen_user_id/gen_ip) as bw_perday FROM #generic WHERE gen_type='download_limit' AND gen_datestamp IN (".USERCLASS_LIST.") AND (gen_user_id >= 0 AND gen_ip >= 0) ORDER BY bw_perday DESC";
	if($sql->db_Select_gen($qry)) {
		$limit = $sql->db_Fetch();
		$cutoff = time() - (86400*$limit['gen_ip']);
		if(USER) {
			$where = "dr.download_request_datestamp > {$cutoff} AND dr.download_request_userid = ".USERID;
		} else {
			$ip = e107::getIPHandler()->getIP(FALSE);
			$where = "dr.download_request_datestamp > {$cutoff} AND dr.download_request_ip = '{$ip}'";
		}
		$qry = "SELECT SUM(d.download_filesize) as total_bw FROM #download_requests as dr LEFT JOIN #download as d ON dr.download_request_download_id = d.download_id AND d.download_active = 1 WHERE {$where} GROUP by dr.download_request_userid";
		if($sql->db_Select_gen($qry)) {
			$row=$sql->db_Fetch();
			if($row['total_bw'] / 1024 > $limit['gen_user_id']) 
			{	//Exceed bandwith limit
			  header("Location: ".e_BASE."download.php?error.{$cutoff}.2");
/*				require(HEADERF);
				$ns->tablerender(LAN_dl_61, LAN_dl_62);
				require(FOOTERF); */
				exit();
			}
		}
	}
}

?>