mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-04-21 00:02:18 +02:00
Code Issues Releases Wiki Activity

some updates in regards to fetching authentication.

Browse Source 
git-svn-id: file:///svn/phpbb/trunk@4055 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2003-05-25 13:07:19 +00:00
parent f381c0d3ef
commit 5ceeb10e99
1 changed files with 18 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
phpBB/download.php
View File

@ -31,91 +31,18 @@ $phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
//
// Delete the / * to uncomment the block, and edit the values (read the comments) to
// enable additional security to your board (preventing third site linkage)
//
/*
define('ALLOWED_DENIED', 0);
define('DENIED_ALLOWED', 1);
//
// From this line on you are able to edit the stuff
//
// Possible Values:
// ALLOWED_DENIED <- First allow the listed sites, and then deny all others
// DENIED_ALLOWED <- First deny the listed sites, and then allow all others
$allow_deny_order = ALLOWED_DENIED;
//
// Allowed Syntax:
// Full Domain Name -> www.phpbb.com
// Partial Domain Names -> phpbb.com
//
$sites = array(
$config['server_name'], // This is your domain
'phpbb.com'
);
// This is the message displayed, if someone links to this site...
$lang['Denied_Message'] = 'You are not authorized to view, download or link to this Site.';
// End of editable area
//
// Parse the order and evaluate the array
//
$site = explode('?', $HTTP_SERVER_VARS['HTTP_REFERER']);
$url = trim($site[0]);
//$url = $HTTP_HOST;
if ($url != '')
{
$allowed = ($allow_deny_order == ALLOWED_DENIED) ? FALSE : TRUE;
for ($i = 0; $i < count($sites); $i++)
{
if (strstr($url, $sites[$i]))
{
$allowed = ($allow_deny_order == ALLOWED_DENIED) ? TRUE : FALSE;
break;
}
}
}
else
{
$allowed = TRUE;
}
if ($allowed == FALSE)
{
trigger_error($lang['Denied_Message']);
}
// Delete the following line, to uncomment this block
*/
$download_id = (isset($_REQUEST['id'])) ? intval($_REQUEST['id']) : -1;
$download_id = (isset($_REQUEST['id'])) ? intval($_REQUEST['id']) : false;
$thumbnail = (isset($_REQUEST['thumb'])) ? intval($_REQUEST['thumb']) : false;
function send_file_to_browser($real_filename, $mimetype, $physical_filename, $upload_dir, $attach_id)
{
global $_SERVER, $HTTP_USER_AGENT, $HTTP_SERVER_VARS, $user, $db, $config;
if ($config['upload_dir'] == '')
{
$filename = $physical_filename;
}
else
{
$filename = $config['upload_dir'] . '/' . $physical_filename;
}
$filename = ($config['upload_dir'] == '') ? $physical_filename : $config['upload_dir'] . '/' . $physical_filename;
$gotit = FALSE;
if (!intval($config['use_ftp_upload']))
if (!$config['use_ftp_upload'])
{
if (@!file_exists($filename))
{
@ -257,10 +184,10 @@ function send_file_to_browser($real_filename, $mimetype, $physical_filename, $up
// Start session management
$user->start();
$user->setup();
$auth->acl($user->data);
$user->setup();
if ($download_id == -1)
if (!$download_id)
{
trigger_error('NO_ATTACHMENT_SELECTED');
}
@ -272,7 +199,7 @@ if (!$config['allow_attachments'])
$sql = 'SELECT *
FROM ' . ATTACHMENTS_DESC_TABLE . '
WHERE attach_id = ' . intval($download_id);
WHERE attach_id = ' . $download_id;
$result = $db->sql_query($sql);
if (!($attachment = $db->sql_fetchrow($result)))
@ -292,33 +219,27 @@ if ($row['forum_password'])
$authorised = FALSE;
// Additional query, because of more than one attachment assigned to posts and private messages
$sql = "SELECT a.*, p.forum_id
FROM " . ATTACHMENTS_TABLE . " a, " . POSTS_TABLE . " p
WHERE a.attach_id = " . $attachment['attach_id'] . "
AND (a.post_id = p.post_id OR a.post_id = 0)";
$sql = 'SELECT a.*, p.forum_id
FROM ' . ATTACHMENTS_TABLE . ' a, ' . POSTS_TABLE . ' p
WHERE a.attach_id = ' . $attachment['attach_id'] . '
AND (a.post_id = p.post_id OR a.post_id = 0)';
$result = $db->sql_query($sql);
$auth_pages = $db->sql_fetchrowset($result); // loop through rather than rowset if poss
for ($i = 0; $i < count($auth_pages) && $authorised == FALSE; $i++)
while ($row = $db->sql_fetchrow($result) && !$authorised)
{
if (intval($auth_pages[$i]['post_id']) != 0)
if ($row['post_id'] && $auth->acl_get('f_download', $row['forum_id']))
{
$forum_id = $auth_pages[$i]['forum_id'];
if ($auth->acl_get('f_download', $forum_id))
{
$authorised = TRUE;
}
$authorised = TRUE;
}
else
{
if ( (intval($config['allow_pm_attach'])) && ( ($user->data['user_id'] == $auth_pages[$i]['user_id_2']) || ($user->data['user_id'] == $auth_pages[$i]['user_id_1'])) )
if (intval($config['allow_pm_attach']) && ($user->data['user_id'] == $row['user_id_2'] || $user->data['user_id'] == $row['user_id_1']))
{
$authorised = TRUE;
}
}
}
$db->sql_freeresult($result);
if (!$authorised)
{
@ -353,16 +274,16 @@ if (!$thumbnail)
// Determine the 'presenting'-method
if ($download_mode == PHYSICAL_LINK)
{
if (intval($config['use_ftp_upload']) && $config['upload_dir'] == '')
if ($config['use_ftp_upload'] && $config['upload_dir'] == '')
{
trigger_error('Physical Download not possible with the current Attachment Setting');
trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
}
redirect($config['upload_dir'] . '/' . $attachment['physical_filename']);
}
else
{
if (intval($config['use_ftp_upload']))
if ($config['use_ftp_upload'])
{
// We do not need a download path, we are not downloading physically
send_file_to_browser($attachment['real_filename'], $attachment['mimetype'], $attachment['physical_filename'] , '', $attachment['attach_id']);