• Main Page
  • Related Pages
  • Namespaces
  • Data Structures
  • Files
  • Examples
  • File List
  • Globals

cms/download.lib.php

Go to the documentation of this file.
00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 { 
00004         header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005         echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006         echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007         exit(1);
00008 }
00016 function download($pageId, $userId, $fileName,$action="") {
00017         
00018 
00019         if($pageId===false) {
00020                 header("http/1.0 404 Not Found" );
00021                 echo "<html><head><title>404 Not Found</title></head><body><h1>Not Found</h1>" .
00022                          "<p>The requested URL ".$_SERVER['SCRIPT_UR']." was not found on this server.</p><hr>" .
00023                          "$_SERVER[SERVER_SIGNATURE]</body></html>";
00024                 disconnect();
00025                 exit;
00026         }
00027         
00028         if($action=="") $action="view";
00029         // Profile Image exception added by Abhishek
00030         global $sourceFolder;
00031         global $moduleFolder;
00032         if($action!="profile")
00033         {
00034                 $actualPageId = getDereferencedPageId($pageId);
00035                 $moduleType = getPageModule($actualPageId);
00036                 $moduleComponentId = getPageModuleComponentId($actualPageId);
00037                 
00038                 require_once ($sourceFolder . "/content.lib.php");
00039                 require_once ($sourceFolder . "/" . $moduleFolder . "/" . $moduleType . ".lib.php");
00040                 $moduleInstance = new $moduleType ();
00041 
00042                 if (!($moduleInstance instanceof fileuploadable)) {
00043                         echo "The module \"$moduleType\" does not implement the inteface upload.";
00044                         return "";
00045                 }
00046                 if (!($moduleInstance->getFileAccessPermission($pageId,$moduleComponentId,$userId, $fileName))) {
00047                         echo "Access Denied.";
00048                         return "";
00049                 }
00050                 
00051         }
00052         else //Exception for 'profile' images as its not a module
00053         {
00054                 $actualPageId = getDereferencedPageId($pageId);
00055                 $moduleType = "profile";
00056                 $moduleComponentId = $userId;
00057                 
00058                 // Since the moduleComponentId is equal to userId, the image could be retrieved only if the userId is valid, hence no need for security check for file access here :)
00059                 
00060         }
00061 
00062         //return the file the particular page id.
00063         
00064         $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "uploads` WHERE  `upload_filename`= '". escape($fileName). "' AND `page_module` = '".escape($moduleType)."' AND `page_modulecomponentid` = '".escape($moduleComponentId)."'";
00065         $result = mysql_query($query) or die(mysql_error() . "upload L:85");
00066         $row = mysql_fetch_assoc($result);
00067 
00068         $fileType = $row['upload_filetype'];
00074         $uploadFolder = 'uploads';
00075         $upload_fileid = $row['upload_fileid'];
00076         $filename = str_repeat("0", (10 - strlen((string) $upload_fileid))) . $upload_fileid . "_" . $fileName;
00077         $file = $sourceFolder . "/" . $uploadFolder . "/" . $moduleType . "/" . $filename;
00078         
00079         disconnect();
00080         
00081         $filePointer = @fopen($file, 'r') ;
00082         if($filePointer==FALSE){
00083                 header("http/1.0 404 Not Found" );
00084                 echo "<html><head><title>404 Not Found</title></head><body><h1>Not Found</h1>" .
00085                          "<p>The requested URL ".$_SERVER['SCRIPT_URL']." was not found on this server.</p><hr>" .
00086                          "$_SERVER[SERVER_SIGNATURE]</body></html>";
00087                 exit();
00088         }
00089         
00090         elseif ($fileType == 'image/jpeg')
00091                 header("Content-Type: image/jpg");
00092         elseif ($fileType == 'image/gif')
00093                 header("Content-Type: image/gif");
00094         elseif ($fileType == 'image/png')
00095                 header("Content-Type: image/png");
00096         elseif ($fileType == 'image/bmp')
00097                 header("Content-Type: image/bmp");
00098         elseif ($fileType == 'image/svg+xml')
00099                 header("Content-Type: image/svg+xml");
00100         else
00101                 header("Content-Type: application/force-download");
00102         
00103         header("Expires: Sat, 23 Jan 2010 20:53:35 +0530"); // . date('r', strtotime('+1 year')));
00104 
00105         $last_modified_time = filemtime($file);
00106         header('Date: ' . date('r'));
00107         header('Last-Modified: ' . date('r', strtotime($row['upload_time'])));
00108         $etag = md5_file($file);
00109         header("ETag: $etag");
00110         if (@strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) == $last_modified_time || 
00111             (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) ) {
00112           header("HTTP/1.1 304 Not Modified");
00113           exit();
00114         }
00115         
00116         
00117 
00118         echo @fread($filePointer, filesize($file));
00119         @fclose($filePointer);
00120 
00121 }
00122 

Generated on Sun Jan 2 2011 04:55:31 for Pragyan CMS by  doxygen 1.7.1