/*
+-------------------+
| Database settings |
+-------------------+
*/
require_once("dlm_db.php");
$current_date = date("Y-m-d");
$connection = mysql_connect($host, $user, $pwd) or die("Could not connect : " . mysql_error());
mysql_select_db($database) or die("Could not select database");
// Call checkmaster function to see if master switch is on or off (0-enabled, 1-disabled)
$master_check = checkmaster();
$server_type = substr(strtoupper($_ENV['OS']),0,3); // Try to determine if Windows or Linux
$server_software = substr(strtoupper($_SERVER['SERVER_SOFTWARE']),0,3); // Try to determine web server
if ($server_type == "WIN" or $server_software == "MIC") : $onwindows = 1; else : $onwindows = 0; endif;
/*
+----------------------------------------------------------------------------------------------------+
| Link clicked. Check file id and display captcha test if valid file id and if limit not yet reached |
+----------------------------------------------------------------------------------------------------+
*/
if ($_SERVER['QUERY_STRING']) // User requesting file. Check id is numeric, fetch details, and display captcha form
{
$file_id = intval($_SERVER['QUERY_STRING']); // Get id of file to fetch
if (is_int($file_id)) // Make sure file id is only a number
{
// run function to see if we can download file
$download_check = downloadable($file_id);
pre_dlm();
if ($master_check == 1)
{
echo "We're sorry, all downloads have been disabled.";
}
if ($master_check == 0)
{
switch ($download_check) //depending on $download_check, present file or message
{
case 0: // OK
drawform($file_id); // Call function to generate captcha form
break;
case 1: // LIMIT REACHED
echo "
DOWNLOAD LIMIT REACHED. Please try again later.
";
break;
case 2: // NO SUCH FILE ID
echo "NO SUCH FILE
";
break;
}
}
}
}
/*
+--------------------------------------------------------------------------------------------------------+
| Form POSTed. Check capthca guess and file id. Present file if limit not reached and captcha is correct |
+--------------------------------------------------------------------------------------------------------+
*/
if ($_POST) // Form is being posted back for captcha validation - If successful, aloow file download
{
// see if guess is correct, else fail
$key_query = "SELECT `key` FROM dlm_config";
$key_result = mysql_query($key_query) or die("Query failed : " . mysql_error());
$mykey = mysql_fetch_array($key_result);
$user_input = $_POST['guess']; // The guess a user enters -- case sensitive
$file_id = $_POST["file_id"];
$newcode = $_POST['code'] . $mykey; // Combine the hidden code field with $mykey
$key = substr(md5($newcode), 0, 5); // Encrypt it and take first five characters
if ($key == $user_input)
{
if ($master_check == 0)
{
// run function to see if we can download file
$download_check = downloadable($file_id);
switch ($download_check) // depending on $download_check, present file or message
{
case 0: // OK
$query = "SELECT * FROM dlm_files WHERE id = '$file_id'";
$result = mysql_query($query) or die("Query failed : " . mysql_error());
$row = mysql_fetch_array($result);
$path_array = explode('/', $row[1]);
if ($onwindows) $path_array = explode('\\', $row[1]);
$file_name = array_pop($path_array);
$fp = fopen($row[1], 'rb');
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=$file_name");
//header("Content-Description: PHP3 Generated Data");
header("Pragma: no-cache");
header("Expires: 0");
header("Content-Length: ".filesize($row[1]));
$total_chars = fpassthru($fp);
fclose($fp);
//echo "fpassthru: $total_chars. Filesize: " . filesize($row[1]);
if ($total_chars == filesize($row[1])) // bytes sent equals size of file
{
//update stats db
//look to see if theres an entry today for the file. if so, update by 1
//if not, insert a row
$lookup_query = "SELECT * FROM dlm_stats WHERE dl_date = '$current_date' And file_id = '$file_id'";
$lookup_result = mysql_query($lookup_query) or die("Query failed : " . mysql_error());
$lookup_num_rows = mysql_num_rows($lookup_result);
if ($lookup_num_rows == 1) // File has already been downloaded at least once today. Update
{
$update_row = mysql_fetch_row($lookup_result);
$new_dl_count = $update_row[2] + 1;
$update_query = "UPDATE dlm_stats SET dl_count = '$new_dl_count' WHERE dl_date = '$current_date' And file_id = '$file_id'";
$update_result = mysql_query($update_query) or die("Query failed : " . mysql_error());
}
else // First time file has been downloaded today. Insert
{
$insert_query = "INSERT INTO dlm_stats VALUES ('$current_date', '$file_id', '1')";
$insert_result = mysql_query($insert_query) or die("Query failed : " . mysql_error());
}
}
break;
case 1: // LIMIT REACHED
pre_dlm();
echo "LIMIT REACHED";
break;
case 2: // NO SUCH FILE ID
pre_dlm();
echo "NO SUCH FILE";
break;
}
}
elseif ($master_check == 1)
{
pre_dlm();
echo "We're sorry, all downloads have been disabled.";
}
}
else
{
pre_dlm();
echo "
Sorry, you did not enter the correct verification code. Please try again.
";
drawform($file_id); // Call function to generate captcha form
}
}
/*
+---------------------------------------------------------------------------------------------------------+
| FUNCTIONS: |
| 1. Draw form function. Draws captcha form for user to authenticate humanness with |
| 2. Downloadable check function. Receives a file id and checks to see if download limit has been reached |
| Returns 0=OK, 1=LIMIT REACHED, 2=NO SUCH FILE |
| 3. Check master switch.
+---------------------------------------------------------------------------------------------------------+
*/
function drawform($myfile)
{
$rand_loop = rand(5, 10); // Pick length of random string
$string = ''; // Initialize string
for($i = 1; $i <= $rand_loop; $i++)
{
$rand1 = rand(48, 57); //0-9
$rand2 = rand(65, 90); //A-Z
$rand3 = rand(97, 122); //a-z
$rand_picker = rand(1, 3); // use rand 1, 2 or 3
switch ($rand_picker)
{
case 1:
$string .= chr($rand1);
break;
case 2:
$string .= chr($rand2);
break;
case 3:
$string .= chr($rand3);
break;
}
}
$filename_query = "SELECT path FROM dlm_files WHERE id = '$myfile'";
$filename_result = mysql_query($filename_query) or die("Query failed : " . mysql_error());
while ($filename_row = mysql_fetch_array($filename_result))
{
$name = array_pop(explode("/", $filename_row[0]));
}
$path_parts = pathinfo($name);
// echo "";
echo "";
echo "\n";
echo "To prevent other web sites from leeching files from our site and scripts from repeatedly downlading our files, we ask that you enter the code below.
\n";
echo "\n";
echo "\n";
}
function downloadable($myfile)
{
// Query database for info on the requested file id
$query = "SELECT * FROM dlm_files WHERE id = '$myfile'";
$result = mysql_query($query) or die("Query failed : " . mysql_error());
$num_rows = mysql_num_rows($result);
$end_flag = 2;
global $current_date;
if ($num_rows != 0) // If a row is returned, file exists. Put the data in $row
{
$row = mysql_fetch_array($result);
$path_array = explode('/', $row[1]);
$file_name = array_pop($path_array);
$daily_limit = $row[2]; // -1 for unlimited, 0 for no downloads
$total_limit = $row[3]; // -1 for unlimited, 0 for no downloads
$total_count = 0;
$daily_count = array(0 => 0);
$end_flag = 0;
//query database for totals for this file for today and total
$daily_query = "SELECT dl_count FROM dlm_stats WHERE file_id = '$myfile' AND dl_date = '$current_date'"; // Get count for today only for this id
$daily_result = mysql_query($daily_query) or die("Query failed : " . mysql_error());
$daily_count = mysql_fetch_row($daily_result);
$total_query = "SELECT dl_count FROM dlm_stats WHERE file_id = '$myfile'"; // Get count for all days for this id
$total_result = mysql_query($total_query) or die("Query failed : " . mysql_error());
while ($total_row = mysql_fetch_array($total_result))
{
$total_count += $total_row[0]; // Add up the daily download counts
}
if (!$daily_count) {$daily_count = array(0 => 0);} // If the file hasn't been downloaded yet today, the $daily_count array becomes FALSE
// $total_count and $daily_count[0] have values
if ($total_limit == 0 Or $daily_limit == 0) // One or both limits are set to no downloads.
{
$end_flag = 1;
}
if ($total_limit >= 1 And $daily_limit == -1) // Check total limit; Daily is unlimited.
{
//check $total_count against $total_limit. Set flag if $total_count >= $total_limit
if ($total_count >= $total_limit)
{
$end_flag = 1;
}
}
if ($total_limit == -1 And $daily_limit >= 1) // Check daily limit; Total is unlimited.
{
//check $daily_count against $daily_limit. Set flag if $daily_count >= $daily_limit
if ($daily_count[0] >= $daily_limit)
{
$end_flag = 1;
}
}
if ($total_limit >= 1 And $daily_limit >= 1) // Both have fixed limits. Check against current counts.
{
if ($total_count >= $total_limit) // We've exceeded total limit
{
$end_flag = 1;
}
if ($daily_count[0] >= $daily_limit) // We've exceeded total limit
{
$end_flag = 1;
}
}
}
return $end_flag; // 0=OK, 1=LIMIT REACHED, 2=NO SUCH FILE
}
function checkmaster()
{
// Query config table to see if master switch is on or off
$query = "SELECT alloff FROM dlm_config";
$result = mysql_query($query) or die("Query failed : " . mysql_error());
while ($row = mysql_fetch_array($result))
{
return $row['alloff'];
}
}
// pre_dlm is used for adding HTML/PHP code above the code for the download manager
function pre_dlm()
{
echo <<
DOWNLOAD
EOT;
}
// post_dlm is used for adding HTML/PHP code below the code for the download manager
function post_dlm()
{
echo <<