1 | <?php |
---|
2 | // +-----------------------------------------------------------------------+ |
---|
3 | // | PhpWebGallery - a PHP based picture gallery | |
---|
4 | // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | |
---|
5 | // | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net | |
---|
6 | // +-----------------------------------------------------------------------+ |
---|
7 | // | branch : BSF (Best So Far) |
---|
8 | // | file : $URL: branches/branch-1_6-hk/action.php $ |
---|
9 | // | last update : $Date: 2006-10-10 21:20:57 +0000 (Tue, 10 Oct 2006) $ |
---|
10 | // | last modifier : $Author: rub $ |
---|
11 | // | revision : $Rev: 1559 $ |
---|
12 | // +-----------------------------------------------------------------------+ |
---|
13 | // | This program is free software; you can redistribute it and/or modify | |
---|
14 | // | it under the terms of the GNU General Public License as published by | |
---|
15 | // | the Free Software Foundation | |
---|
16 | // | | |
---|
17 | // | This program is distributed in the hope that it will be useful, but | |
---|
18 | // | WITHOUT ANY WARRANTY; without even the implied warranty of | |
---|
19 | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
---|
20 | // | General Public License for more details. | |
---|
21 | // | | |
---|
22 | // | You should have received a copy of the GNU General Public License | |
---|
23 | // | along with this program; if not, write to the Free Software | |
---|
24 | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
---|
25 | // | USA. | |
---|
26 | // +-----------------------------------------------------------------------+ |
---|
27 | |
---|
28 | define('PHPWG_ROOT_PATH','./'); |
---|
29 | include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); |
---|
30 | |
---|
31 | // Check Access and exit when user status is not ok |
---|
32 | check_status(ACCESS_GUEST); |
---|
33 | |
---|
34 | function force_download ($filename) |
---|
35 | { |
---|
36 | //TODO : messages in "lang" |
---|
37 | if (!url_is_remote($filename)) |
---|
38 | { |
---|
39 | $filename = realpath($filename); |
---|
40 | if (!file_exists($filename)) |
---|
41 | { |
---|
42 | die("NO FILE HERE"); |
---|
43 | } |
---|
44 | $file_size = @filesize($filename); |
---|
45 | } |
---|
46 | else |
---|
47 | { |
---|
48 | $file_size = 0; |
---|
49 | } |
---|
50 | |
---|
51 | $file_extension = strtolower(substr(strrchr($filename,"."),1)); |
---|
52 | |
---|
53 | switch ($file_extension) { |
---|
54 | case "jpe": case "jpeg": |
---|
55 | case "jpg": $ctype="image/jpg"; break; |
---|
56 | case "png": $ctype="image/png"; break; |
---|
57 | case "gif": $ctype="image/gif"; break; |
---|
58 | case "pdf": $ctype="application/pdf"; break; |
---|
59 | case "zip": $ctype="application/zip"; break; |
---|
60 | case "php": |
---|
61 | // never allow download of php scripts to protect our conf files |
---|
62 | die('Hacking attempt!'); break; |
---|
63 | default: $ctype="application/octet-stream"; |
---|
64 | } |
---|
65 | |
---|
66 | header("Pragma: public"); |
---|
67 | header("Expires: 0"); |
---|
68 | header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); |
---|
69 | header("Cache-Control: private",false); |
---|
70 | header("Content-Type: $ctype"); |
---|
71 | header("Content-Disposition: attachment; filename=\"" |
---|
72 | .basename($filename)."\";"); |
---|
73 | header("Content-Transfer-Encoding: binary"); |
---|
74 | if (isset($file_size) and ($file_size != 0)) |
---|
75 | { |
---|
76 | header("Content-Length: ".@filesize($filename)); |
---|
77 | } |
---|
78 | // Looking at the safe_mode configuration for execution time |
---|
79 | if (ini_get('safe_mode') == 0) |
---|
80 | { |
---|
81 | @set_time_limit(0); |
---|
82 | } |
---|
83 | |
---|
84 | @readfile("$filename") or die("File not found."); |
---|
85 | } |
---|
86 | |
---|
87 | //--------------------------------------------------------- download big picture |
---|
88 | if ( isset( $_GET['dwn'] ) ) |
---|
89 | { |
---|
90 | //TODO : verify the path begins with something in galleries_url and that user has access rights to the picture |
---|
91 | // in order to avoid hacking atempts by forged url |
---|
92 | if (preg_match('/\.\./',$_GET['dwn'])) { |
---|
93 | die('Hacking attempt!'); |
---|
94 | } |
---|
95 | force_download($_GET['dwn']); |
---|
96 | } |
---|
97 | |
---|
98 | ?> |
---|