PageRenderTime 66ms CodeModel.GetById 38ms RepoModel.GetById 0ms app.codeStats 0ms

/source/module/forum/forum_attachment.php

https://github.com/jinbo51/DiscuzX
PHP | 331 lines | 279 code | 46 blank | 6 comment | 163 complexity | b9b2aee2f742d935b13e41e2fcc8cad2 MD5 | raw file
Possible License(s): BSD-3-Clause
  1. <?php
  2. /**
  3. * [Discuz!] (C)2001-2099 Comsenz Inc.
  4. * This is NOT a freeware, use is subject to license terms
  5. *
  6. * $Id: forum_attachment.php 32178 2012-11-23 03:31:16Z chenmengshu $
  7. */
  8. if(!defined('IN_DISCUZ')) {
  9. exit('Access Denied');
  10. }
  11. define('NOROBOT', TRUE);
  12. @list($_GET['aid'], $_GET['k'], $_GET['t'], $_GET['uid'], $_GET['tableid']) = daddslashes(explode('|', base64_decode($_GET['aid'])));
  13. $aid = intval($_GET['aid']);
  14. if(!empty($_GET['findpost']) && ($attach = C::t('forum_attachment')->fetch($aid))) {
  15. dheader('location: forum.php?mod=redirect&goto=findpost&pid='.$attach['pid'].'&ptid='.$attach['tid']);
  16. }
  17. if($_GET['uid'] != $_G['uid'] && $_GET['uid']) {
  18. $_G['uid'] = $_GET['uid'] = intval($_GET['uid']);
  19. $member = getuserbyuid($_GET['uid']);
  20. loadcache('usergroup_'.$member['groupid']);
  21. $_G['group'] = $_G['cache']['usergroup_'.$member['groupid']];
  22. $_G['group']['grouptitle'] = $_G['cache']['usergroup_'.$_G['groupid']]['grouptitle'];
  23. $_G['group']['color'] = $_G['cache']['usergroup_'.$_G['groupid']]['color'];
  24. }
  25. $requestmode = !empty($_GET['request']) && empty($_GET['uid']);
  26. $tableid = 'aid:'.$aid;
  27. if($_G['setting']['attachexpire']) {
  28. $k = $_GET['k'];
  29. $t = $_GET['t'];
  30. $authk = !$requestmode ? substr(md5($aid.md5($_G['config']['security']['authkey']).$t.$_GET['uid']), 0, 8) : md5($aid.md5($_G['config']['security']['authkey']).$t);
  31. if(empty($k) || empty($t) || $k != $authk || TIMESTAMP - $t > $_G['setting']['attachexpire'] * 3600) {
  32. $aid = intval($aid);
  33. if($attach = C::t('forum_attachment_n')->fetch($tableid, $aid)) {
  34. if($attach['isimage']) {
  35. dheader('location: '.$_G['siteurl'].'static/image/common/none.gif');
  36. } else {
  37. if(!$requestmode) {
  38. showmessage('attachment_expired', '', array('aid' => aidencode($aid, 0, $attach['tid']), 'pid' => $attach['pid'], 'tid' => $attach['tid']));
  39. } else {
  40. exit;
  41. }
  42. }
  43. } else {
  44. if(!$requestmode) {
  45. showmessage('attachment_nonexistence');
  46. } else {
  47. exit;
  48. }
  49. }
  50. }
  51. }
  52. $readmod = getglobal('config/download/readmod');
  53. $readmod = $readmod > 0 && $readmod < 5 ? $readmod : 2;
  54. $refererhost = parse_url($_SERVER['HTTP_REFERER']);
  55. $serverhost = $_SERVER['HTTP_HOST'];
  56. if(($pos = strpos($serverhost, ':')) !== FALSE) {
  57. $serverhost = substr($serverhost, 0, $pos);
  58. }
  59. if(!$requestmode && $_G['setting']['attachrefcheck'] && $_SERVER['HTTP_REFERER'] && !($refererhost['host'] == $serverhost)) {
  60. showmessage('attachment_referer_invalid', NULL);
  61. }
  62. periodscheck('attachbanperiods');
  63. loadcache('threadtableids');
  64. $threadtableids = !empty($_G['cache']['threadtableids']) ? $_G['cache']['threadtableids'] : array();
  65. if(!in_array(0, $threadtableids)) {
  66. $threadtableids = array_merge(array(0), $threadtableids);
  67. }
  68. $archiveid = in_array($_GET['archiveid'], $threadtableids) ? intval($_GET['archiveid']) : 0;
  69. $attachexists = FALSE;
  70. if(!empty($aid) && is_numeric($aid)) {
  71. $attach = C::t('forum_attachment_n')->fetch($tableid, $aid);
  72. $thread = C::t('forum_thread')->fetch_by_tid_displayorder($attach['tid'], 0, '>=', null, $archiveid);
  73. if($_G['uid'] && $attach['uid'] != $_G['uid']) {
  74. if($attach) {
  75. $attachpost = C::t('forum_post')->fetch($thread['posttableid'], $attach['pid'], false);
  76. $attach['invisible'] = $attachpost['invisible'];
  77. unset($attachpost);
  78. }
  79. if($attach && $attach['invisible'] == 0) {
  80. $thread && $attachexists = TRUE;
  81. }
  82. } else {
  83. $attachexists = TRUE;
  84. }
  85. }
  86. if(!$attachexists) {
  87. if(!$requestmode) {
  88. showmessage('attachment_nonexistence');
  89. } else {
  90. exit;
  91. }
  92. }
  93. if(!$requestmode) {
  94. $forum = C::t('forum_forumfield')->fetch_info_for_attach($thread['fid'], $_G['uid']);
  95. $_GET['fid'] = $forum['fid'];
  96. if($attach['isimage']) {
  97. $allowgetattach = !empty($forum['allowgetimage']) || (($_G['group']['allowgetimage'] || $_G['uid'] == $attach['uid']) && !$forum['getattachperm']) || forumperm($forum['getattachperm']);
  98. } else {
  99. $allowgetattach = !empty($forum['allowgetattach']) || (($_G['group']['allowgetattach'] || $_G['uid'] == $attach['uid']) && !$forum['getattachperm']) || forumperm($forum['getattachperm']);
  100. }
  101. if($allowgetattach && ($attach['readperm'] && $attach['readperm'] > $_G['group']['readaccess']) && $_G['adminid'] <= 0 && !($_G['uid'] && $_G['uid'] == $attach['uid'])) {
  102. showmessage('attachment_forum_nopermission', NULL, array(), array('login' => 1));
  103. }
  104. $ismoderator = in_array($_G['adminid'], array(1, 2)) ? 1 : ($_G['adminid'] == 3 ? C::t('forum_moderator')->fetch_uid_by_tid($attach['tid'], $_G['uid'], $archiveid) : 0);
  105. $ispaid = FALSE;
  106. $exemptvalue = $ismoderator ? 128 : 16;
  107. if(!$thread['special'] && $thread['price'] > 0 && (!$_G['uid'] || ($_G['uid'] != $attach['uid'] && !($_G['group']['exempt'] & $exemptvalue)))) {
  108. if(!$_G['uid'] || $_G['uid'] && !($ispaid = C::t('common_credit_log')->count_by_uid_operation_relatedid($_G['uid'], 'BTC', $attach['tid']))) {
  109. showmessage('attachment_payto', 'forum.php?mod=viewthread&tid='.$attach['tid']);
  110. }
  111. }
  112. $exemptvalue = $ismoderator ? 64 : 8;
  113. if($attach['price'] && (!$_G['uid'] || ($_G['uid'] != $attach['uid'] && !($_G['group']['exempt'] & $exemptvalue)))) {
  114. $payrequired = $_G['uid'] ? !C::t('common_credit_log')->count_by_uid_operation_relatedid($_G['uid'], 'BAC', $attach['aid']) : 1;
  115. $payrequired && showmessage('attachement_payto_attach', 'forum.php?mod=misc&action=attachpay&aid='.$attach['aid'].'&tid='.$attach['tid']);
  116. }
  117. }
  118. $isimage = $attach['isimage'];
  119. $_G['setting']['ftp']['hideurl'] = $_G['setting']['ftp']['hideurl'] || ($isimage && !empty($_GET['noupdate']) && $_G['setting']['attachimgpost'] && strtolower(substr($_G['setting']['ftp']['attachurl'], 0, 3)) == 'ftp');
  120. if(empty($_GET['nothumb']) && $attach['isimage'] && $attach['thumb']) {
  121. $db = DB::object();
  122. $db->close();
  123. !$_G['config']['output']['gzip'] && ob_end_clean();
  124. dheader('Content-Disposition: inline; filename='.getimgthumbname($attach['filename']));
  125. dheader('Content-Type: image/pjpeg');
  126. if($attach['remote']) {
  127. $_G['setting']['ftp']['hideurl'] ? getremotefile(getimgthumbname($attach['attachment'])) : dheader('location:'.$_G['setting']['ftp']['attachurl'].'forum/'.getimgthumbname($attach['attachment']));
  128. } else {
  129. getlocalfile($_G['setting']['attachdir'].'/forum/'.getimgthumbname($attach['attachment']));
  130. }
  131. exit();
  132. }
  133. $filename = $_G['setting']['attachdir'].'/forum/'.$attach['attachment'];
  134. if(!$attach['remote'] && !is_readable($filename)) {
  135. $storageService = Cloud::loadClass('Service_Storage');
  136. $storageService->checkAttachment($attach);
  137. if(!$requestmode) {
  138. showmessage('attachment_nonexistence');
  139. } else {
  140. exit;
  141. }
  142. }
  143. if(!$requestmode) {
  144. if(!$ispaid && !$forum['allowgetattach']) {
  145. if(!$forum['getattachperm'] && !$allowgetattach) {
  146. showmessage('getattachperm_none_nopermission', NULL, array(), array('login' => 1));
  147. } elseif(($forum['getattachperm'] && !forumperm($forum['getattachperm'])) || ($forum['viewperm'] && !forumperm($forum['viewperm']))) {
  148. showmessagenoperm('getattachperm', $forum['fid']);
  149. }
  150. }
  151. $exemptvalue = $ismoderator ? 32 : 4;
  152. if(!$isimage && !($_G['group']['exempt'] & $exemptvalue)) {
  153. $creditlog = updatecreditbyaction('getattach', $_G['uid'], array(), '', 1, 0, $thread['fid']);
  154. if($creditlog['updatecredit']) {
  155. if($_G['uid']) {
  156. $k = $_GET['ck'];
  157. $t = $_GET['t'];
  158. if(empty($k) || empty($t) || $k != substr(md5($aid.$t.md5($_G['config']['security']['authkey'])), 0, 8) || TIMESTAMP - $t > 3600) {
  159. dheader('location: forum.php?mod=misc&action=attachcredit&aid='.$attach['aid'].'&formhash='.FORMHASH);
  160. exit();
  161. }
  162. } else {
  163. showmessage('attachment_forum_nopermission', NULL, array(), array('login' => 1));
  164. }
  165. }
  166. }
  167. }
  168. $range = 0;
  169. if($readmod == 4 && !empty($_SERVER['HTTP_RANGE'])) {
  170. list($range) = explode('-',(str_replace('bytes=', '', $_SERVER['HTTP_RANGE'])));
  171. }
  172. if(!$requestmode && !$range && empty($_GET['noupdate'])) {
  173. if($_G['setting']['delayviewcount']) {
  174. $_G['forum_logfile'] = './data/cache/forum_attachviews_'.intval(getglobal('config/server/id')).'.log';
  175. if(substr(TIMESTAMP, -1) == '0') {
  176. attachment_updateviews($_G['forum_logfile']);
  177. }
  178. if(@$fp = fopen(DISCUZ_ROOT.$_G['forum_logfile'], 'a')) {
  179. fwrite($fp, "$aid\n");
  180. fclose($fp);
  181. } elseif($_G['adminid'] == 1) {
  182. showmessage('view_log_invalid', '', array('logfile' => $_G['forum_logfile']));
  183. }
  184. } else {
  185. C::t('forum_attachment')->update_download($aid);
  186. }
  187. }
  188. $db = DB::object();
  189. $db->close();
  190. !$_G['config']['output']['gzip'] && ob_end_clean();
  191. if($attach['remote'] && !$_G['setting']['ftp']['hideurl'] && $isimage) {
  192. dheader('location:'.$_G['setting']['ftp']['attachurl'].'forum/'.$attach['attachment']);
  193. }
  194. $filesize = !$attach['remote'] ? filesize($filename) : $attach['filesize'];
  195. $attach['filename'] = '"'.(strtolower(CHARSET) == 'utf-8' && strexists($_SERVER['HTTP_USER_AGENT'], 'MSIE') ? urlencode($attach['filename']) : $attach['filename']).'"';
  196. dheader('Date: '.gmdate('D, d M Y H:i:s', $attach['dateline']).' GMT');
  197. dheader('Last-Modified: '.gmdate('D, d M Y H:i:s', $attach['dateline']).' GMT');
  198. dheader('Content-Encoding: none');
  199. if($isimage && !empty($_GET['noupdate']) || !empty($_GET['request'])) {
  200. dheader('Content-Disposition: inline; filename='.$attach['filename']);
  201. } else {
  202. dheader('Content-Disposition: attachment; filename='.$attach['filename']);
  203. }
  204. if($isimage) {
  205. dheader('Content-Type: image');
  206. } else {
  207. dheader('Content-Type: application/octet-stream');
  208. }
  209. dheader('Content-Length: '.$filesize);
  210. $xsendfile = getglobal('config/download/xsendfile');
  211. if(!empty($xsendfile)) {
  212. $type = intval($xsendfile['type']);
  213. $cmd = '';
  214. switch ($type) {
  215. case 1: $cmd = 'X-Accel-Redirect'; $url = $xsendfile['dir'].$attach['attachment']; break;
  216. case 2: $cmd = $_SERVER['SERVER_SOFTWARE'] <'lighttpd/1.5' ? 'X-LIGHTTPD-send-file' : 'X-Sendfile'; $url = $filename; break;
  217. case 3: $cmd = 'X-Sendfile'; $url = $filename; break;
  218. }
  219. if($cmd) {
  220. dheader("$cmd: $url");
  221. exit();
  222. }
  223. }
  224. if($readmod == 4) {
  225. dheader('Accept-Ranges: bytes');
  226. if(!empty($_SERVER['HTTP_RANGE'])) {
  227. $rangesize = ($filesize - $range) > 0 ? ($filesize - $range) : 0;
  228. dheader('Content-Length: '.$rangesize);
  229. dheader('HTTP/1.1 206 Partial Content');
  230. dheader('Content-Range: bytes='.$range.'-'.($filesize-1).'/'.($filesize));
  231. }
  232. }
  233. $attach['remote'] ? getremotefile($attach['attachment']) : getlocalfile($filename, $readmod, $range);
  234. function getremotefile($file) {
  235. global $_G;
  236. @set_time_limit(0);
  237. if(!@readfile($_G['setting']['ftp']['attachurl'].'forum/'.$file)) {
  238. $ftp = ftpcmd('object');
  239. $tmpfile = @tempnam($_G['setting']['attachdir'], '');
  240. if($ftp->ftp_get($tmpfile, 'forum/'.$file, FTP_BINARY)) {
  241. @readfile($tmpfile);
  242. @unlink($tmpfile);
  243. } else {
  244. @unlink($tmpfile);
  245. return FALSE;
  246. }
  247. }
  248. return TRUE;
  249. }
  250. function getlocalfile($filename, $readmod = 2, $range = 0) {
  251. if($readmod == 1 || $readmod == 3 || $readmod == 4) {
  252. if($fp = @fopen($filename, 'rb')) {
  253. @fseek($fp, $range);
  254. if(function_exists('fpassthru') && ($readmod == 3 || $readmod == 4)) {
  255. @fpassthru($fp);
  256. } else {
  257. echo @fread($fp, filesize($filename));
  258. }
  259. }
  260. @fclose($fp);
  261. } else {
  262. @readfile($filename);
  263. }
  264. @flush(); @ob_flush();
  265. }
  266. function attachment_updateviews($logfile) {
  267. $viewlog = $viewarray = array();
  268. $newlog = DISCUZ_ROOT.$logfile.random(6);
  269. if(@rename(DISCUZ_ROOT.$logfile, $newlog)) {
  270. $viewlog = file($newlog);
  271. unlink($newlog);
  272. if(is_array($viewlog) && !empty($viewlog)) {
  273. $viewlog = array_count_values($viewlog);
  274. foreach($viewlog as $id => $views) {
  275. if($id > 0) {
  276. $viewarray[$views][] = intval($id);
  277. }
  278. }
  279. foreach($viewarray as $views => $ids) {
  280. C::t('forum_attachment')->update_download($ids, $views);
  281. }
  282. }
  283. }
  284. }
  285. ?>