• Main Page
  • Related Pages
  • Namespaces
  • Data Structures
  • Files
  • Examples
  • File List
  • Globals

cms/download.lib.php

Go to the documentation of this file.
00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 { 
00004         header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005         echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006         echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007         exit(1);
00008 }
00027 function download($pageId, $userId, $fileName,$action="") {
00028         
00030         if($pageId===false) {
00031                 header("http/1.0 404 Not Found" );
00032                 echo "<html><head><title>404 Not Found</title></head><body><h1>Not Found</h1>" .
00033                          "<p>The requested URL ".$_SERVER['SCRIPT_UR']." was not found on this server.</p><hr>" .
00034                          "$_SERVER[SERVER_SIGNATURE]</body></html>";
00035                 disconnect();
00036                 exit;
00037         }
00038         
00039         if($action=="") $action="view";
00040         // Profile Image exception added by Abhishek
00041         global $sourceFolder;
00042         global $moduleFolder;
00043         if($action!="profile")
00044         {
00045                 $actualPageId = getDereferencedPageId($pageId);
00046                 $moduleType = getPageModule($actualPageId);
00047                 $moduleComponentId = getPageModuleComponentId($actualPageId);
00048                 
00049                 require_once ($sourceFolder . "/content.lib.php");
00050                 require_once ($sourceFolder . "/" . $moduleFolder . "/" . $moduleType . ".lib.php");
00051                 $moduleInstance = new $moduleType ();
00052 
00053                 if (!($moduleInstance instanceof fileuploadable)) {
00054                         echo "The module \"$moduleType\" does not implement the inteface upload.";
00055                         return "";
00056                 }
00057                 if (!($moduleInstance->getFileAccessPermission($pageId,$moduleComponentId,$userId, $fileName))) {
00058                         echo "Access Denied.";
00059                         return "";
00060                 }
00061                 
00062         }
00063         else //Exception for 'profile' images as its not a module
00064         {
00065                 $actualPageId = getDereferencedPageId($pageId);
00066                 $moduleType = "profile";
00067                 $moduleComponentId = $userId;
00068                 
00069                 // Since the moduleComponentId is equal to userId, the image could be retrieved only if the userId is valid, hence no need for security check for file access here :)
00070                 
00071         }
00072 
00073         //return the file the particular page id.
00074         
00075         $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "uploads` WHERE  `upload_filename`= '". escape($fileName). "' AND `page_module` = '".escape($moduleType)."' AND `page_modulecomponentid` = '".escape($moduleComponentId)."'";
00076         $result = mysql_query($query) or die(mysql_error() . "upload L:85");
00077         $row = mysql_fetch_assoc($result);
00078 
00079         $fileType = $row['upload_filetype'];
00085         $uploadFolder = 'uploads';
00086         $upload_fileid = $row['upload_fileid'];
00087         $filename = str_repeat("0", (10 - strlen((string) $upload_fileid))) . $upload_fileid . "_" . $fileName;
00088         $file = $sourceFolder . "/" . $uploadFolder . "/" . $moduleType . "/" . $filename;
00089         
00090         disconnect();
00091         
00092         $filePointer = @fopen($file, 'r') ;
00093         if($filePointer==FALSE){
00094                 header("http/1.0 404 Not Found" );
00095                 echo "<html><head><title>404 Not Found</title></head><body><h1>Not Found</h1>" .
00096                          "<p>The requested URL ".$_SERVER['SCRIPT_URL']." was not found on this server.</p><hr>" .
00097                          "$_SERVER[SERVER_SIGNATURE]</body></html>";
00098                 exit();
00099         }
00100         
00101         elseif ($fileType == 'image/jpeg')
00102                 header("Content-Type: image/jpg");
00103         elseif ($fileType == 'image/gif')
00104                 header("Content-Type: image/gif");
00105         elseif ($fileType == 'image/png')
00106                 header("Content-Type: image/png");
00107         elseif ($fileType == 'image/bmp')
00108                 header("Content-Type: image/bmp");
00109         elseif ($fileType == 'image/svg+xml')
00110                 header("Content-Type: image/svg+xml");
00111         else
00112                 header("Content-Type: application/force-download");
00113         
00114         header("Expires: Sat, 23 Jan 2010 20:53:35 +0530"); // . date('r', strtotime('+1 year')));
00115 
00116         $last_modified_time = filemtime($file);
00117         header('Date: ' . date('r'));
00118         header('Last-Modified: ' . date('r', strtotime($row['upload_time'])));
00119         $etag = md5_file($file);
00120         header("ETag: $etag");
00121         if (@strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) == $last_modified_time || 
00122             (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) ) {
00123           header("HTTP/1.1 304 Not Modified");
00124           exit();
00125         }
00126         
00127         
00128 
00129         echo @fread($filePointer, filesize($file));
00130         @fclose($filePointer);
00131 
00132 }
00133 

Generated on Mon Mar 14 2011 05:35:29 for Pragyan CMS by  doxygen 1.7.1