Go to the documentation of this file.00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00016 function download($pageId, $userId, $fileName,$action="") {
00017
00018
00019 if($pageId===false) {
00020 header("http/1.0 404 Not Found" );
00021 echo "<html><head><title>404 Not Found</title></head><body><h1>Not Found</h1>" .
00022 "<p>The requested URL ".$_SERVER['SCRIPT_UR']." was not found on this server.</p><hr>" .
00023 "$_SERVER[SERVER_SIGNATURE]</body></html>";
00024 disconnect();
00025 exit;
00026 }
00027
00028 if($action=="") $action="view";
00029
00030 global $sourceFolder;
00031 global $moduleFolder;
00032 if($action!="profile")
00033 {
00034 $actualPageId = getDereferencedPageId($pageId);
00035 $moduleType = getPageModule($actualPageId);
00036 $moduleComponentId = getPageModuleComponentId($actualPageId);
00037
00038 require_once ($sourceFolder . "/content.lib.php");
00039 require_once ($sourceFolder . "/" . $moduleFolder . "/" . $moduleType . ".lib.php");
00040 $moduleInstance = new $moduleType ();
00041
00042 if (!($moduleInstance instanceof fileuploadable)) {
00043 echo "The module \"$moduleType\" does not implement the inteface upload.";
00044 return "";
00045 }
00046 if (!($moduleInstance->getFileAccessPermission($pageId,$moduleComponentId,$userId, $fileName))) {
00047 echo "Access Denied.";
00048 return "";
00049 }
00050
00051 }
00052 else
00053 {
00054 $actualPageId = getDereferencedPageId($pageId);
00055 $moduleType = "profile";
00056 $moduleComponentId = $userId;
00057
00058
00059
00060 }
00061
00062
00063
00064 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "uploads` WHERE `upload_filename`= '". escape($fileName). "' AND `page_module` = '".escape($moduleType)."' AND `page_modulecomponentid` = '".escape($moduleComponentId)."'";
00065 $result = mysql_query($query) or die(mysql_error() . "upload L:85");
00066 $row = mysql_fetch_assoc($result);
00067
00068 $fileType = $row['upload_filetype'];
00074 $uploadFolder = 'uploads';
00075 $upload_fileid = $row['upload_fileid'];
00076 $filename = str_repeat("0", (10 - strlen((string) $upload_fileid))) . $upload_fileid . "_" . $fileName;
00077 $file = $sourceFolder . "/" . $uploadFolder . "/" . $moduleType . "/" . $filename;
00078
00079 disconnect();
00080
00081 $filePointer = @fopen($file, 'r') ;
00082 if($filePointer==FALSE){
00083 header("http/1.0 404 Not Found" );
00084 echo "<html><head><title>404 Not Found</title></head><body><h1>Not Found</h1>" .
00085 "<p>The requested URL ".$_SERVER['SCRIPT_URL']." was not found on this server.</p><hr>" .
00086 "$_SERVER[SERVER_SIGNATURE]</body></html>";
00087 exit();
00088 }
00089
00090 elseif ($fileType == 'image/jpeg')
00091 header("Content-Type: image/jpg");
00092 elseif ($fileType == 'image/gif')
00093 header("Content-Type: image/gif");
00094 elseif ($fileType == 'image/png')
00095 header("Content-Type: image/png");
00096 elseif ($fileType == 'image/bmp')
00097 header("Content-Type: image/bmp");
00098 elseif ($fileType == 'image/svg+xml')
00099 header("Content-Type: image/svg+xml");
00100 else
00101 header("Content-Type: application/force-download");
00102
00103 header("Expires: Sat, 23 Jan 2010 20:53:35 +0530");
00104
00105 $last_modified_time = filemtime($file);
00106 header('Date: ' . date('r'));
00107 header('Last-Modified: ' . date('r', strtotime($row['upload_time'])));
00108 $etag = md5_file($file);
00109 header("ETag: $etag");
00110 if (@strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) == $last_modified_time ||
00111 (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) ) {
00112 header("HTTP/1.1 304 Not Modified");
00113 exit();
00114 }
00115
00116
00117
00118 echo @fread($filePointer, filesize($file));
00119 @fclose($filePointer);
00120
00121 }
00122