Minde/Klaidos/SmartWEB/get file.php
Iš PHP, MySQL.
<?php
if (! defined ( 'SMARTWEB' ))
define ( 'SMARTWEB', 1 );
@set_time_limit ( 0 );
require_once (dirname ( __FILE__ ) . '/system/debugger_start.php');
require_once ("system/projects.php");
if (substr ( $_SERVER ['HTTP_HOST'], - 3 ) == ":80")
$_SERVER ['HTTP_HOST'] = str_replace ( ":80", "", $_SERVER ['HTTP_HOST'] );
if (! isset ( $_projects [$_SERVER ['HTTP_HOST']] ))
$_projects [$_SERVER ['HTTP_HOST']] = $_projects ["default"];
$pnconfig ['_t147Tt'] = $_projects [$_SERVER ['HTTP_HOST']];
require_once ("system/config.php");
require_once ($pnconfig ['_t147Tt'] . "/system/config.php");
require_once ($_t0577 . "error_handler.php");
require_once ($_t12M . "m_site/wfiles/prefices.php");
require_once ($_t07Tt . "file_crypt.php");
$path_check = true;
if (! empty ( $_GET ['file'] )) {
$file = $_GET ['file'];
} elseif (! empty ( $_GET ['file_id'] )) {
if (! is_numeric ( $_GET ['file_id'] )) {
die ();
}
require_once ($_t0577 . "db_" . $_DB_TYPE . ".php"); $db = New Database ( );
$qry = "SELECT filename, original_name
FROM " . $_DB_PRE ['m_files'] . "m_files
WHERE file_id = " . $_GET ['file_id'];
$result = $db->x5024e ( $qry );
$file_count = $db->Count ( $result );
if ($file_count > 0) {
list ( $f_name, $f_oname ) = $db->GetRowAsList ( $result );
if (strlen ( $_DB_PRE ['m_files'] ) == 0)
$f_dir = $_t13R . "m_files/wfiles/" . $f_name;
else
$f_dir = $_t12M . "m_files/wfiles/" . $f_name;
$file = GenerateFileLink ( $f_dir, $f_oname, '', '' );
}
} elseif (isset ( $_GET ['m_dir_listing_download'] )) {
session_start ();
if (isset ( $_SESSION ['m_dir_listing'] ['downfile'] )) {
$path_check = false; $file = $_SESSION ['m_dir_listing'] ['downfile'];
unset ( $_SESSION ['m_dir_listing'] ['downfile'] );
}
}
if (! isset ( $file ) || strlen ( $file ) == 0)
die ( 'Error: Bad file name or id.' );
if (! file_exists ( $f_dir ) || $f_dir == '') {
list ( $file_location, $original_file_name, $download_right, $download_group ) = DecodeFileLink ( $file );
} else {
$download_right = '';
$download_group = '';
$file_location = $f_dir;
$original_file_name = ($f_oname ? $f_oname : $f_name);
}
if (! is_file ( $file_location ) && strstr ( $file_location, "m_files" )) {
$tmp_file_name = basename ( $file_location );
$file_location = $GLOBALS ['_t12M'] . 'm_files/wfiles/' . $tmp_file_name;
}
if (! is_file ( $file_location ))
$file_location = $GLOBALS ['_t02wR'] . $file_location;
if (! is_file ( $file_location )) {
list ( $tmp_flocation ) = DecodeFileLink ( $file );
$tmp_flocation = str_replace ( "\\", "/", $tmp_flocation );
$fl_parts = array_reverse ( explode ( '/', $tmp_flocation ) );
$fl_parts_count = sizeof ( $fl_parts );
$tmp_flocation = '';
$fl_status = 0;
for($i = 0; $i < $fl_parts_count; $i ++) {
if ($tmp_flocation == '') {
$tmp_flocation = $fl_parts [$i];
} else {
$tmp_flocation = $fl_parts [$i] . '/' . $tmp_flocation;
}
if ($i == 1 && $fl_parts [$i] == 'wfiles')
$fl_status ++;
elseif ($i == 1)
$fl_status = 3;
if ($i == 3 && $fl_parts [$i] . '/' == $GLOBALS ['_t114e'])
$fl_status ++;
elseif ($i == 3)
$fl_status = 3;
if ($i > 4)
$fl_status = 3;
if ($fl_status == 2) {
if (is_file ( $GLOBALS ['_t02wR'] . $tmp_flocation )) {
$file_location = $GLOBALS ['_t02wR'] . $tmp_flocation;
break;
}
}
}
}
if (is_file ( $file_location )) {
if ($path_check) {
if (preg_match ( '/(\.{2,}|\.php)/', $file_location ))
die ( header ( 'Location: /index.php' ) );
$cats = array ('wfiles', 'images' );
$regexp = '/' . substr ( $GLOBALS ['_t114e'], 0, - 1 ) . '(\\/|\\\\)m_[^\\/\\\\]+(\\/|\\\\)(' . implode ( '|', $cats ) . ')/i';
if (! preg_match ( $regexp, $file_location )) {
report_error ( "SECURITY", "get_file.php\nIP: " . $_SERVER ['REMOTE_ADDR'] . "\nBande atsisiusti faila: " . $file_location . "\n" );
die ();
}
} $f_size = filesize ( $file_location );
if (strlen ( $original_file_name ) == 0)
$original_file_name = basename ( $file_location );
if (strlen ( $download_right ) > 0) {
$check = $$download_right;
if ($check != true)
die ();
}
if (strlen ( $download_group ) > 0 && ($download_group != "0")) {
$group_id_array = explode ( ",", $download_group );
if (! isset ( $user_groups ))
die ();
$found_group = 0;
foreach ( $group_id_array as $group_have_to_be_in ) {
if (in_array ( $group_have_to_be_in, $user_groups )) {
$found_group = 1;
break;
}
}
if ($found_group == 0)
die ();
}
if (strstr ( $_SERVER ['HTTP_USER_AGENT'], "MSIE" ))
$original_file_name = preg_replace ( '/\./', '%2e', $original_file_name, substr_count ( $original_file_name, '.' ) - 1 );
$ext = '';
if (! empty ( $view ))
$ext = substr ( $file_location, strrpos ( $file_location, '.' ) + 1 );
$ext_array = array ('html', 'htm' );
Header ( "Content-Disposition:" . (empty ( $view ) ? " attachment;" : "") . " filename=\"$original_file_name\"" );
if (substr ( strtolower ( $file_location ), - 4 ) == '.php')
die ();
header ( "Cache-Control: cache, must-revalidate, post-check=0, pre-check=0" );
header ( "Pragma: public" );
header ( 'Expires: ' . gmdate ( 'D, d M Y H:i:s' ) . ' GMT' );
Header ( "Content-Type: application/x-download" );
header ( "Cache-Control: private", false );
header ( "Content-Transfer-Encoding: binary" );
Header ( "Content-Length: " . $f_size );
if (file_exists ( $file_location )) {
if ($f_size > 9000) {
if ($fp = fopen ( $file_location, "rb" )) {
while ( ! feof ( $fp ) )
echo fread ( $fp, 8192 );
fclose ( $fp );
} else {
Header ( "HTTP/1.0 404 Not Found" );
$_GET ['to_show_this'] = '_m_files_cant_read_file';
require_once ($_FILE_NOT_FOUND);
die ();
}
} elseif ((isset ( $view ) && $view) || ! function_exists ( "file_get_contents" ))
readfile ( $file_location );
else {
$file_content = file_get_contents ( $file_location );
print $file_content;
}
} else
die ();
} else {
die ( 'klaida' );
}
require_once (dirname ( __FILE__ ) . '/system/debugger_end.php');
?>
