1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
<?php
/*
Expected state: broken.
*/
function start_file_download($user, $path){
$db = $GLOBALS["db"];
$owner = user_id($db, $user);
$file_id = select_file_id($db, $owner, $path)
/* $file_id_db = $db->query("SELECT id, owner, share FROM files WHERE parent=" . $folder_id . ");
$file_id_ar = $file_id_db->fetchArray(SQLITE3_NUM);
$file_id = $file_id_ar[0];
$check_verification_db = $
$check_verification_ar[1];
$share = $check_verification_ar[2];
if($_SESSION["login"] && ($_SESSION["userid"] == $file_owner)){
$var = download_file($db, $file_id);
} else {
if($share != "PUBLIC"){
return false;
}
$var = download_file($db, $file_id);
}
*/
if(!download_file($db, $file_id)){
return false;
} else {
return true;
}
}
function check_file_hash($db, $file_id, $download_hash){
$check_hash_db = $db->query("SELECT share FROM files WHERE id=" . SQLite3::escapeString($file_id).";");
$check_hash_ar = $check_hash_db->fetchArray(SQLITE3_NUM);
if(($check_hash_ar[0] != "PUBLIC") || ($check_hash_ar[0] != $download_hash)){
return false;
}
if(!download_file($db, $file_id)){
return false;
} else {
return true;
}
}
function download_file($db, $file_id){
$file_db = $db->query("SELECT name, mime, hash FROM files WHERE id=". SQLite3::escapeString($file_id).";");
$file_ar = $file_db->fetchArray(SQLITE3_NUM);
$file_name = $file_ar[0];
$file_mime = $file_ar[1];
$file_hash = $file_ar[2];
$uploaddir = "../files/";
$gzip_file = $uploaddir . $file_hash . ".gz";
$fp = gzopen($gzip_file, 'r')
$uncompressed_file = gzread($fp, filesize($fp));
header("Content-Type: ".$file_mime);
header("Content-Disposition: attachment; filename=\"".$file_name."\"");
if(!readfile($uncompressed_file)){
return false;
}
return true;
}
|
