diff options
| author | root | 2014-03-26 03:07:06 +0100 |
|---|---|---|
| committer | root | 2014-03-26 03:07:06 +0100 |
| commit | e009b1e84dcbcc83f39652695eb86c6e64cc6a11 (patch) | |
| tree | a4745e74da7f5ffc4b359ae5a8cb67aec9c770c9 /www/functions/func_download.php | |
| parent | f1840d40760abb9869bd218ca510eceb94f86478 (diff) | |
| download | files.iamfabulous.de-e009b1e84dcbcc83f39652695eb86c6e64cc6a11.tar.gz | |
Now conform to HTTP/1.1. Also integrated func_download.
Diffstat (limited to 'www/functions/func_download.php')
| -rw-r--r-- | www/functions/func_download.php | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/www/functions/func_download.php b/www/functions/func_download.php index 5770da4..e3e36aa 100644 --- a/www/functions/func_download.php +++ b/www/functions/func_download.php @@ -1,8 +1,7 @@ <?php /* - Expected state: tested, but broken. - Works if you are loged in, fatal error if not. + Expected state: tested, should work. */ function check_if_file($db, $name, $folder_path){ @@ -63,11 +62,21 @@ function start_file_download($user, $path){ } function check_file_hash($db, $file_id, $download_hash){ - $check_hash_db = $db->query("SELECT share FROM files WHERE id=" . SQLite3::escapeString($file_id).";"); + if(preg_match("/[^0-9]/", $file_id)){ + return DOWNLOAD_FALSE_ID; + } + + $check_hash_db = $db->query("SELECT folder, share FROM files WHERE id=" . SQLite3::escapeString($file_id).";"); $check_hash_ar = $check_hash_db->fetchArray(SQLITE3_NUM); - if(($check_hash_ar[0] != "PUBLIC") || ($check_hash_ar[0] != $download_hash)){ - return false; + if($check_hash_ar[0] != "FILE"){ + return DOWNLOAD_NOT_FILE; + } + + if($check_hash_ar[1] != "PUBLIC"){ + if($check_hash_ar[0] != $download_hash){ + return DOWNLOAD_PRIVATE_FILE; + } } if(!download_file($db, $file_id)){ @@ -80,12 +89,13 @@ function check_file_hash($db, $file_id, $download_hash){ function download_file($db, $file_id){ - $file_db = $db->query("SELECT name, mime, hash FROM files WHERE id=". SQLite3::escapeString($file_id).";"); + $file_db = $db->query("SELECT name, mime, size, hash FROM files WHERE id=". SQLite3::escapeString($file_id).";"); $file_ar = $file_db->fetchArray(SQLITE3_NUM); $file_name = $file_ar[0]; $file_mime = $file_ar[1]; - $file_hash = $file_ar[2]; + $file_size = $file_ar[2]; + $file_hash = $file_ar[3]; $uploaddir = "../files/"; $gzip_file = $uploaddir . $file_hash . ".gz"; @@ -94,6 +104,8 @@ function download_file($db, $file_id){ header("Content-Type: ".$file_mime); header("Content-Disposition: attachment; filename=\"".$file_name."\""); + header("Content-Length: ".$file_size); + set_time_limit(0); $uncompressed_file = readgzfile($gzip_file); if($uncompressed_file){ |