/security.php
PHP | 135 lines | 87 code | 34 blank | 14 comment | 25 complexity | 649d6587b66d6bf3abd6d9d89ab3736c MD5 | raw file
Possible License(s): Apache-2.0
- <?php
- /*
- * dl-file.php
- *
- * Protect uploaded files with login.
- *
- * @link http://wordpress.stackexchange.com/questions/37144/protect-wordpress-uploads-if-user-is-not-logged-in
- *
- * @author hakre <http://hakre.wordpress.com/>
- * @license GPL-3.0+
- * @registry SPDX
- */
- define('FFMPEG_PATH', '/home/user/bin');
- define('FREE_VIDEOS_DIR_NAME', 'free_videos');
- define('FREE_VIDEO_LENGTH', '120'); // продолжительность видео в секундах
- require_once('wp-load.php');
- $file_path = $_GET['file'];
- $post_select_sql = "
- SELECT pm.post_id
- FROM {$wpdb->prefix}postmeta pm
- WHERE pm.meta_value = '{$file_path}'
- ";
- $post_id = $wpdb->get_var($post_select_sql);
- $media_post = get_post($post_id);
- $post_parent = get_post($media_post->post_parent);
- while ($post_parent->post_type !== 0 && $post_parent->post_type === 'attachment') {
- $media_post = $post_parent;
- $post_parent = get_post($post_parent->post_parent);
- }
- $is_not_free = (bool) get_post_meta( $media_post->ID, 'it_not_free', true );
- list($basedir, $baseurl) = array_values( array_intersect_key( wp_upload_dir(), array('basedir' => 1, 'baseurl' => 1) ) );
- if ( // Если видео платное и пользователь не является редактором или админом
- $is_not_free
- && ! (current_user_can('editor') || current_user_can('administrator'))
- ) {
- $free_videos_path = rtrim( $basedir,'/' ) . '/' . FREE_VIDEOS_DIR_NAME;
- $file_name = end( explode('/', $file_path) );
- $not_free_file_name = rtrim( $basedir,'/' ) . '/' . $file_path;
- $free_file_name = 'FREE__' . $file_name;
- $free_file_path = $free_videos_path . '/' . $free_file_name;
- $free_file_url = rtrim( $baseurl,'/' ) . '/' . FREE_VIDEOS_DIR_NAME . '/' . $free_file_name;
- if( !is_dir( $free_videos_path ) ){
- mkdir( $free_videos_path );
- }
- if ( !file_exists($free_file_path) ) {
- $command = escapeshellcmd(FFMPEG_PATH . '/' . 'ffmpeg' . ' -i "' . $not_free_file_name . '" -ss 00:00:00 -codec copy -t ' . FREE_VIDEO_LENGTH . ' "' . $free_file_path . '"');
- $command_result = shell_exec($command);
- }
- $current_user_id = get_current_user_id();
- if ($current_user_id) { // Если пользователь не аноним
- $current_user_expire_service = get_user_meta($current_user_id, 'register_service_expire', true);
- $current_time = current_time( 'mysql' );
- if (strtotime($current_user_expire_service) < strtotime($current_time)) { // Если у пользователя истек срок действия услуги
- header('Location: ' . $free_file_url, true, 301);
- die();
- } else {
- $file = rtrim( $basedir,'/' ) . '/' . $file_path;
- }
- } else {
- header('Location: ' . $free_file_url, true, 301);
- die();
- }
- } else {
- $file = rtrim( $basedir,'/' ) . '/' . $file_path;
- }
- if (!$basedir || !is_file($file)) {
- status_header(404);
- die('404 — File not found.');
- }
- $mime = wp_check_filetype($file);
- if( false === $mime[ 'type' ] && function_exists( 'mime_content_type' ) )
- $mime[ 'type' ] = mime_content_type( $file );
- if( $mime[ 'type' ] )
- $mimetype = $mime[ 'type' ];
- else
- $mimetype = 'image/' . substr( $file, strrpos( $file, '.' ) + 1 );
- header( 'Content-Type: ' . $mimetype ); // always send this
- if ( false === strpos( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS' ) )
- header( 'Content-Length: ' . filesize( $file ) );
- $last_modified = gmdate( 'D, d M Y H:i:s', filemtime( $file ) );
- $etag = '"' . md5( $last_modified ) . '"';
- header( "Last-Modified: $last_modified GMT" );
- header( 'ETag: ' . $etag );
- header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' );
- // Support for Conditional GET
- $client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false;
- if( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
- $_SERVER['HTTP_IF_MODIFIED_SINCE'] = false;
- $client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
- // If string is empty, return 0. If not, attempt to parse into a timestamp
- $client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified ) : 0;
- // Make a timestamp for our most recent modification...
- $modified_timestamp = strtotime($last_modified);
- if ( ( $client_last_modified && $client_etag )
- ? ( ( $client_modified_timestamp >= $modified_timestamp) && ( $client_etag == $etag ) )
- : ( ( $client_modified_timestamp >= $modified_timestamp) || ( $client_etag == $etag ) )
- ) {
- status_header( 304 );
- exit;
- }
- header("X-Accel-Redirect: /play-videos/" . $file_path);