<?php
/**
* @date 5.8
* @author iceman12
* @copyright 2010
*/
include 'system32/core.php';
//for($i=0;$i<=20;$i++)
// sql("INSERT INTO `abuse`(`file`,`text`,`ip`,`time`) VALUES('%s','%s','%s','%s')",
// mt_rand(1,9),mt_rand(1,999999), mt_rand(1,999999), time()-mt_rand(1,999999));
if (empty($_SESSION['hash']))
$_SESSION['hash'] = mdQ(mt_rand(1, 999999));
if (isset($_GET['hash'])) {
$file = mysql_fetch_assoc(sql("SELECT * FROM `files` WHERE `hash`='%s'", $_GET['hash']));
if (empty($file))
go('no_file');
$tpl->assign('random', mt_rand(1, 999999));
if (isset($_REQUEST['abuse'], $_SESSION['code'])) {
sleep(2);
if ($_SESSION['code'] == $_REQUEST['code']) {
sql("INSERT INTO `abuse`(`file`,`text`,`ip`,`time`) VALUES('%s','%s','%s','%s')",
$file['id'], $_REQUEST['abuse'], $_SERVER['REMOTE_ADDR'], time());
$tpl->display($style . '/abuse_good.tpl');
} else
$tpl->display($style . '/abuse_bad.tpl');
exit;
}
if (isset($_POST['download'])) {
function downloadFile($filename, $name, $mimetype = 'application/octet-stream')
{
if (!file_exists($filename))
die('Файл не найден');
$from = $to = 0;
$cr = null;
if (isset($_SERVER['HTTP_RANGE'])) {
$range = substr($_SERVER['HTTP_RANGE'], strpos($_SERVER['HTTP_RANGE'], '=') + 1);
$from = strtok($range, '-');
$to = strtok('/');
if ($to > 0)
$to++;
if ($to)
$to -= $from;
header('HTTP/1.1 206 Partial Content');
$cr = 'Content-Range: bytes ' . $from . '-' . (($to) ? ($to . '/' . $to + 1) :
filesize($filename));
} else
header('HTTP/1.1 200 Ok');
$etag = md5($filename);
$etag = substr($etag, 0, 8) . '-' . substr($etag, 8, 7) . '-' . substr($etag, 15,
8);
header('ETag: "' . $etag . '"');
header('Accept-Ranges: bytes');
header('Content-Length: ' . (filesize($filename) - $to + $from));
if ($cr)
header($cr);
header('Connection: close');
header('Content-Type: ' . $mimetype);
header('Last-Modified: ' . gmdate('r', filemtime($filename)));
$f = fopen($filename, 'r');
header('Content-Disposition: attachment; filename="' . $name . '";');
if ($from)
fseek($f, $from, SEEK_SET);
if (!isset($to) or empty($to)) {
$size = filesize($filename) - $from;
} else {
$size = $to;
}
$downloaded = 0;
while (!feof($f) and !connection_status() and ($downloaded < $size)) {
echo fread($f, 512000);
$downloaded += 512000;
ob_flush();
flush();
}
fclose($f);
}
if (isset($_POST['hash']) and $_POST['hash'] == $_SESSION['hash']) {
unset($_SESSION['hash']);
if ($file['password'] == '') {
mysql_query("UPDATE `files` SET `count`=`count`+1, `last_load`='$_SERVER[REQUEST_TIME]' WHERE `id`='$file[id]' ");
downloadFile('superfile/' . $file['file'], $file['name']);
exit;
} elseif (isset($_POST['password']) and mdQ($_POST['password']) == $file['password']) {
mysql_query("UPDATE `files` SET `count`=`count`+1, `last_load`='$_SERVER[REQUEST_TIME]' WHERE `id`='$file[id]' ");
downloadFile('superfile/' . $file['file'], $file['name']);
exit;
} else {
$tpl->assign('error_password', '');
}
} else
$tpl->assign('error_hash', '');
}
$file['size'] = filesize('superfile/' . $file['file']);
$tpl->assign('file', $file);
$tpl->display($style . '/file.tpl');
} else
go();
?>