Просмотр файла www/file.php

Размер файла: 4.13Kb
<?php

/**
 * @date 5.8
 * @author iceman12
 * @copyright 2010
 */

include 'system32/core.php';
//for($i=0;$i<=20;$i++)
  //   sql("INSERT INTO `abuse`(`file`,`text`,`ip`,`time`) VALUES('%s','%s','%s','%s')",
    //            mt_rand(1,9),mt_rand(1,999999), mt_rand(1,999999), time()-mt_rand(1,999999));
if (empty($_SESSION['hash']))
    $_SESSION['hash'] = mdQ(mt_rand(1, 999999));
if (isset($_GET['hash'])) {
    $file = mysql_fetch_assoc(sql("SELECT * FROM `files` WHERE `hash`='%s'", $_GET['hash']));
    if (empty($file))
        go('no_file');
    $tpl->assign('random', mt_rand(1, 999999));
    if (isset($_REQUEST['abuse'], $_SESSION['code'])) {
        sleep(2);
        if ($_SESSION['code'] == $_REQUEST['code']) {
            sql("INSERT INTO `abuse`(`file`,`text`,`ip`,`time`) VALUES('%s','%s','%s','%s')",
                $file['id'], $_REQUEST['abuse'], $_SERVER['REMOTE_ADDR'], time());
            $tpl->display($style . '/abuse_good.tpl');
        } else
            $tpl->display($style . '/abuse_bad.tpl');
        exit;
    }
    if (isset($_POST['download'])) {
        function downloadFile($filename, $name, $mimetype = 'application/octet-stream')
        {
            if (!file_exists($filename))
                die('Файл не найден');
            $from = $to = 0;
            $cr = null;
            if (isset($_SERVER['HTTP_RANGE'])) {
                $range = substr($_SERVER['HTTP_RANGE'], strpos($_SERVER['HTTP_RANGE'], '=') + 1);
                $from = strtok($range, '-');
                $to = strtok('/');
                if ($to > 0)
                    $to++;
                if ($to)
                    $to -= $from;
                header('HTTP/1.1 206 Partial Content');
                $cr = 'Content-Range: bytes ' . $from . '-' . (($to) ? ($to . '/' . $to + 1) :
                    filesize($filename));
            } else
                header('HTTP/1.1 200 Ok');
            $etag = md5($filename);
            $etag = substr($etag, 0, 8) . '-' . substr($etag, 8, 7) . '-' . substr($etag, 15,
                8);
            header('ETag: "' . $etag . '"');
            header('Accept-Ranges: bytes');
            header('Content-Length: ' . (filesize($filename) - $to + $from));
            if ($cr)
                header($cr);
            header('Connection: close');
            header('Content-Type: ' . $mimetype);
            header('Last-Modified: ' . gmdate('r', filemtime($filename)));
            $f = fopen($filename, 'r');
            header('Content-Disposition: attachment; filename="' . $name . '";');
            if ($from)
                fseek($f, $from, SEEK_SET);
            if (!isset($to) or empty($to)) {
                $size = filesize($filename) - $from;
            } else {
                $size = $to;
            }
            $downloaded = 0;
            while (!feof($f) and !connection_status() and ($downloaded < $size)) {
                echo fread($f, 512000);
                $downloaded += 512000;
                ob_flush();
                flush();
            }
            fclose($f);
        }
        if (isset($_POST['hash']) and $_POST['hash'] == $_SESSION['hash']) {
            unset($_SESSION['hash']);
            if ($file['password'] == '') {
                mysql_query("UPDATE `files` SET `count`=`count`+1, `last_load`='$_SERVER[REQUEST_TIME]' WHERE `id`='$file[id]' ");
                downloadFile('superfile/' . $file['file'], $file['name']);
                exit;
            } elseif (isset($_POST['password']) and mdQ($_POST['password']) == $file['password']) {
                mysql_query("UPDATE `files` SET `count`=`count`+1, `last_load`='$_SERVER[REQUEST_TIME]' WHERE `id`='$file[id]' ");
                downloadFile('superfile/' . $file['file'], $file['name']);
                exit;
            } else {
                $tpl->assign('error_password', '');
            }
        } else
            $tpl->assign('error_hash', '');
    }
    $file['size'] = filesize('superfile/' . $file['file']);
    $tpl->assign('file', $file);
    $tpl->display($style . '/file.tpl');
} else
    go();


?>