[Vue sommaire] [Imprimer] [Vue textuelle]

   1  <?php
   2  /*
   3    $Id$
   4  
   5    osCommerce, Open Source E-Commerce Solutions
   6    http://www.oscommerce.com
   7  
   8    Copyright (c) 2005 osCommerce
   9  
  10    This program is free software; you can redistribute it and/or modify
  11    it under the terms of the GNU General Public License v2 (1991)
  12    as published by the Free Software Foundation.
  13  */
  14  
  15    $_SERVER['SCRIPT_FILENAME'] = __FILE__;
  16  
  17    include ('includes/application_top.php');
  18  
  19    if ($osC_Customer->isLoggedOn() == false) die;
  20  
  21  // Check download.php was called with proper GET parameters
  22    if ((isset($_GET['order']) && !is_numeric($_GET['order'])) || (isset($_GET['id']) && !is_numeric($_GET['id'])) ) {
  23      die;
  24    }
  25  
  26  // Check that order_id, customer id and filename match
  27    $Qdownloads = $osC_Database->query('select date_format(o.date_purchased, "%Y-%m-%d") as date_purchased_day, opd.download_maxdays, opd.download_count, opd.download_maxdays, opd.orders_products_filename from :table_orders o, :table_orders_products op, :table_orders_products_download opd where o.customers_id = :customers_id and o.orders_id = :orders_id and o.orders_id = op.orders_id and op.orders_products_id = opd.orders_products_id and opd.orders_products_download_id = :orders_products_download_id and opd.orders_products_filename != ""');
  28    $Qdownloads->bindTable(':table_orders', TABLE_ORDERS);
  29    $Qdownloads->bindTable(':table_orders_products', TABLE_ORDERS_PRODUCTS);
  30    $Qdownloads->bindTable(':table_orders_products_download', TABLE_ORDERS_PRODUCTS_DOWNLOAD);
  31    $Qdownloads->bindInt(':customers_id', $osC_Customer->getID());
  32    $Qdownloads->bindInt(':orders_id', $_GET['order']);
  33    $Qdownloads->bindInt(':orders_products_download_id', $_GET['id']);
  34    $Qdownloads->execute();
  35  
  36    if ($Qdownloads->numberOfRows() < 1) {
  37      die();
  38    }
  39  
  40  // MySQL 3.22 does not have INTERVAL
  41    list($dt_year, $dt_month, $dt_day) = explode('-', $Qdownloads->value('date_purchased_day'));
  42    $download_timestamp = mktime(23, 59, 59, $dt_month, $dt_day + $Qdownloads->value('download_maxdays'), $dt_year);
  43  
  44  // Die if time expired (maxdays = 0 means no time limit)
  45    if (($Qdownloads->value('download_maxdays') != 0) && ($download_timestamp <= time())) die;
  46  // Die if remaining count is <=0
  47    if ($Qdownloads->value('download_count') <= 0) die;
  48  // Die if file is not there
  49    if (!file_exists(DIR_FS_DOWNLOAD . $Qdownloads->value('orders_products_filename'))) die;
  50  
  51  // Now decrement counter
  52    $Qupdate = $osC_Database->query('update :table_orders_products_download set download_count = download_count-1 where orders_products_download_id = :orders_products_download_id');
  53    $Qupdate->bindTable(':table_orders_products_download', TABLE_ORDERS_PRODUCTS_DOWNLOAD);
  54    $Qupdate->bindInt(':orders_products_download_id', $_GET['id']);
  55    $Qupdate->execute();
  56  
  57  // Returns a random name, 16 to 20 characters long
  58  // There are more than 10^28 combinations
  59  // The directory is "hidden", i.e. starts with '.'
  60  function osc_random_name() {
  61    $letters = 'abcdefghijklmnopqrstuvwxyz';
  62    $dirname = '.';
  63    $length = floor(osc_rand(16,20));
  64  
  65    for ($i = 1; $i <= $length; $i++) {
  66     $q = floor(osc_rand(1,26));
  67     $dirname .= $letters[$q];
  68    }
  69  
  70    return $dirname;
  71  }
  72  
  73  // Unlinks all subdirectories and files in $dir
  74  // Works only on one subdir level, will not recurse
  75  function osc_unlink_temp_dir($dir) {
  76    $h1 = opendir($dir);
  77    while ($subdir = readdir($h1)) {
  78  // Ignore non directories
  79      if (!is_dir($dir . $subdir)) continue;
  80  // Ignore . and .. and CVS
  81      if ($subdir == '.' || $subdir == '..' || $subdir == 'CVS') continue;
  82  // Loop and unlink files in subdirectory
  83      $h2 = opendir($dir . $subdir);
  84      while ($file = readdir($h2)) {
  85        if ($file == '.' || $file == '..') continue;
  86        @unlink($dir . $subdir . '/' . $file);
  87      }
  88      closedir($h2);
  89      @rmdir($dir . $subdir);
  90    }
  91    closedir($h1);
  92  }
  93  
  94  
  95  // Now send the file with header() magic
  96    header("Expires: Mon, 26 Nov 1962 00:00:00 GMT");
  97    header("Last-Modified: " . gmdate("D,d M Y H:i:s") . " GMT");
  98    header("Cache-Control: no-cache, must-revalidate");
  99    header("Pragma: no-cache");
 100    header("Content-Type: Application/octet-stream");
 101    header("Content-disposition: attachment; filename=" . $Qdownloads->value('orders_products_filename'));
 102  
 103    if (DOWNLOAD_BY_REDIRECT == '1') {
 104  // This will work only on Unix/Linux hosts
 105      osc_unlink_temp_dir(DIR_FS_DOWNLOAD_PUBLIC);
 106      $tempdir = osc_random_name();
 107      umask(0000);
 108      mkdir(DIR_FS_DOWNLOAD_PUBLIC . $tempdir, 0777);
 109      symlink(DIR_FS_DOWNLOAD . $Qdownloads->value('orders_products_filename'), DIR_FS_DOWNLOAD_PUBLIC . $tempdir . '/' . $Qdownloads->value('orders_products_filename'));
 110      osc_redirect(DIR_WS_DOWNLOAD_PUBLIC . $tempdir . '/' . $Qdownloads->value('orders_products_filename'));
 111    } else {
 112  // This will work on all systems, but will need considerable resources
 113  // We could also loop with fread($fp, 4096) to save memory
 114      readfile(DIR_FS_DOWNLOAD . $Qdownloads->value('orders_products_filename'));
 115    }
 116  ?>