[ Index ]

PHP Cross Reference of osCMax 2.0.4

title

Body

[close]

/ -> download.php (source)

   1  <?php
   2  /*

   3  $Id: download.php 3 2006-05-27 04:59:07Z user $

   4  

   5    osCMax Power E-Commerce

   6    http://oscdox.com

   7  

   8    Copyright 2006 osCMax

   9  

  10    Released under the GNU General Public License

  11  */
  12  
  13    include ('includes/application_top.php');
  14  
  15    if (!tep_session_is_registered('customer_id')) die;
  16  
  17  // Check download.php was called with proper GET parameters

  18    if ((isset($HTTP_GET_VARS['order']) && !is_numeric($HTTP_GET_VARS['order'])) || (isset($HTTP_GET_VARS['id']) && !is_numeric($HTTP_GET_VARS['id'])) ) {
  19      die;
  20    }
  21    
  22  // Check that order_id, customer_id and filename match

  23    $downloads_query = tep_db_query("select date_format(o.date_purchased, '%Y-%m-%d') as date_purchased_day, opd.download_maxdays, opd.download_count, opd.download_maxdays, opd.orders_products_filename from " . TABLE_ORDERS . " o, " . TABLE_ORDERS_PRODUCTS . " op, " . TABLE_ORDERS_PRODUCTS_DOWNLOAD . " opd, " . TABLE_ORDERS_STATUS . " os where o.customers_id = '" . $customer_id . "' and o.orders_id = '" . (int)$HTTP_GET_VARS['order'] . "' and o.orders_id = op.orders_id and op.orders_products_id = opd.orders_products_id and opd.orders_products_download_id = '" . (int)$HTTP_GET_VARS['id'] . "' and opd.orders_products_filename != '' and o.orders_status = os.orders_status_id and os.downloads_flag = '1' and os.language_id = '" . (int)$languages_id . "'");
  24    if (!tep_db_num_rows($downloads_query)) die;
  25    $downloads = tep_db_fetch_array($downloads_query);
  26  // MySQL 3.22 does not have INTERVAL

  27    list($dt_year, $dt_month, $dt_day) = explode('-', $downloads['date_purchased_day']);
  28    $download_timestamp = mktime(23, 59, 59, $dt_month, $dt_day + $downloads['download_maxdays'], $dt_year);
  29  
  30  // Die if time expired (maxdays = 0 means no time limit)

  31    if (($downloads['download_maxdays'] != 0) && ($download_timestamp <= time())) die;
  32  // Die if remaining count is <=0

  33    if ($downloads['download_count'] <= 0) die;
  34  // Die if file is not there

  35    if (!file_exists(DIR_FS_DOWNLOAD . $downloads['orders_products_filename'])) die;
  36    
  37  // Now decrement counter

  38    tep_db_query("update " . TABLE_ORDERS_PRODUCTS_DOWNLOAD . " set download_count = download_count-1 where orders_products_download_id = '" . (int)$HTTP_GET_VARS['id'] . "'");
  39  
  40  // Returns a random name, 16 to 20 characters long

  41  // There are more than 10^28 combinations

  42  // The directory is "hidden", i.e. starts with '.'

  43  function tep_random_name()
  44  {
  45    $letters = 'abcdefghijklmnopqrstuvwxyz';
  46    $dirname = '.';
  47    $length = floor(tep_rand(16,20));
  48    for ($i = 1; $i <= $length; $i++) {
  49     $q = floor(tep_rand(1,26));
  50     $dirname .= $letters[$q];
  51    }
  52    return $dirname;
  53  }
  54  
  55  // Unlinks all subdirectories and files in $dir

  56  // Works only on one subdir level, will not recurse

  57  function tep_unlink_temp_dir($dir)
  58  {
  59    $h1 = opendir($dir);
  60    while ($subdir = readdir($h1)) {
  61  // Ignore non directories

  62      if (!is_dir($dir . $subdir)) continue;
  63  // Ignore . and .. and CVS

  64      if ($subdir == '.' || $subdir == '..' || $subdir == 'CVS') continue;
  65  // Loop and unlink files in subdirectory

  66      $h2 = opendir($dir . $subdir);
  67      while ($file = readdir($h2)) {
  68        if ($file == '.' || $file == '..') continue;
  69        @unlink($dir . $subdir . '/' . $file);
  70      }
  71      closedir($h2); 
  72      @rmdir($dir . $subdir);
  73    }
  74    closedir($h1);
  75  }
  76  
  77  
  78  // Now send the file with header() magic

  79    header("Expires: Mon, 26 Nov 1962 00:00:00 GMT");
  80    header("Last-Modified: " . gmdate("D,d M Y H:i:s") . " GMT");
  81    header("Cache-Control: no-cache, must-revalidate");
  82    header("Pragma: no-cache");
  83    header("Content-Type: Application/octet-stream");
  84    header("Content-disposition: attachment; filename=" . $downloads['orders_products_filename']);
  85  
  86    if (DOWNLOAD_BY_REDIRECT == 'true') {
  87  // This will work only on Unix/Linux hosts

  88      tep_unlink_temp_dir(DIR_FS_DOWNLOAD_PUBLIC);
  89      $tempdir = tep_random_name();
  90      umask(0000);
  91      mkdir(DIR_FS_DOWNLOAD_PUBLIC . $tempdir, 0777);
  92      symlink(DIR_FS_DOWNLOAD . $downloads['orders_products_filename'], DIR_FS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename']);
  93      if (file_exists(DIR_FS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename'])) {
  94        tep_redirect(tep_href_link(DIR_WS_DOWNLOAD_PUBLIC . $tempdir . '/' . $downloads['orders_products_filename']));
  95      }
  96    }
  97  
  98  // Fallback to readfile() delivery method. This will work on all systems, but will need considerable resources

  99    readfile(DIR_FS_DOWNLOAD . $downloads['orders_products_filename']);
 100  ?>


Generated: Fri Jan 1 13:43:16 2010 Cross-referenced by PHPXref 0.7