4images PHP Cross Reference Image Galleries

Source: /download.php - 258 lines - 9465 bytes - Summary - Text - Print

   1  <?php
   2  /**************************************************************************
   3   *                                                                        *
   4   *    4images - A Web Based Image Gallery Management System               *
   5   *    ----------------------------------------------------------------    *
   6   *                                                                        *
   7   *             File: download.php                                         *
   8   *        Copyright: (C) 2002-2012 Jan Sorgalla                           *
   9   *            Email: jan@4homepages.de                                    *
  10   *              Web: http://www.4homepages.de                             *
  11   *    Scriptversion: 1.7.11                                               *
  12   *                                                                        *
  13   *    Never released without support from: Nicky (http://www.nicky.net)   *
  14   *                                                                        *
  15   **************************************************************************
  16   *                                                                        *
  17   *    Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz-       *
  18   *    bedingungen (Lizenz.txt) für weitere Informationen.                 *
  19   *    ---------------------------------------------------------------     *
  20   *    This script is NOT freeware! Please read the Copyright Notice       *
  21   *    (Licence.txt) for further information.                              *
  22   *                                                                        *
  23   *************************************************************************/
  24  
  25  $main_template = 0;
  26  
  27  $nozip = 1;
  28  define('GET_CACHES', 1);
  29  define('ROOT_PATH', './');
  30  include (ROOT_PATH.'global.php');
  31  require (ROOT_PATH.'includes/sessions.php');
  32  $user_access = get_permission();
  33  
  34  if (!function_exists('file_get_contents')) {
  35    function file_get_contents($filename, $incpath = false, $resource_context = null) {
  36      if (false === $fh = fopen($filename, 'rb', $incpath)) {
  37        user_error('file_get_contents() failed to open stream: No such file or directory', E_USER_WARNING);
  38        return false;
  39      }
  40  
  41      clearstatcache();
  42      if ($fsize = @filesize($filename)) {
  43        $data = fread($fh, $fsize);
  44      } else {
  45        $data = '';
  46        while (!feof($fh)) {
  47          $data .= fread($fh, 8192);
  48        }
  49      }
  50  
  51      fclose($fh);
  52      return $data;
  53    }
  54  }
  55  
  56  function fix_file_path($file_path) {
  57    if (!is_remote_file($file_path) && !file_exists($file_path)) {
  58      $file_path = preg_replace("/\/{2,}/", "/", get_document_root()."/".$file_path);
  59    }
  60    return $file_path;
  61  }
  62  
  63  function send_file($file_name, $file_path) {
  64    @session_write_close();
  65  
  66    header("Cache-Control: no-cache, must-revalidate");
  67    header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
  68  
  69    if (get_user_os() == "MAC") {
  70      header("Content-Type: application/x-unknown\n");
  71      header("Content-Disposition: attachment; filename=\"".$file_name."\"\n");
  72    }
  73    elseif (get_browser_info() == "MSIE") {
  74      $disposition = (!preg_match("/\.zip$/i", $file_name)) ? 'attachment' : 'inline';
  75      header("Content-Disposition: $disposition; filename=\"".$file_name."\"\n");
  76      header("Content-Type: application/x-ms-download\n");
  77    }
  78    else {
  79      header("Content-Disposition: attachment; filename=\"".$file_name."\"\n");
  80      header("Content-Type: application/octet-stream\n");
  81    }
  82  
  83    $file_path = fix_file_path($file_path);
  84  
  85    if (!is_remote_file($file_path) && ($filesize = filesize($file_path)) > 0 && !@ini_get('zlib.output_compression') && !@ini_get('output_handler')) {
  86      header("Content-Length: ".$filesize."\n\n");
  87    }
  88  
  89    @readfile($file_path);
  90  }
  91  
  92  $file = array();
  93  $file_path = null;
  94  $file_name = null;
  95  
  96  if ($action == "lightbox") {
  97    if (empty($user_info['lightbox_image_ids']) || !function_exists("gzcompress") || !function_exists("crc32")) {
  98      redirect("lightbox.php");
  99    }
 100  
 101    if (!check_download_token($user_info['lightbox_image_ids'])) {
 102      redirect("lightbox.php");
 103    }
 104  
 105    $image_id_sql = str_replace(" ", ", ", trim($user_info['lightbox_image_ids']));
 106    $image_ids = array();
 107    $sql = "SELECT image_id, cat_id, image_media_file, image_download_url
 108            FROM ".IMAGES_TABLE."
 109            WHERE image_active = 1 AND image_id IN ($image_id_sql) AND cat_id NOT IN (".get_auth_cat_sql("auth_viewimage", "NOTIN").", ".get_auth_cat_sql("auth_viewcat", "NOTIN").", ".get_auth_cat_sql("auth_download", "NOTIN").")";
 110    $result = $site_db->query($sql);
 111  
 112    if ($result) {
 113      include (ROOT_PATH."includes/zip.php");
 114      $zipfile = new zipfile();
 115      $file_added = 0;
 116      while ($image_row = $site_db->fetch_array($result)) {
 117        $file_path = null;
 118        $file_name = null;
 119        if (!empty($image_row['image_download_url'])) {
 120          if (is_remote_file($image_row['image_download_url']) || is_local_file($image_row['image_download_url'])) {
 121            $file_path = $image_row['image_download_url'];
 122            $file_name = basename($image_row['image_download_url']);
 123          }
 124        }
 125        elseif (is_remote($image_row['image_media_file'])) {
 126          $file_path = $image_row['image_media_file'];
 127          $file_name = get_basefile($image_row['image_media_file']);
 128        }
 129        else {
 130          $file_path = MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file'];
 131          $file_name = $image_row['image_media_file'];
 132        }
 133  
 134        if (!empty($file_path)) {
 135          @set_time_limit(120);
 136          $file_path = fix_file_path($file_path);
 137          if (!$file_data = @file_get_contents($file_path)) {
 138            continue;
 139          }
 140          $zipfile->add_file($file_data, $file_name);
 141          $file_added = 1;
 142          unset($file_data);
 143          $image_ids[] = $image_row['image_id'];
 144        }
 145      }
 146  
 147      if ($file_added) {
 148        if ($user_info['user_level'] != ADMIN) {
 149          $sql = "UPDATE ".IMAGES_TABLE."
 150                  SET image_downloads = image_downloads + 1
 151                  WHERE image_id IN (".trim(implode(", ", $image_ids)).")";
 152          $site_db->query($sql);
 153        }
 154  
 155        $zipfile->send(time().".zip");
 156        exit;
 157      }
 158      else {
 159        redirect("lightbox.php?empty=1");
 160      }
 161    }
 162  }
 163  elseif ($image_id) {
 164    if (isset($HTTP_GET_VARS['size']) || isset($HTTP_POST_VARS['size'])) {
 165      $size = (isset($HTTP_GET_VARS['size'])) ? intval($HTTP_GET_VARS['size']) : intval($HTTP_POST_VARS['size']);
 166    }
 167    else {
 168      $size = 0;
 169    }
 170  
 171    $sql = "SELECT image_id, cat_id, user_id, image_media_file, image_download_url, image_downloads
 172            FROM ".IMAGES_TABLE."
 173            WHERE image_id = $image_id AND image_active = 1";
 174    $image_row = $site_db->query_firstrow($sql);
 175  
 176    if (!$image_row || !check_permission("auth_viewcat", $image_row['cat_id']) || !check_permission("auth_viewimage", $image_row['cat_id'])) {
 177      redirect($url);
 178    }
 179    else {
 180      if (!check_permission("auth_download", $image_row['cat_id'])) {
 181        redirect($url);
 182      }
 183  
 184      if (!check_download_token($image_row['image_id'])) {
 185        echo "Hotlinking is not allowed";
 186        exit;
 187        redirect("index.php");
 188      }
 189    }
 190  
 191    $remote_url = 0;
 192    if (!empty($image_row['image_download_url'])) {
 193      if (is_remote_file($image_row['image_download_url']) || is_local_file($image_row['image_download_url'])) {
 194        preg_match("/(.+)\.(.+)/", basename($image_row['image_download_url']), $regs);
 195        $file_name = $regs[1];
 196        $file_extension = $regs[2];
 197  
 198        $file['file_name'] = $file_name.(($size) ? "_".$size : "").".".$file_extension;
 199        $file['file_path'] = dirname($image_row['image_download_url'])."/".$file['file_name'];
 200      }
 201      else {
 202        $file['file_path'] = $image_row['image_download_url'];
 203        $remote_url = 1;
 204      }
 205    }
 206    elseif (is_remote_file($image_row['image_media_file'])) {
 207      preg_match("/(.+)\.(.+)/", get_basefile($image_row['image_media_file']), $regs);
 208      $file_name = $regs[1];
 209      $file_extension = $regs[2];
 210  
 211      $file['file_name'] = $file_name.(($size) ? "_".$size : "").".".$file_extension;
 212      $file['file_path'] = dirname($image_row['image_media_file'])."/".$file['file_name'];
 213    }
 214    else {
 215      preg_match("/(.+)\.(.+)/", get_basefile($image_row['image_media_file']), $regs);
 216      $file_name = $regs[1];
 217      $file_extension = $regs[2];
 218  
 219      $file['file_name'] = $file_name.(($size) ? "_".$size : "").".".$file_extension;
 220      $file['file_path'] = (is_local_file($image_row['image_media_file'])) ? dirname($image_row['image_media_file'])."/".$file['file_name'] : MEDIA_PATH."/".$image_row['cat_id']."/".$file['file_name'];
 221    }
 222  
 223    if ($user_info['user_level'] != ADMIN) {
 224      $sql = "UPDATE ".IMAGES_TABLE."
 225              SET image_downloads = image_downloads + 1
 226              WHERE image_id = $image_id";
 227      $site_db->query($sql);
 228    }
 229  
 230    if (!empty($file['file_path'])) {
 231      @set_time_limit(120);
 232      if ($remote_url) {
 233        redirect($file['file_path']);
 234      }
 235  
 236      if ($action == "zip" && !preg_match("/\.zip$/i", $file['file_name']) && function_exists("gzcompress") && function_exists("crc32")) {
 237        include (ROOT_PATH."includes/zip.php");
 238        $zipfile = new zipfile();
 239        $zipfile->add_file(file_get_contents($file['file_path']), $file['file_name']);
 240  
 241        $zipfile->send(get_file_name($file['file_name']).".zip");
 242      } else {
 243          send_file($file['file_name'], $file['file_path']);
 244      }
 245      exit;
 246    }
 247    else {
 248      echo $lang['download_error']."\n<!-- EMPTY FILE PATH //-->";
 249      exit;
 250    }
 251  }
 252  else {
 253    echo $lang['download_error']."\n<!-- NO ACTION SPECIFIED //-->";
 254    exit;
 255  }
 256  
 257  exit;
 258  ?>

title

Description

title

Description

title

Description

title

title

Body