hpdl
|
1
|
1
|
<?php
|
|
2
|
/*
|
hpdl
|
7
|
3
|
$Id: download.php 824 2006-08-29 11:09:15Z hpdl $
|
hpdl
|
1
|
4
|
|
|
5
|
osCommerce, Open Source E-Commerce Solutions
|
|
6
|
http://www.oscommerce.com
|
|
7
|
|
hpdl
|
7
|
8
|
Copyright (c) 2005 osCommerce
|
hpdl
|
1
|
9
|
|
|
10
|
Released under the GNU General Public License
|
|
11
|
*/
|
|
12
|
|
hpdl
|
824
|
13
|
$_SERVER['SCRIPT_FILENAME'] = __FILE__;
|
|
14
|
|
hpdl
|
1
|
15
|
include('includes/application_top.php');
|
|
16
|
|
|
17
|
if ($osC_Customer->isLoggedOn() == false) die;
|
|
18
|
|
|
19
|
// Check download.php was called with proper GET parameters
|
|
20
|
if ((isset($_GET['order']) && !is_numeric($_GET['order'])) || (isset($_GET['id']) && !is_numeric($_GET['id'])) ) {
|
|
21
|
die;
|
|
22
|
}
|
|
23
|
|
|
24
|
// Check that order_id, customer id and filename match
|
hpdl
|
7
|
25
|
$Qdownloads = $osC_Database->query('select date_format(o.date_purchased, "%Y-%m-%d") as date_purchased_day, opd.download_maxdays, opd.download_count, opd.download_maxdays, opd.orders_products_filename from :table_orders o, :table_orders_products op, :table_orders_products_download opd where o.customers_id = :customers_id and o.orders_id = :orders_id and o.orders_id = op.orders_id and op.orders_products_id = opd.orders_products_id and opd.orders_products_download_id = :orders_products_download_id and opd.orders_products_filename != ""');
|
|
26
|
$Qdownloads->bindTable(':table_orders', TABLE_ORDERS);
|
|
27
|
$Qdownloads->bindTable(':table_orders_products', TABLE_ORDERS_PRODUCTS);
|
|
28
|
$Qdownloads->bindTable(':table_orders_products_download', TABLE_ORDERS_PRODUCTS_DOWNLOAD);
|
hpdl
|
370
|
29
|
$Qdownloads->bindInt(':customers_id', $osC_Customer->getID());
|
hpdl
|
7
|
30
|
$Qdownloads->bindInt(':orders_id', $_GET['order']);
|
|
31
|
$Qdownloads->bindInt(':orders_products_download_id', $_GET['id']);
|
|
32
|
$Qdownloads->execute();
|
|
33
|
|
|
34
|
if ($Qdownloads->numberOfRows() < 1) {
|
|
35
|
die();
|
|
36
|
}
|
|
37
|
|
hpdl
|
1
|
38
|
// MySQL 3.22 does not have INTERVAL
|
hpdl
|
7
|
39
|
list($dt_year, $dt_month, $dt_day) = explode('-', $Qdownloads->value('date_purchased_day'));
|
|
40
|
$download_timestamp = mktime(23, 59, 59, $dt_month, $dt_day + $Qdownloads->value('download_maxdays'), $dt_year);
|
hpdl
|
1
|
41
|
|
|
42
|
// Die if time expired (maxdays = 0 means no time limit)
|
hpdl
|
7
|
43
|
if (($Qdownloads->value('download_maxdays') != 0) && ($download_timestamp <= time())) die;
|
hpdl
|
1
|
44
|
// Die if remaining count is <=0
|
hpdl
|
7
|
45
|
if ($Qdownloads->value('download_count') <= 0) die;
|
hpdl
|
1
|
46
|
// Die if file is not there
|
hpdl
|
7
|
47
|
if (!file_exists(DIR_FS_DOWNLOAD . $Qdownloads->value('orders_products_filename'))) die;
|
hpdl
|
1
|
48
|
|
|
49
|
// Now decrement counter
|
hpdl
|
7
|
50
|
$Qupdate = $osC_Database->query('update :table_orders_products_download set download_count = download_count-1 where orders_products_download_id = :orders_products_download_id');
|
|
51
|
$Qupdate->bindTable(':table_orders_products_download', TABLE_ORDERS_PRODUCTS_DOWNLOAD);
|
|
52
|
$Qupdate->bindInt(':orders_products_download_id', $_GET['id']);
|
|
53
|
$Qupdate->execute();
|
hpdl
|
1
|
54
|
|
|
55
|
// Returns a random name, 16 to 20 characters long
|
|
56
|
// There are more than 10^28 combinations
|
|
57
|
// The directory is "hidden", i.e. starts with '.'
|
hpdl
|
758
|
58
|
function osc_random_name() {
|
hpdl
|
1
|
59
|
$letters = 'abcdefghijklmnopqrstuvwxyz';
|
|
60
|
$dirname = '.';
|
hpdl
|
757
|
61
|
$length = floor(osc_rand(16,20));
|
hpdl
|
7
|
62
|
|
hpdl
|
1
|
63
|
for ($i = 1; $i <= $length; $i++) {
|
hpdl
|
757
|
64
|
$q = floor(osc_rand(1,26));
|
hpdl
|
1
|
65
|
$dirname .= $letters[$q];
|
|
66
|
}
|
hpdl
|
7
|
67
|
|
hpdl
|
1
|
68
|
return $dirname;
|
|
69
|
}
|
|
70
|
|
|
71
|
// Unlinks all subdirectories and files in $dir
|
|
72
|
// Works only on one subdir level, will not recurse
|
hpdl
|
758
|
73
|
function osc_unlink_temp_dir($dir) {
|
hpdl
|
1
|
74
|
$h1 = opendir($dir);
|
|
75
|
while ($subdir = readdir($h1)) {
|
|
76
|
// Ignore non directories
|
|
77
|
if (!is_dir($dir . $subdir)) continue;
|
|
78
|
// Ignore . and .. and CVS
|
|
79
|
if ($subdir == '.' || $subdir == '..' || $subdir == 'CVS') continue;
|
|
80
|
// Loop and unlink files in subdirectory
|
|
81
|
$h2 = opendir($dir . $subdir);
|
|
82
|
while ($file = readdir($h2)) {
|
|
83
|
if ($file == '.' || $file == '..') continue;
|
|
84
|
@unlink($dir . $subdir . '/' . $file);
|
|
85
|
}
|
|
86
|
closedir($h2);
|
|
87
|
@rmdir($dir . $subdir);
|
|
88
|
}
|
|
89
|
closedir($h1);
|
|
90
|
}
|
|
91
|
|
|
92
|
|
|
93
|
// Now send the file with header() magic
|
|
94
|
header("Expires: Mon, 26 Nov 1962 00:00:00 GMT");
|
|
95
|
header("Last-Modified: " . gmdate("D,d M Y H:i:s") . " GMT");
|
|
96
|
header("Cache-Control: no-cache, must-revalidate");
|
|
97
|
header("Pragma: no-cache");
|
|
98
|
header("Content-Type: Application/octet-stream");
|
hpdl
|
7
|
99
|
header("Content-disposition: attachment; filename=" . $Qdownloads->value('orders_products_filename'));
|
hpdl
|
1
|
100
|
|
hpdl
|
554
|
101
|
if (DOWNLOAD_BY_REDIRECT == '1') {
|
hpdl
|
1
|
102
|
// This will work only on Unix/Linux hosts
|
hpdl
|
758
|
103
|
osc_unlink_temp_dir(DIR_FS_DOWNLOAD_PUBLIC);
|
|
104
|
$tempdir = osc_random_name();
|
hpdl
|
1
|
105
|
umask(0000);
|
|
106
|
mkdir(DIR_FS_DOWNLOAD_PUBLIC . $tempdir, 0777);
|
hpdl
|
7
|
107
|
symlink(DIR_FS_DOWNLOAD . $Qdownloads->value('orders_products_filename'), DIR_FS_DOWNLOAD_PUBLIC . $tempdir . '/' . $Qdownloads->value('orders_products_filename'));
|
hpdl
|
757
|
108
|
osc_redirect(DIR_WS_DOWNLOAD_PUBLIC . $tempdir . '/' . $Qdownloads->value('orders_products_filename'));
|
hpdl
|
1
|
109
|
} else {
|
|
110
|
// This will work on all systems, but will need considerable resources
|
|
111
|
// We could also loop with fread($fp, 4096) to save memory
|
hpdl
|
7
|
112
|
readfile(DIR_FS_DOWNLOAD . $Qdownloads->value('orders_products_filename'));
|
hpdl
|
1
|
113
|
}
|
|
114
|
?>
|
