github/torrentpier
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier synced 2025-08-22 22:33:55 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Продолжение работы над аттачами

Browse source
This commit is contained in:
Exile 2015-01-13 17:58:28 +03:00
commit 455e8bd4ec
4 changed files with 93 additions and 169 deletions
Download patch file Download diff file Expand all files Collapse all files

191
dl.php
View file

@ -5,146 +5,48 @@ define('NO_GZIP', true);
define('BB_ROOT', './'); define('BB_ROOT', './');
require(BB_ROOT .'common.php'); require(BB_ROOT .'common.php');
$download_id = request_var('id', 0); if (!$topic_id = (int) request_var('t', 0))
$thumbnail = request_var('thumb', 0);
// Send file to browser
function send_file_to_browser($attachment, $upload_dir)
{ {
global $bb_cfg, $lang, $userdata; bb_simple_die('Ошибочный запрос: не указан topic_id'); // TODO
$filename = ($upload_dir == '') ? $attachment['physical_filename'] : $upload_dir . '/' . $attachment['physical_filename'];
$gotit = false;
// Correct the mime type - we force application/octet-stream for all files, except images
// Please do not change this, it is a security precaution
if (!strstr($attachment['mimetype'], 'image'))
{
$attachment['mimetype'] = 'application/octet-stream';
} }
//bt
if (!(isset($_GET['original']) && !IS_USER))
{
include(INC_DIR .'functions_torrent.php');
send_torrent_with_passkey($filename);
}
// Now the tricky part... let's dance
header('Pragma: public');
$real_filename = clean_filename(basename($attachment['real_filename']));
$mimetype = $attachment['mimetype'].';';
$charset = "charset={$bb_cfg['lang'][$userdata['user_lang']]['encoding']};";
// Send out the Headers
header("Content-Type: $mimetype $charset name=\"$real_filename\"");
header("Content-Disposition: inline; filename=\"$real_filename\"");
unset($real_filename);
// Now send the File Contents to the Browser
if ($gotit)
{
$size = @filesize($filename);
if ($size)
{
header("Content-length: $size");
}
readfile($filename);
}
else
{
bb_die($lang['ERROR_NO_ATTACHMENT'] . "<br /><br />" . $filename. "<br /><br />" .$lang['TOR_NOT_FOUND']);
}
exit;
}
//
// Start Session Management
//
$user->session_start(); $user->session_start();
set_die_append_msg(); global $bb_cfg, $lang, $userdata;
if (!$download_id) // $t_data
$sql = "
SELECT t.*, f.*
FROM ". BB_TOPICS ." t, ". BB_FORUMS ." f
WHERE t.topic_id = $topic_id
AND f.forum_id = t.forum_id
LIMIT 1
";
if (!$t_data = DB()->fetch_row($sql))
{ {
bb_die($lang['NO_ATTACHMENT_SELECTED']); bb_simple_die('Файл не найден [DB]'); // TODO
}
if (!$t_data['attach_ext_id'])
{
bb_simple_die('Файл не найден [EXT_ID]'); // TODO
} }
$sql = 'SELECT * FROM ' . BB_ATTACHMENTS_DESC . ' WHERE attach_id = ' . (int) $download_id; // Auth check
$is_auth = auth(AUTH_ALL, $t_data['forum_id'], $userdata, $t_data);
if (!($result = DB()->sql_query($sql))) $guest_allow = false;
{ if (!IS_GUEST) $guest_allow = true;
bb_die('Could not query attachment information #1'); if (IS_GUEST && $bb_cfg['guest_tracker']) $guest_allow = true;
} if ($t_data['attach_ext_id'] != 8 && !$is_auth['auth_download']) login_redirect($bb_cfg['dl_url'] . $topic_id);
if ($t_data['attach_ext_id'] == 8 && (!$is_auth['auth_download'] || !$guest_allow)) login_redirect($bb_cfg['dl_url'] . $topic_id);
if (!($attachment = DB()->sql_fetchrow($result)))
{
bb_die($lang['ERROR_NO_ATTACHMENT']);
}
$attachment['physical_filename'] = basename($attachment['physical_filename']);
DB()->sql_freeresult($result);
// get forum_id for attachment authorization or private message authorization
$authorised = false;
$sql = 'SELECT * FROM ' . BB_ATTACHMENTS . ' WHERE attach_id = ' . (int) $attachment['attach_id'];
if (!($result = DB()->sql_query($sql)))
{
bb_die('Could not query attachment information #2');
}
$auth_pages = DB()->sql_fetchrowset($result);
$num_auth_pages = DB()->num_rows($result);
for ($i = 0; $i < $num_auth_pages && $authorised == false; $i++)
{
$auth_pages[$i]['post_id'] = intval($auth_pages[$i]['post_id']);
if ($auth_pages[$i]['post_id'] != 0)
{
$sql = 'SELECT forum_id, topic_id FROM ' . BB_POSTS . ' WHERE post_id = ' . (int) $auth_pages[$i]['post_id'];
if (!($result = DB()->sql_query($sql)))
{
bb_die('Could not query post information');
}
$row = DB()->sql_fetchrow($result);
$topic_id = $row['topic_id'];
$forum_id = $row['forum_id'];
$is_auth = array();
$is_auth = auth(AUTH_ALL, $forum_id, $userdata);
set_die_append_msg($forum_id, $topic_id);
if ($is_auth['auth_download'])
{
$authorised = TRUE;
}
}
}
if (!$authorised)
{
bb_die($lang['SORRY_AUTH_VIEW_ATTACH']);
}
$datastore->rm('cat_forums');
$sql = 'UPDATE ' . BB_ATTACHMENTS_DESC . ' SET download_count = download_count + 1 WHERE attach_id = ' . (int) $attachment['attach_id'];
if (!DB()->sql_query($sql))
{
bb_die('Could not update attachment download count');
}
// Проверка рефёрера (не качать с других сайтов)
$referer = (!empty($_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : '';
if (!preg_match("/". $bb_cfg['server_name']."/", $referer)) exit;
DB()->sql_query('UPDATE ' . BB_TOPICS . ' SET download_count = download_count + 1 WHERE topic_id = ' . (int) $t_data['topic_id']);
// Captcha for guest
if (IS_GUEST && !bb_captcha('check')) if (IS_GUEST && !bb_captcha('check'))
{ {
global $template; global $template;
@ -166,5 +68,32 @@ $datastore->rm('cat_forums');
require(PAGE_FOOTER); require(PAGE_FOOTER);
} }
send_file_to_browser($attachment, ''); $t_data['user_id'] = $userdata['user_id'];
exit; $t_data['is_am'] = IS_AM;
//die(var_dump($t_data));
// Torrent
if ($t_data['attach_ext_id'] == 8)
{
if (!(isset($_GET['original']) && !IS_USER))
{
require(INC_DIR .'functions_torrent.php');
send_torrent_with_passkey($t_data);
}
}
// All other
$file_path = get_attach_path($topic_id);
if (($file_contents = @file_get_contents($file_path)) === false)
{
bb_simple_die("Файл не найден [HDD]"); // TODO
}
$send_filename = "t-$topic_id.". $bb_cfg['file_id_ext'][$t_data['attach_ext_id']];
header("Content-Type: application/x-download; name=\"$send_filename\"");
header("Content-Disposition: attachment; filename=\"$send_filename\"");
bb_exit($file_contents);

25
posting.php
View file

@ -91,7 +91,7 @@ switch ($mode)
break; break;
default: default:
bb_die($lang['NO_POST_MODE']); bb_simple_die($lang['NO_POST_MODE']);
break; break;
} }
@ -103,18 +103,12 @@ switch ($mode)
{ {
case 'newtopic': case 'newtopic':
case 'new_rel': case 'new_rel':
if (!$forum_id) if (!$forum_id) bb_simple_die($lang['FORUM_NOT_EXIST']);
{
bb_die($lang['FORUM_NOT_EXIST']);
}
$sql = "SELECT * FROM ". BB_FORUMS ." WHERE forum_id = $forum_id LIMIT 1"; $sql = "SELECT * FROM ". BB_FORUMS ." WHERE forum_id = $forum_id LIMIT 1";
break; break;
case 'reply': case 'reply':
if (!$topic_id) if (!$topic_id) bb_simple_die($lang['NO_TOPIC_ID']);
{
bb_die($lang['NO_TOPIC_ID']);
}
$sql = "SELECT f.*, t.* $sql = "SELECT f.*, t.*
FROM ". BB_FORUMS ." f, ". BB_TOPICS ." t FROM ". BB_FORUMS ." f, ". BB_TOPICS ." t
WHERE t.topic_id = $topic_id WHERE t.topic_id = $topic_id
@ -125,10 +119,7 @@ switch ($mode)
case 'quote': case 'quote':
case 'editpost': case 'editpost':
case 'delete': case 'delete':
if (!$post_id) if (!$post_id) bb_simple_die($lang['NO_POST_ID']);
{
bb_die($lang['NO_POST_ID']);
}
$select_sql = 'SELECT f.*, t.*, p.*'; $select_sql = 'SELECT f.*, t.*, p.*';
$select_sql .= (!$submit) ? ', pt.*, u.username, u.user_id' : ''; $select_sql .= (!$submit) ? ', pt.*, u.username, u.user_id' : '';
@ -150,7 +141,7 @@ switch ($mode)
break; break;
default: default:
bb_die($lang['NO_VALID_MODE']); bb_simple_die($lang['NO_VALID_MODE']);
} }
if ($post_info = DB()->fetch_row($sql)) if ($post_info = DB()->fetch_row($sql))
@ -158,6 +149,8 @@ if ($post_info = DB()->fetch_row($sql))
$forum_id = $post_info['forum_id']; $forum_id = $post_info['forum_id'];
$forum_name = $post_info['forum_name']; $forum_name = $post_info['forum_name'];
set_die_append_msg($forum_id);
$is_auth = auth(AUTH_ALL, $forum_id, $userdata, $post_info); $is_auth = auth(AUTH_ALL, $forum_id, $userdata, $post_info);
if ($post_info['forum_status'] == FORUM_LOCKED && !$is_auth['auth_mod']) if ($post_info['forum_status'] == FORUM_LOCKED && !$is_auth['auth_mod'])
@ -214,8 +207,8 @@ else
bb_die($lang['NO_SUCH_POST']); bb_die($lang['NO_SUCH_POST']);
} }
// The user is not authed, if they're not logged in then redirect $bb_cfg['attach']['allowed_ext'] = ($post_info['allow_reg_tracker']) ? $bb_cfg['tor_forums_allowed_ext'] : $bb_cfg['gen_forums_allowed_ext'];
// them, else show them an error message
if (!$is_auth[$is_auth_type]) if (!$is_auth[$is_auth_type])
{ {
if (!IS_GUEST) if (!IS_GUEST)

2
styles/templates/default/viewtopic.tpl
View file

@ -422,8 +422,10 @@ function build_poll_add_form (src_el)
</div> </div>
{postrow.ATTACHMENTS} {postrow.ATTACHMENTS}
</div><!--/post_wrap--> </div><!--/post_wrap-->
<!-- IF not postrow.IS_FIRST_POST -->
<!-- IF postrow.SIGNATURE -->{postrow.SIGNATURE}<!-- ENDIF --> <!-- IF postrow.SIGNATURE -->{postrow.SIGNATURE}<!-- ENDIF -->
<!-- IF postrow.EDITED_MESSAGE --><div class="last_edited">{postrow.EDITED_MESSAGE}</div><!-- ENDIF --> <!-- IF postrow.EDITED_MESSAGE --><div class="last_edited">{postrow.EDITED_MESSAGE}</div><!-- ENDIF -->
<!-- ENDIF -->
</div><!--/post_body--> </div><!--/post_body-->
<!-- IF AUTH_MOD --> <!-- IF AUTH_MOD -->