Go to the documentation of this file.00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00027 function download($pageId, $userId, $fileName,$action="") {
00028
00030 if($pageId===false) {
00031 header("http/1.0 404 Not Found" );
00032 echo "<html><head><title>404 Not Found</title></head><body><h1>Not Found</h1>" .
00033 "<p>The requested URL ".$_SERVER['SCRIPT_UR']." was not found on this server.</p><hr>" .
00034 "$_SERVER[SERVER_SIGNATURE]</body></html>";
00035 disconnect();
00036 exit;
00037 }
00038
00039 if($action=="") $action="view";
00040
00041 global $sourceFolder;
00042 global $moduleFolder;
00043 if($action!="profile")
00044 {
00045 $actualPageId = getDereferencedPageId($pageId);
00046 $moduleType = getPageModule($actualPageId);
00047 $moduleComponentId = getPageModuleComponentId($actualPageId);
00048
00049 require_once ($sourceFolder . "/content.lib.php");
00050 require_once ($sourceFolder . "/" . $moduleFolder . "/" . $moduleType . ".lib.php");
00051 $moduleInstance = new $moduleType ();
00052
00053 if (!($moduleInstance instanceof fileuploadable)) {
00054 echo "The module \"$moduleType\" does not implement the inteface upload.";
00055 return "";
00056 }
00057 if (!($moduleInstance->getFileAccessPermission($pageId,$moduleComponentId,$userId, $fileName))) {
00058 echo "Access Denied.";
00059 return "";
00060 }
00061
00062 }
00063 else
00064 {
00065 $actualPageId = getDereferencedPageId($pageId);
00066 $moduleType = "profile";
00067 $moduleComponentId = $userId;
00068
00069
00070
00071 }
00072
00073
00074
00075 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "uploads` WHERE `upload_filename`= '". escape($fileName). "' AND `page_module` = '".escape($moduleType)."' AND `page_modulecomponentid` = '".escape($moduleComponentId)."'";
00076 $result = mysql_query($query) or die(mysql_error() . "upload L:85");
00077 $row = mysql_fetch_assoc($result);
00078
00079 $fileType = $row['upload_filetype'];
00085 $uploadFolder = 'uploads';
00086 $upload_fileid = $row['upload_fileid'];
00087 $filename = str_repeat("0", (10 - strlen((string) $upload_fileid))) . $upload_fileid . "_" . $fileName;
00088 $file = $sourceFolder . "/" . $uploadFolder . "/" . $moduleType . "/" . $filename;
00089
00090 disconnect();
00091
00092 $filePointer = @fopen($file, 'r') ;
00093 if($filePointer==FALSE){
00094 header("http/1.0 404 Not Found" );
00095 echo "<html><head><title>404 Not Found</title></head><body><h1>Not Found</h1>" .
00096 "<p>The requested URL ".$_SERVER['SCRIPT_URL']." was not found on this server.</p><hr>" .
00097 "$_SERVER[SERVER_SIGNATURE]</body></html>";
00098 exit();
00099 }
00100
00101 elseif ($fileType == 'image/jpeg')
00102 header("Content-Type: image/jpg");
00103 elseif ($fileType == 'image/gif')
00104 header("Content-Type: image/gif");
00105 elseif ($fileType == 'image/png')
00106 header("Content-Type: image/png");
00107 elseif ($fileType == 'image/bmp')
00108 header("Content-Type: image/bmp");
00109 elseif ($fileType == 'image/svg+xml')
00110 header("Content-Type: image/svg+xml");
00111 else
00112 header("Content-Type: application/force-download");
00113
00114 header("Expires: Sat, 23 Jan 2010 20:53:35 +0530");
00115
00116 $last_modified_time = filemtime($file);
00117 header('Date: ' . date('r'));
00118 header('Last-Modified: ' . date('r', strtotime($row['upload_time'])));
00119 $etag = md5_file($file);
00120 header("ETag: $etag");
00121 if (@strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) == $last_modified_time ||
00122 (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) ) {
00123 header("HTTP/1.1 304 Not Modified");
00124 exit();
00125 }
00126
00127
00128
00129 echo @fread($filePointer, filesize($file));
00130 @fclose($filePointer);
00131
00132 }
00133