PageRenderTime 48ms CodeModel.GetById 19ms RepoModel.GetById 0ms app.codeStats 0ms

/mode/attachment.class.php

http://xklog.googlecode.com/
PHP | 89 lines | 71 code | 14 blank | 4 comment | 17 complexity | 4753c4e6686896ad2a6d159c5df2ad04 MD5 | raw file
Possible License(s): AGPL-1.0 
    

  1. <?php
    2. 

  2. 

  3. !defined('IN_NOVA') && exit('Access Denied!');

    4. 

  4. 

    5. 

  5. class Attachement {

    6. 

  6. 

    7. 

  7. 	public function start() {

    8. 

  8. 		$fileid = getGP('id','G','int');
    9. 

  9. 		$view = getGP('view','G');
    10. 

  10. 

  11. 		if( !$fileid ) {
    12. 

  12. 			@header('content-type: text/html; charset=utf-8');
    13. 

  13. 			exit('?????');
    14. 

  14. 		}
    15. 

  15. 

  16. 		//???
    17. 

  17. 		if( !isset( $_SERVER['HTTP_REFERER'] ) ) access_denied();
    18. 

  18. 

  19. 		$allow_host = $_CACHE['set'][0]['domain'];
    20. 

  20. 		$referer = parse_url($_SERVER['HTTP_REFERER']);
    21. 

  21. 

  22. 		if ( 'http://' . $referer['host'] . '/' != $allow_host ) {
    23. 

  23. 			access_denied();
    24. 

  24. 		}
    25. 

  25. 

  26. 

  27. 		$file = $db->fetch_one_array("SELECT ul_id,ul_filepath,ul_filetype,ul_fileext,ul_filesize,ul_thumb,ul_time FROM `" . PREFIX_STR . "upload` WHERE ul_id = $fileid");
    28. 

  28. 

  29. 		if( !isset( $file['ul_filepath'] ) ) {
    30. 

  30. 			@header('content-type: text/html; charset=utf-8');
    31. 

  31. 			exit('?????????????????');
    32. 

  32. 		}
    33. 

  33. 

  34. 		$file['ul_filepath'] = XKLOG_ROOT . $file['ul_filepath'];
    35. 

  35. 

  36. 		if ( !$file ) {
    37. 

  37. 			access_denied();
    38. 

  38. 		} else {
    39. 

  39. 			//????getimagesize??????????????????????????
    40. 

  40. 			$isimage = false;
    41. 

  41. 			if ( stristr( $file['ul_filetype'], 'image' ) ) {
    42. 

  42. 				$imginfo = @getimagesize( $file['ul_filepath'] );
    43. 

  43. 				if ( $imginfo[2] && $imginfo['bits'] ) {
    44. 

  44. 					$isimage = true;
    45. 

  45. 				}
    46. 

  46. 				unset( $imginfo );
    47. 

  47. 			}
    48. 

  48. 			// ???????inline?????attachment?????
    49. 

  49. 			$disposition = $isimage ? 'inline' : 'attachment';
    50. 

  50. 			// ????????
    51. 

  51. 			if ( $disposition == 'attachment' ) {
    52. 

  52. 				$db->query("UPDATE `" . PREFIX_STR . "upload` SET ul_downloads = ul_downloads + 1 WHERE ul_id = $fileid");
    53. 

  53. 			} elseif ( $view == 'thumb' && !empty( $file['ul_thumb'] ) ) {
    54. 

  54. 				$file['ul_filepath'] = $file['ul_thumb'];
    55. 

  55. 			}
    56. 

  56. 			$file['ul_filetype'] = $file['ul_filetype'] ? $file['ul_filetype'] : 'application/octet-stream';
    57. 

  57. 			$file_name = basename( get_date( 'YmdHis',PHP_TIME ) . mt_rand(10,99) . '.' . $file['ul_fileext'] );
    58. 

  58. 			if ( is_readable( $file['ul_filepath'] ) ) {
    59. 

  59. 				ob_end_clean();
    60. 

  60. 				header( 'Cache-control: max-age=31536000' );
    61. 

  61. 				header( 'Expires: ' . get_date('D, d M Y H:i:s',PHP_TIME + 31536000) . ' GMT' );
    62. 

  62. 				header( 'Last-Modified: ' . get_date('D, d M Y H:i:s',$file['ul_time']) . ' GMT' );
    63. 

  63. 				header( 'content-Encoding: none' );
    64. 

  64. 				header( 'content-type: ' . $file['ul_filetype'] );
    65. 

  65. 				header( 'content-Disposition: ' . $disposition . '; filename=' . urlencode( $file_name ) );
    66. 

  66. 				header( 'content-Length: ' . $file['ul_filesize'] );
    67. 

  67. 				$fp = fopen( $file['ul_filepath'], 'rb' ); 
    68. 

  68. 				fpassthru($fp);
    69. 

  69. 				fclose($fp);
    70. 

  70. 				exit;		
    71. 

  71. 			} else {
    72. 

  72. 				@header('content-type: text/html; charset=utf-8');
    73. 

  73. 				exit('???????');
    74. 

  74. 			}
    75. 

  75. 		}

    76. 

  76. 	}

    77. 

  77. 

  78. 	private function access_denied() {
    79. 

  79. 		header('content-Encoding: none');
    80. 

  80. 		header('content-type: image/gif');
    81. 

  81. 		header('content-Disposition: inline; filename="open_denied.gif"');
    82. 

  82. 		$fp = fopen('../images/open_denied.gif','rb');
    83. 

  83. 		fpassthru($fp);
    84. 

  84. 		fclose($fp);
    85. 

  85. 		exit();
    86. 

  86. 	}
    87. 

  87. 

    88. 

  88. }
    89. 

  89. ?>
    90. 

  90.