Script written by Stephen Yabziz | > Date started: 1th March 2006 +-------------------------------------------------------------------------- */ define("IN_PAGE",'DOWNLOAD'); define("PAGE_TITLE",'SITEDOWNLOAD'); include "includes/inc.php"; # fetch upload id $upload_id = preg_replace('/[^A-Z0-9]/','',strtoupper($input[id])); $id_match = $input[type]==2 ? "f.id='$upload_id'" : "f.upload_id='$upload_id'"; $download_time = time()-1*60*60; # query the file $db->setQuery("select f.id,f.file,f.downloads,f.name,f.size,f.descr,f.password,f.upload_id,f.server_id from files as f where $id_match and f.deleted=0"); $db->query(); $filerow=$db->loadRow(); ($hook = YABPlugin::fetch_hook('file_checkexists',__FILE__,__LINE__)) ? eval($hook) : ''; if(!$filerow) { header('location:'.$baseWeb.'/redirect.php?error=1&code=DL_FileNotFound'); exit; } ## assign vars $filerow[http] = $user->servers[$filerow[server_id]][http]; $filerow[domain] = $user->servers[$filerow[server_id]][domain]; $filerow[t_diff] = $user->servers[$filerow[server_id]][time_diff]; $upload_id = $filerow[upload_id]; $file_id = $filerow[id]; $type = substr(strtolower(strrchr($filerow[name],'.')),1); $LANG[SITEDOWNLOAD] = sprintf($LANG[SITEDOWNLOAD],strip_tags($filerow[name])); $filerow[descr]=htmlspecialchars($filerow[descr]); $template->assign_vars($filerow); ($hook = YABPlugin::fetch_hook('file_getlinks',__FILE__,__LINE__)) ? eval($hook) : ''; ##get download url $urls=getDownloadUrl(array('id'=>$filerow[id],'name'=>$filerow[name],'upload_id'=>$filerow[upload_id],'delete_id'=>$filerow[delete_id])); extract($urls); ## apply the download options by user group #method 1:decide the downlaod options by the file $dl_group=$filerow[uid]==0?$user->guest_group:$user->groups[$filerow[gid]]; #method 2:decide the downlaod options by the user who try to download $dl_group=$user->uid==0?$user->guest_group:$user->groups[$user->package_id]; ($hook = YABPlugin::fetch_hook('file_checkdownload',__FILE__,__LINE__)) ? eval($hook) : ''; ##check download status $can_download = 1; # the request is from POST or download direct is allowed although the request is through GET define('CHECK_DL', IS_POST||$dl_group[dl_direct]); #1. check the captchacode match if($can_download&&$dl_group[dl_captcha]&&($_SESSION['authkey_expire']setting[cache_sessions]) { ($hook = YABPlugin::fetch_hook('file_checksize',__FILE__,__LINE__)) ? eval($hook) : ''; $db->setQuery("select sum(d.size) as total from dlsessions as d where d.ip='$input[IP_CLIENT]' and d.last_update>$download_time"); $db->query(); $downloadrow=$db->loadRow(); if($downloadrow[total]+$filerow[size] > $dl_group[dl_sizebyhour]) { $can_download = 0; $errorcode = 'DL_GotMaxSizeByHour'; ($hook = YABPlugin::fetch_hook('file_getmaxsize',__FILE__,__LINE__)) ? eval($hook) : ''; } } #4. check the download sessions by IP if($can_download&&$dl_group[dl_ips]&&$user->setting[cache_sessions]) { ($hook = YABPlugin::fetch_hook('file_checkips',__FILE__,__LINE__)) ? eval($hook) : ''; $db->setQuery("select * from dlsessions where ip='$input[IP_CLIENT]' and last_update>$download_time and dl_size!=size"); $db->query(); if($db->getNumRows() >= $dl_group[dl_ips]) { $errorcode = 'DL_GotMaxIP'; $can_download = 0; ($hook = YABPlugin::fetch_hook('file_getmaxip',__FILE__,__LINE__)) ? eval($hook) : ''; } } #5. load download rules if($can_download) { ($hook = YABPlugin::fetch_hook('file_loadrule',__FILE__,__LINE__)) ? eval($hook) : ''; require_once(ROOT."/plugins/ip2country/MaxMind/run.php"); $dl_area = 'NA'; $dl_area = getCountryCodeByMaxMind(); if($dl_area=='') $dl_area = 'UN'; $downloadrule = loadDownloadRules($user->package_id,$dl_area); $downloadrule[dl_area]=$dl_area; # check points per hour get max allowed points if($user->setting[cache_sessions]) { ($hook = YABPlugin::fetch_hook('file_cachedlsession',__FILE__,__LINE__)) ? eval($hook) : ''; $db->setQuery("select sum(points) as num from dlsessions where uid='$user->uid' and start_time>$download_time"); $db->query(); $points =$db->loadRow(); if($points[num]>$downloadrule[dl_maxbyday]) { $downloadrule[dl_points]=0; } unset($points); } } #6. check the download amounts by country if($can_download&&$dl_group[dl_checkarea]) { ($hook = YABPlugin::fetch_hook('file_checkarea',__FILE__,__LINE__)) ? eval($hook) : ''; # check last update and excess the max allowed bytes if($downloadrule[dl_maxbytes] && (time()-$downloadrule[dl_lastupdate]<24*60*60) && $downloadrule[dl_donebytes]+$filerow[size] > $downloadrule[dl_maxbytes]) { $can_download = 0; $errorcode = 'DL_GotMaxSizeByArea'; } # a new day, but a configuration cause the a big file is not allowed to download! elseif($downloadrule[dl_maxbytes] && (time()-$downloadrule[dl_lastupdate]>24*60*60) && $filerow[size] > $downloadrule[dl_maxbytes]) { $can_download = 0; $errorcode = 'DL_GotMaxSizeByArea'; } # a new day, reset the download rules if the rule is loaded from db! elseif($downloadrule[rule_id]) { #$nowtime = time(); #$db->setQuery("update downloadrules set donebytes='$filerow[size]',dl_lastupdate='$nowtime' where rule_id='$downloadrule[rule_id]'"); #$db->query(); } # a new day? update it! $downloadrule[dl_update] = (int)(time()-$downloadrule[dl_lastupdate]>24*60*60); ($hook = YABPlugin::fetch_hook('file_checkareadone',__FILE__,__LINE__)) ? eval($hook) : ''; } ## check is ok, build access key! if($can_download==1) { //$_SESSION[authkey] = ''; ($hook = YABPlugin::fetch_hook('file_buildlink',__FILE__,__LINE__)) ? eval($hook) : ''; ## build extras fileds ## build download options $dl_options = array(); $option_list = array( 'dl_resume','dl_speed','dl_threads', 'dl_ips',/*'dl_timeout',*/'dl_maxsbyip', 'dl_sizebyhour','dl_maxpointsbyday', 'uid','file','area','points', 'rule_id','update' ); $dl_options['dl_resume'] = $dl_group[dl_resume]; $dl_options['dl_speed'] = $dl_group[dl_speed]; $dl_options['dl_threads'] = $dl_group[dl_threads]; $dl_options['dl_ips'] = $dl_group[dl_ips]; //$dl_options['dl_timeout'] = $dl_group[dl_timeout]; $dl_options['dl_maxsbyip'] = $dl_group[dl_maxsbyip]; $dl_options['dl_sizebyhour'] = $dl_group[dl_sizebyhour]; $dl_options['dl_maxpointsbyday'] = $dl_group[dl_maxpointsbyday]; $dl_options['uid'] = $user->uid; $dl_options['file'] = $filerow[file]; $dl_options['area'] = $downloadrule[dl_area]; $dl_options['points'] = $downloadrule[dl_points]; $dl_options['rule_id'] = $downloadrule[rule_id]; $dl_options['update'] = $downloadrule[dl_update]; ## build download secret code #1: add the download code to avoid ip changes $download_code = !$user->setting[check_download_ip] ? $user->setting[download_code] : $input[IP_CLIENT].$user->setting[download_code]; #2: append the upload id to disable access key to download other files $download_code = $download_code . $file_id; $download_code = substr(md5($download_code . $file_id),0,32); ## build access key #1: timestamp the access key and generating the auth key $remotetime = time()+$dl_group[dl_timeout]-$filerow[t_diff]; $remotetime_hex = sprintf("%08x", $remotetime); $access_key = md5(trim($remotetime.$download_code.$filerow[file])); #2: generate file options code $encoded_options = encryptStr(serialize(implode(',',$dl_options)),$download_code); $encoded_options = encryptStr((implode(',',$dl_options)),$download_code); if(0) { echo '
$download_code='.$download_code; echo '
$remotetime='.$remotetime; echo '
$access_key='.$access_key; echo '
='.strlen(implode(',',$dl_options)); echo '
='.(implode(',',$dl_options)); echo '
='.strlen($encoded_options); echo '
$dl_group[dl_timeout]='.$dl_group[dl_timeout]; print_r($dl_options); } ## build download url with the access key! $downloadfileurl = $filerow[http].$filerow[domain].'/getfile.php?id='.$file_id.'&access_key='.$access_key.'&t='.$remotetime_hex.'&o='.$encoded_options.'&name='.rawurlencode($filerow[name]); //$downloadfileurl = $filerow[http].$filerow[domain].'/getfile/'.$file_id.'/'.rawurlencode($filerow[name]).'?&access_key='.$access_key.'&t='.$remotetime_hex.'&o='.$encoded_options; ($hook = YABPlugin::fetch_hook('file_directdownload',__FILE__,__LINE__)) ? eval($hook) : ''; if($dl_group[dl_direct]==1) { header("location:".$downloadfileurl); exit(); } } if($can_download) $errorcode = ''; ## assign vars $template->assign_vars(array( 'filesize'=>convertsize($filerow[size]), 'upload_id'=>$upload_id, 'downloadurl'=>$downloadurl, 'downloadfileurl'=>$downloadfileurl, 'deleteurl'=>$deleteurl, 'waittime'=>$user->dl_waittime, 'access_key'=>$access_key, 'errorcode'=>isset($LANG[$errorcode])?$LANG[$errorcode]:$errorcode, )); ListHostPackages(); $template->assign_var('PREMIUM_Download',$user->logined); if($can_download==1) { $template->assign_block_vars('download_section',array()); $template->assign_var('support_accelerators',$dl_group[dl_resume]); } else { $template->assign_var('captcha_enabled',$dl_group[dl_captcha]); $template->assign_var('downloadpw_needed',$dl_group[dl_password]&&strlen($filerow[password])); } $Upgrade2Download=str_replace(array('{baseWeb}','{SITENAME}'),array($baseWeb,$user->setting[sitename]),$LANG[ReportExplanation]); $template->assign_var('L_Upgrade2Download',$Upgrade2Download); ## inlcude header require_once("header.php"); # decide the template based the server and package $templatefile=array( 'download.package'.$user->package_id.'.html', 'download.html', ); foreach($templatefile as $file) { ($hook = YABPlugin::fetch_hook('file_loadtemplate',__FILE__,__LINE__)) ? eval($hook) : ''; if(file_exists('skin/'.$user->setting['skin_dir'].'/'.$file)) {$showtemplate=$file;break;} } $template->set_filenames(array( 'body' => $showtemplate) ); $template->pparse('body'); include "footer.php"; ?>