PageRenderTime 170ms CodeModel.GetById 35ms RepoModel.GetById 0ms app.codeStats 0ms

/process.php

http://clients-oriented-ftp.googlecode.com/
PHP | 211 lines | 184 code | 12 blank | 15 comment | 32 complexity | 64055ff975918fda2ff64a7ee05f51a6 MD5 | raw file
Possible License(s): LGPL-2.1, GPL-2.0
  1. <?php
  2. /**
  3. * Class that handles the log out and file download actions.
  4. *
  5. * @package ProjectSend
  6. */
  7. $allowed_levels = array(9,8,7,0);
  8. require_once('sys.includes.php');
  9. require_once('header.php');
  10. class process {
  11. function process() {
  12. $this->database = new MySQLDB;
  13. switch ($_GET['do']) {
  14. case 'download':
  15. $this->download_file();
  16. break;
  17. case 'zip_download':
  18. $this->download_zip();
  19. break;
  20. case 'get_downloaders':
  21. $this->get_downloaders();
  22. break;
  23. case 'logout':
  24. $this->logout();
  25. break;
  26. default:
  27. header('Location: '.BASE_URI);
  28. break;
  29. }
  30. $this->database->Close();
  31. }
  32. function download_file() {
  33. $this->check_level = array(9,8,7,0);
  34. if (isset($_GET['url']) && isset($_GET['client'])) {
  35. /** Do a permissions check for logged in user */
  36. if (isset($this->check_level) && in_session_or_cookies($this->check_level)) {
  37. $current_level = get_current_user_level();
  38. $sum_download = true;
  39. if (isset($_GET['n'])) {
  40. if ($current_level != 0) {
  41. $sum_download = false;
  42. }
  43. }
  44. if ($sum_download == true) {
  45. $this->sum_sql = 'UPDATE tbl_files_relations SET download_count=download_count+1 WHERE file_id="' . $_GET['id'] .'"';
  46. if ($_GET['origin'] == 'group') {
  47. if (!empty($_GET['group_id'])) {
  48. $this->group_id = $_GET['group_id'];
  49. $this->sum_sql .= " AND group_id = '$this->group_id'";
  50. }
  51. } else {
  52. $this->client_id = $_GET['client_id'];
  53. $this->sum_sql .= " AND client_id = '$this->client_id'";
  54. }
  55. $this->sql = $this->database->query($this->sum_sql);
  56. /**
  57. * The owner ID is generated here to prevent false results
  58. * from a modified GET url.
  59. */
  60. if ($current_level == 0) {
  61. $log_action = 8;
  62. $log_action_owner_id = $_GET['client_id'];
  63. }
  64. else {
  65. $log_action = 7;
  66. $global_user = get_current_user_username();
  67. $global_id = get_logged_account_id($global_user);
  68. $log_action_owner_id = $global_id;
  69. }
  70. /** Record the action log */
  71. $new_log_action = new LogActions();
  72. $log_action_args = array(
  73. 'action' => $log_action,
  74. 'owner_id' => $log_action_owner_id,
  75. 'affected_file' => $_GET['id'],
  76. 'affected_file_name' => $_GET['url'],
  77. 'affected_account' => $_GET['client_id'],
  78. 'affected_account_name' => $_GET['client'],
  79. 'get_user_real_name' => true,
  80. 'get_file_real_name' => true
  81. );
  82. $new_record_action = $new_log_action->log_action_save($log_action_args);
  83. }
  84. $file = UPLOADED_FILES_FOLDER.$_GET['url'];
  85. if (file_exists($file)) {
  86. $content_length = filesize($file);
  87. header('Content-Description: File Transfer');
  88. header('Content-Type: application/octet-stream');
  89. header('Content-Disposition: attachment; filename='.basename($file));
  90. //header('Content-Transfer-Encoding: binary');
  91. header('Expires: 0');
  92. header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
  93. header('Pragma: public');
  94. header('Content-Length: ' . $content_length);
  95. ob_clean();
  96. flush();
  97. readfile($file);
  98. exit;
  99. }
  100. }
  101. }
  102. }
  103. function download_zip() {
  104. $this->check_level = array(9,8,7,0);
  105. if (isset($_GET['files']) && isset($_GET['client'])) {
  106. // do a permissions check for logged in user
  107. if (isset($this->check_level) && in_session_or_cookies($this->check_level)) {
  108. foreach($_GET['files'] as $file_id) {
  109. $this->sql = $this->database->query('SELECT * FROM tbl_files WHERE id="' . $file_id .'"');
  110. $this->row = mysql_fetch_array($this->sql);
  111. $this->url = $this->row['url'];
  112. $file = UPLOADED_FILES_FOLDER.$this->url;
  113. if (file_exists($file)) {
  114. $file_list .= $this->url.',';
  115. }
  116. }
  117. ob_clean();
  118. flush();
  119. echo $file_list;
  120. }
  121. }
  122. }
  123. function get_downloaders() {
  124. $this->check_level = array(9,8,7);
  125. if (isset($_GET['sys_user']) && isset($_GET['file_id'])) {
  126. // do a permissions check for logged in user
  127. if (isset($this->check_level) && in_session_or_cookies($this->check_level)) {
  128. $file_id = $_GET['file_id'];
  129. $current_level = get_current_user_level();
  130. $this->sql = $this->database->query('SELECT id, uploader, filename FROM tbl_files WHERE id="' . $file_id .'"');
  131. $this->row = mysql_fetch_array($this->sql);
  132. $this->uploader = $this->row['uploader'];
  133. /** Uploaders can only generate this for their own files */
  134. if ($current_level == '7') {
  135. if ($this->uploader != $_GET['sys_user']) {
  136. ob_clean();
  137. flush();
  138. _e("You don't have the required permissions to view this information about this file",'cftp_admin');
  139. exit;
  140. }
  141. }
  142. $this->filename = $this->row['filename'];
  143. $this->sql_who = $this->database->query('SELECT DISTINCT client_id, download_count FROM tbl_files_relations WHERE file_id="' . $file_id .'" AND download_count != "0"');
  144. while ($this->wrow = mysql_fetch_array($this->sql_who)) {
  145. $this->downloaders_ids[] = $this->wrow['client_id'];
  146. $this->downloaders_count[$this->wrow['client_id']] = $this->wrow['download_count'];
  147. }
  148. $this->users_ids = implode(',',array_unique(array_filter($this->downloaders_ids)));
  149. $this->downloaders_list = array();
  150. $this->sql_who = $this->database->query("SELECT id, name, email, level FROM tbl_users WHERE id IN ($this->users_ids)");
  151. $i = 0;
  152. while ($this->urow = mysql_fetch_array($this->sql_who)) {
  153. $this->downloaders_list[$i] = array(
  154. 'name' => $this->urow['name'],
  155. 'email' => $this->urow['email']
  156. );
  157. $this->downloaders_list[$i]['type'] = ($this->urow['name'] == 0) ? 'client' : 'user';
  158. $this->downloaders_list[$i]['count'] = isset($this->downloaders_count[$this->urow['id']]) ? $this->downloaders_count[$this->urow['id']] : null;
  159. $i++;
  160. }
  161. ob_clean();
  162. flush();
  163. echo json_encode($this->downloaders_list);
  164. }
  165. }
  166. }
  167. function logout() {
  168. header("Cache-control: private");
  169. unset($_SESSION['loggedin']);
  170. unset($_SESSION['access']);
  171. unset($_SESSION['userlevel']);
  172. session_destroy();
  173. /** If there is a cookie, unset it */
  174. setcookie("loggedin","",time()-COOKIE_EXP_TIME);
  175. setcookie("password","",time()-COOKIE_EXP_TIME);
  176. setcookie("access","",time()-COOKIE_EXP_TIME);
  177. setcookie("userlevel","",time()-COOKIE_EXP_TIME);
  178. /** Record the action log */
  179. $new_log_action = new LogActions();
  180. $log_action_args = array(
  181. 'action' => 31,
  182. 'owner_id' => $logged_id,
  183. 'affected_account_name' => $global_name
  184. );
  185. $new_record_action = $new_log_action->log_action_save($log_action_args);
  186. header("location:index.php");
  187. }
  188. }
  189. $process = new process;
  190. ?>