<?php //http://forum.overcomputers.com/index.php?action=dlattach;attach=19;type=avatar function Download() { global $txt, $modSettings, $db_prefix, $user_info, $scripturl, $context, $sourcedir;
$context['no_last_modified'] = true;
// Make sure some attachment was requested! if (!isset($_REQUEST['attach']) && !isset($_REQUEST['id'])) fatal_lang_error(1, false);
$_REQUEST['attach'] = isset($_REQUEST['attach']) ? (int) $_REQUEST['attach'] : (int) $_REQUEST['id'];
if (isset($_REQUEST['type']) && $_REQUEST['type'] == 'avatar') { $request = db_query(" SELECT filename, ID_ATTACH, attachmentType FROM {$db_prefix}attachments WHERE ID_ATTACH = $_REQUEST[attach] AND ID_MEMBER > 0 LIMIT 1", __FILE__, __LINE__); $_REQUEST['image'] = true; } // This is just a regular attachment... else { isAllowedTo('view_attachments');
// Make sure this attachment is on this board. $request = db_query(" SELECT a.filename, a.ID_ATTACH, a.attachmentType FROM ({$db_prefix}boards AS b, {$db_prefix}messages AS m, {$db_prefix}attachments AS a) WHERE b.ID_BOARD = m.ID_BOARD AND $user_info[query_see_board] AND m.ID_MSG = a.ID_MSG AND a.ID_ATTACH = $_REQUEST[attach] LIMIT 1", __FILE__, __LINE__); } if (mysql_num_rows($request) == 0) fatal_lang_error(1, false); list ($real_filename, $ID_ATTACH, $attachmentType) = mysql_fetch_row($request); mysql_free_result($request);
// Update the download counter (unless it's a thumbnail). if ($attachmentType != 3) db_query(" UPDATE LOW_PRIORITY {$db_prefix}attachments SET downloads = downloads + 1 WHERE ID_ATTACH = $ID_ATTACH LIMIT 1", __FILE__, __LINE__);
$filename = getAttachmentFilename($real_filename, $_REQUEST['attach']);
// This is done to clear any output that was made before now. (would use ob_clean(), but that's PHP 4.2.0+...) ob_end_clean(); if (!empty($modSettings['enableCompressedOutput']) && @version_compare(PHP_VERSION, '4.2.0') >= 0 && @filesize($filename) <= 4194304) @ob_start('ob_gzhandler'); else { ob_start(); header('Content-Encoding: none'); }
// No point in a nicer message, because this is supposed to be an attachment anyway... if (!file_exists($filename)) { loadLanguage('Errors');
header('HTTP/1.0 404 ' . $txt['attachment_not_found']); header('Content-Type: text/plain; charset=' . (empty($context['character_set']) ? 'ISO-8859-1' : $context['character_set']));
// We need to die like this *before* we send any anti-caching headers as below. die('404 - ' . $txt['attachment_not_found']); }
// If it hasn't been modified since the last time this attachement was retrieved, there's no need to display it again. if (!empty($_SERVER['HTTP_IF_MODIFIED_SINCE'])) { list($modified_since) = explode(';', $_SERVER['HTTP_IF_MODIFIED_SINCE']); if (strtotime($modified_since) >= filemtime($filename)) { ob_end_clean();
// Answer the question - no, it hasn't been modified ;). header('HTTP/1.1 304 Not Modified'); exit; } }
// Check whether the ETag was sent back, and cache based on that... $file_md5 = '"' . md5_file($filename) . '"'; if (!empty($_SERVER['HTTP_IF_NONE_MATCH']) && strpos($_SERVER['HTTP_IF_NONE_MATCH'], $file_md5) !== false) { ob_end_clean();
header('HTTP/1.1 304 Not Modified'); exit; }
// Send the attachment headers. header('Pragma: ');
if (!$context['browser']['is_gecko']) header('Content-Transfer-Encoding: binary'); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 525600 * 60) . ' GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s', filemtime($filename)) . ' GMT'); header('Accept-Ranges: bytes'); header('Set-Cookie:'); header('Connection: close'); header('ETag: ' . $file_md5);
if (filesize($filename) != 0) { $size = @getimagesize($filename); if (!empty($size)) { // What headers are valid? $validTypes = array( 1 => 'gif', 2 => 'jpeg', 3 => 'png', 5 => 'psd', 6 => 'bmp', 7 => 'tiff', 8 => 'tiff', 9 => 'jpeg', 14 => 'iff', );
// Do we have a mime type we can simpy use? if (!empty($size['mime'])) header('Content-Type: ' . $size['mime']); elseif (isset($validTypes[$size[2]])) header('Content-Type: image/' . $validTypes[$size[2]]); // Otherwise - let's think safety first... it might not be an image... elseif (isset($_REQUEST['image'])) unset($_REQUEST['image']); } // Once again - safe! elseif (isset($_REQUEST['image'])) unset($_REQUEST['image']); }
if (!isset($_REQUEST['image'])) { header('Content-Disposition: attachment; filename="' . $real_filename . '"'); header('Content-Type: application/octet-stream'); }
// If this has an "image extension" - but isn't actually an image - then ensure it isn't cached cause of silly IE. if (!isset($_REQUEST['image']) && in_array(substr($real_filename, -4), array('.gif', '.jpg', '.bmp', '.png', 'jpeg', 'tiff'))) header('Cache-Control: no-cache'); else header('Cache-Control: max-age=' . (525600 * 60) . ', private');
if (empty($modSettings['enableCompressedOutput']) || filesize($filename) > 4194304) header('Content-Length: ' . filesize($filename));
// Try to buy some time... @set_time_limit(0);
// For text files..... if (!isset($_REQUEST['image']) && in_array(substr($real_filename, -4), array('.txt', '.css', '.htm', '.php', '.xml'))) { if (strpos($_SERVER['HTTP_USER_AGENT'], 'Windows') !== false) $callback = create_function('$buffer', 'return preg_replace(\'~[\r]?\n~\', "\r\n", $buffer);'); elseif (strpos($_SERVER['HTTP_USER_AGENT'], 'Mac') !== false) $callback = create_function('$buffer', 'return preg_replace(\'~[\r]?\n~\', "\r", $buffer);'); else $callback = create_function('$buffer', 'return preg_replace(\'~\r~\', "\r\n", $buffer);'); }
// Since we don't do output compression for files this large... if (filesize($filename) > 4194304) { // Forcibly end any output buffering going on. if (function_exists('ob_get_level')) { while (@ob_get_level() > 0) @ob_end_clean(); } else { @ob_end_clean(); @ob_end_clean(); @ob_end_clean(); }
$fp = fopen($filename, 'rb'); while (!feof($fp)) { if (isset($callback)) echo $callback(fread($fp, 8192)); else echo fread($fp, 8192); flush(); } fclose($fp); } // On some of the less-bright hosts, readfile() is disabled. It's just a faster, more byte safe, version of what's in the if. elseif (isset($callback) || @readfile($filename) == null) echo isset($callback) ? $callback(file_get_contents($filename)) : file_get_contents($filename);
obExit(false); } |