<?php
/*
=====================================================
DataLife Engine - by SoftNews Media Group
-----------------------------------------------------
http://dle-news.ru/
-----------------------------------------------------
Copyright (c) 2004-2017 SoftNews Media Group
=====================================================
Данный код защищен авторскими правами
=====================================================
Файл: download.php
-----------------------------------------------------
Назначение: Скачивание файлов
=====================================================
*/
define ( 'DATALIFEENGINE', true ); define ( 'FILE_DIR', '../uploads/files/' ); define ( 'ENGINE_DIR', ROOT_DIR . '/engine' );
@ini_set ( 'display_errors', true ); @ini_set ( 'error_reporting', E_ALL ^ E_WARNING ^ E_NOTICE );
function reset_url($url) {
$url = (string)$url;
$value = reset ( $value ); return $value;
}
function clear_url_dir($var) {
$var = (string)$var;
return $var;
}
require ENGINE_DIR . '/data/config.php';
if ($config['http_home_url'] == "") {
$config['http_home_url'] = explode ( "engine/download.php", $_SERVER['PHP_SELF'] ); $config['http_home_url'] = reset ( $config['http_home_url'] ); $config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url'];
}
require_once ENGINE_DIR . '/classes/mysql.php';
require_once ENGINE_DIR . '/data/dbconfig.php';
require_once ENGINE_DIR . '/modules/functions.php';
dle_session();
//################# Определение групп пользователей
$user_group = get_vars ( "usergroup" );
if ( !$user_group ) {
$db->query ( "SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC" );
while ( $row = $db->get_row () ) {
$user_group[$row['id']] = array ();
foreach ( $row as $key => $value ) {
$user_group[$row['id']][$key] = $value;
}
}
set_vars ( "usergroup", $user_group );
$db->free ();
}
require_once ENGINE_DIR . '/modules/sitelogin.php';
require_once ENGINE_DIR . '/classes/download.class.php';
if ( !$is_logged ) {
$member_id['user_group'] = 5;
}
$id = intval( $_REQUEST['id'] ); $viewonline = intval( $_REQUEST['viewonline'] ); $perm = true;
$onlineview_ext = array('doc', 'docx','odt','pdf','xls','xlsx'); $full_link = $config['http_home_url'];
if ($_REQUEST['area'] == "static") {
$row = $db->super_query ( "SELECT static_id, name, onserver FROM " . PREFIX . "_static_files WHERE id ='{$id}'" );
$row_news = $db->super_query ( "SELECT id, name FROM " . PREFIX . "_static WHERE id ='{$row['static_id']}'" );
if ( $row_news['id'] ) {
if( $config['allow_alt_url'] ) $full_link = $config['http_home_url'] . $row_news['name'] . ".html";
else $full_link = $config['http_home_url'] . "index.php?do=static&page=" . $row_news['name'];
} else {
$perm = false;
}
} else {
$row = $db->super_query ( "SELECT news_id, name, onserver FROM " . PREFIX . "_files WHERE id ='{$id}'" );
if ( $row['news_id'] AND !$viewonline ) {
$row_news = $db->super_query ( "SELECT id, autor, date, category, alt_name, approve, access FROM " . PREFIX . "_post LEFT JOIN " . PREFIX . "_post_extras ON (" . PREFIX . "_post.id=" . PREFIX . "_post_extras.news_id) WHERE id ='{$row['news_id']}'" );
if( $row_news['id'] ) {
$row_news['date'] = strtotime( $row_news['date'] );
if( $config['allow_alt_url'] ) {
if( $config['seo_type'] == 1 OR $config['seo_type'] == 2 ) {
if( $row['category'] and $config['seo_type'] == 2 ) {
$full_link = $config['http_home_url'] . get_url( $row_news['category'] ) . "/" . $row_news['id'] . "-" . $row_news['alt_name'] . ".html";
} else {
$full_link = $config['http_home_url'] . $row_news['id'] . "-" . $row_news['alt_name'] . ".html";
}
} else {
$full_link = $config['http_home_url'] . date( 'Y/m/d/', $row_news['date'] ) . $row_news['alt_name'] . ".html"; }
} else {
$full_link = $config['http_home_url'] . "index.php?newsid=" . $row_news['id'];
}
$options = news_permission( $row_news['access'] );
if( $options[$member_id['user_group']] AND $options[$member_id['user_group']] != 3 ) $perm = true;
if( $options[$member_id['user_group']] == 3 ) $perm = false;
if ($config['no_date'] AND !$config['news_future'] AND !$user_group[$member_id['user_group']]['allow_all_edit']) {
if( $row_news['date'] > $_TIME ) {
$perm = false;
}
}
$cat_list = explode( ',', $row_news['category'] );
$allow_list = explode( ',', $user_group[$member_id['user_group']]['allow_cats'] ); $not_allow_cats = explode ( ',', $user_group[$member_id['user_group']]['not_allow_cats'] );
foreach ( $cat_list as $element ) {
if( $allow_list[0] != "all" AND !in_array( $element, $allow_list ) ) $perm = false;
if( $not_allow_cats[0] != "" AND in_array( $element, $not_allow_cats ) ) $perm = false;
}
}
if( !$row_news['approve'] AND $member_id['name'] != $row_news['autor'] AND !$user_group[$member_id['user_group']]['allow_all_edit'] ) $perm = false;
} else $perm = false;
} elseif ( !$row['news_id'] ) {
$perm = false;
}
}
if ( !$row['name'] ) {
}
if ( !$perm ) {
die ( "You don't have access to download this file" ); }
$file_path = dirname (clear_url_dir($url['path'])); $file_ext = totranslit($file_name['extension'], true, false);
$file_name = totranslit($file_name['basename'], false);
if ($file_path AND $file_path != ".") $file_name = $file_path."/".$file_name;
if( stripos ( $file_name, ".php" ) !== false ) { }
if ($viewonline == 1 AND in_array($file_ext, $onlineview_ext) ) {
$config['files_antileech'] = false;
$user_group[$member_id['user_group']]['files_max_speed'] = 0;
$user_group[$member_id['user_group']]['allow_files'] = true;
}
if ( !$user_group[$member_id['user_group']]['allow_files'] ) {
}
if ($config['files_antileech']) {
$_SERVER['HTTP_REFERER'] = reset_url ( $_SERVER['HTTP_REFERER'] );
$_SERVER['HTTP_HOST'] = reset_url ( $_SERVER['HTTP_HOST'] );
if ($_SERVER['HTTP_HOST'] != $_SERVER['HTTP_REFERER']) {
@header ( 'Location: ' . $full_link ); die ( "Access denied!!!<br /><br />Please visit <a href=\"{$config['http_home_url']}\">{$config['http_home_url']}</a>" ); }
}
$file = new download ( FILE_DIR . $file_name, $row['name'], $config['files_force'], intval($user_group[$member_id['user_group']]['files_max_speed']) );
if ($_REQUEST['area'] == "static") {
if ($config['files_count'] AND !$file->range) {
$db->query ( "UPDATE " . PREFIX . "_static_files SET dcount=dcount+1 WHERE id ='$id'" );
}
} else {
if ($config['files_count'] AND !$file->range) {
$db->query ( "UPDATE " . PREFIX . "_files SET dcount=dcount+1 WHERE id ='$id'" );
}
}
$db->close();
$file->download_file();
?>