define("IN_MYBB", 1);
define('THIS_SCRIPT', 'showfile.php');
$templatelist = "downloadvip,post_captcha";
require_once "./global.php";
require_once MYBB_ROOT.'inc/class_captcha.php';
// Load global language phrases
$lang->load("showfile");
// Make navigation
add_breadcrumb($lang->showfile, "showfile.php");
if(!downloadvip_is_installed()) {}
if(!isset($mybb->input['fid'])) {}
$query = $db->simple_select("/*check exist file*/");
if(!$query->num_rows) {}
// Download file
if(isset($mybb->input['fid'], $mybb->input['verify'])) {
download_file($mybb, $db);
exit;
}
$plugins->run_hooks('showfile_start');
$errors = array();
$access_file = false;
if($mybb->request_method == "post") {
/**
* Check password for create random file link
* If input valid $accept = true, else show error
*/
}
// Generate CAPTCHA?
if($mybb->settings['captchaimage']){
$post_captcha = new captcha(true, "post_captcha");
if($post_captcha->html) {
$captcha = $post_captcha->html;
}
} else {
$captcha = '';
}
$plugins->run_hooks('showfile_end');
if($access_file) {
#1
// eval("\$page = \"".$templates->get("downloadvip_form")."\";");
#2
// header("Location: " . $downloadvip_filelink);
// exit;
} else {
// Show form again for enter valid input
eval("\$page = \"".$templates->get("downloadvip_secure")."\";");
}
output_page($page);
function download_file($mybb, $db) {
//ob_start();
@ini_set('error_reporting', E_ALL & ~ E_NOTICE);
@apache_setenv('no-gzip', 1);
@ini_set('zlib.output_compression', 'Off');
$query = $db->simple_select("/*Check exist random link*/");
if($query->num_rows) {
$info_dl = $db->fetch_array($query);
$file_path = urldecode($info_dl['full_dir']);
} else {
header('HTTP/1.0 404 Not Found');
exit;
}
if(file_exists($file_path) && is_readable($file_path)) {
$path_parts = pathinfo($file_path);
$file_name = $path_parts['basename'];
$file_ext = $path_parts['extension'];
$file_size = filesize($file_path);
// Check user permission for download file extension
if(strstr("sh|php|php3|php4|php5|py|shtml|stm|shtm|phtml|html|htm|js|jsp|asp|aspx|cgi|pl|plx|htaccess|htpasswd", $file_ext)){
header("HTTP/1.1 403 Unauthorized");
exit;
}else{
$file = @fopen($file_path, "rb");
// Set header
header("Pragma: public");
header("Expires: -1");
header("Cache-Control: public, must-revalidate, post-check=0, pre-check=0");
header('Content-Disposition: attachment; filename="' . urldecode($file_name) . '"');
// Set the mime type based on extension, add yours if needed.
#$ctype_default = "application/octet-stream";#
$ctype_default = "application/force-download";
$content_types = array(
"exe" => "application/octet-stream",
"zip" => "application/zip",
"rar" => "application/x-rar-compressed",
"mp3" => "audio/mpeg",
"mpg" => "video/mpeg",
"avi" => "video/x-msvideo",
"pdf" => "application/pdf",
"gif" => "image/gif",
"png" => "image/png",
"jpg" => "image/jpg",
"jpeg" => "image/jpg",
"jpe" => "image/jpg",
"txt" => "text/plain"
);
$file_ctype = isset($content_types[$file_ext]) ? $content_types[$file_ext] : $ctype_default;
header("Content-Type: " . $file_ctype);
// Check if http_range is sent by browser (or download manager)
if(isset($_SERVER['HTTP_RANGE'])){
list($size_unit, $range_orig) = explode('=', $_SERVER['HTTP_RANGE'], 2);
if ($size_unit == 'bytes'){
// Multiple ranges could be specified at the same time, but for simplicity only serve the first range
list($range, $extra_ranges) = explode(',', $range_orig, 2);
}else{
$range = '';
header('HTTP/1.1 416 Requested Range Not Satisfiable');
exit;
}
}else{
$range = '';
}
// Figure out download piece from range (if set)
list($seek_start, $seek_end) = explode('-', $range, 2);
// Set start and end based on range (if set), else set defaults
// Also check for invalid ranges.
$seek_end = (empty($seek_end)) ? ($file_size - 1) : min(abs(intval($seek_end)),($file_size - 1));
$seek_start = (empty($seek_start) || $seek_end < abs(intval($seek_start))) ? 0 : max(abs(intval($seek_start)),0);
// Only send partial content header if downloading a piece of the file (IE workaround)
if($seek_start > 0 || $seek_end < ($file_size-1)){
header('HTTP/1.1 206 Partial Content');
header('Content-Range: bytes '.$seek_start.'-'.$seek_end.'/'.$file_size);
header('Content-Length: '.($seek_end-$seek_start+1));
}else
header("Content-Length: $file_size");
header('Accept-Ranges: bytes');
set_time_limit(0);
fseek($file, $seek_start);
$speed = 2048;
while(!feof($file)) {
print(@fread($file, $speed*8));
ob_flush();
flush();
#sleep(1);
if(connection_status()!=0){
@fclose($file);
exit;
}
}
// File save was a success
@fclose($file);
exit;
}
} else {
header('HTTP/1.0 404 Not Found');
exit;
}
unset($mybb, $db, $query, $info_dl);
}