www.opentools.de // Partial Domain Names -> opentools.de // $sites = array( $board_config['server_name'], // This is your domain 'opentools.de', 'phpbb.com', 'phpbbhacks.com', 'phpbb.de' ); // This is the message displayed, if someone links to this site... $lang['Denied_Message'] = 'You are not authorized to view, download or link to this Site.'; // End of editable area // // Parse the order and evaluate the array // $site = explode('?', $HTTP_SERVER_VARS['HTTP_REFERER']); $url = trim($site[0]); //$url = $HTTP_HOST; if ($url != '') { $allowed = ($allow_deny_order == ALLOWED_DENIED) ? FALSE : TRUE; for ($i = 0; $i < count($sites); $i++) { if (strstr($url, $sites[$i])) { $allowed = ($allow_deny_order == ALLOWED_DENIED) ? TRUE : FALSE; break; } } } else { $allowed = TRUE; } if ($allowed == FALSE) { message_die(GENERAL_MESSAGE, $lang['Denied_Message']); } // Delete the following line, to uncomment this block */ if( isset($HTTP_POST_VARS['id']) || isset($HTTP_GET_VARS['id']) ) { $download_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : intval($HTTP_GET_VARS['id']); } else { $download_id = -1; } if( isset($HTTP_POST_VARS['thumb']) || isset($HTTP_GET_VARS['thumb']) ) { $thumbnail = ( isset($HTTP_POST_VARS['thumb']) ) ? intval($HTTP_POST_VARS['thumb']) : intval($HTTP_GET_VARS['thumb']); } else { $thumbnail = FALSE; } // Send file to browser function send_file_to_browser($attachment, $upload_dir) { global $_SERVER, $HTTP_USER_AGENT, $HTTP_SERVER_VARS, $lang, $db, $attach_config; $filename = ($upload_dir == '') ? $attachment['physical_filename'] : $upload_dir . '/' . $attachment['physical_filename']; $gotit = FALSE; if (!intval($attach_config['allow_ftp_upload'])) { if (@!file_exists(@amod_realpath($filename))) { message_die(GENERAL_ERROR, $lang['Error_no_attachment'] . "

404 File Not Found: The File " . $filename . " does not exist."); } else { $gotit = TRUE; } } // // Determine the Browser the User is using, because of some nasty incompatibilities. // Most of the methods used in this function are from phpMyAdmin. :) // if (!empty($_SERVER['HTTP_USER_AGENT'])) { $HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT']; } else if (!empty($HTTP_SERVER_VARS['HTTP_USER_AGENT'])) { $HTTP_USER_AGENT = $HTTP_SERVER_VARS['HTTP_USER_AGENT']; } else if (!isset($HTTP_USER_AGENT)) { $HTTP_USER_AGENT = ''; } if (ereg('Opera(/| )([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version)) { $browser_version = $log_version[2]; $browser_agent = 'opera'; } else if (ereg('MSIE ([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version)) { $browser_version = $log_version[1]; $browser_agent = 'ie'; } else if (ereg('OmniWeb/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version)) { $browser_version = $log_version[1]; $browser_agent = 'omniweb'; } else if (ereg('Netscape([0-9]{1})', $HTTP_USER_AGENT, $log_version)) { $browser_version = $log_version[1]; $browser_agent = 'netscape'; } else if (ereg('Mozilla/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version)) { $browser_version = $log_version[1]; $browser_agent = 'mozilla'; } else if (ereg('Konqueror/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version)) { $browser_version = $log_version[1]; $browser_agent = 'konqueror'; } else { $browser_version = 0; $browser_agent = 'other'; } // Correct the mime type - we force application/octetstream for all files, except images // Please do not change this, it is a security precaution if (!strstr($attachment['mimetype'], 'image')) { $attachment['mimetype'] = ($browser_agent == 'ie' || $browser_agent == 'opera') ? 'application/octetstream' : 'application/octet-stream'; } // Now the tricky part... let's dance @ob_end_clean(); @ini_set('zlib.output_compression', 'Off'); ob_start(); header('Pragma: public'); header('Content-Transfer-Encoding: none'); // Send out the Headers header('Content-Type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"'); header('Content-Disposition: inline; filename="' . $attachment['real_filename'] . '"'); // // Now send the File Contents to the Browser // if ($gotit) { $size = @filesize($filename); if ($size) { header("Content-length: $size"); ob_end_clean(); } readfile($filename); } else if (!$gotit && intval($attach_config['allow_ftp_upload'])) { $conn_id = attach_init_ftp(); $ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var'; $tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : $upload_dir . '/tmp'; $tmp_filename = @tempnam($tmp_path, 't0000'); @unlink($tmp_filename); $mode = FTP_BINARY; if ( (preg_match("/text/i", $attachment['mimetype'])) || (preg_match("/html/i", $attachment['mimetype'])) ) { $mode = FTP_ASCII; } $result = @ftp_get($conn_id, $tmp_filename, $filename, $mode); if (!$result) { message_die(GENERAL_ERROR, $lang['Error_no_attachment'] . "

404 File Not Found: The File " . $filename . " does not exist."); } @ftp_quit($conn_id); $size = @filesize($tmp_filename); if ($size) { header("Content-length: $size"); } readfile($tmp_filename); @unlink($tmp_filename); } else { message_die(GENERAL_ERROR, $lang['Error_no_attachment'] . "

404 File Not Found: The File " . $filename . " does not exist."); } exit; } // // End Functions // // // Start Session Management // $userdata = session_pagestart($user_ip, PAGE_INDEX); init_userprefs($userdata); if ($download_id == -1) { message_die(GENERAL_ERROR, $lang['No_attachment_selected']); } if ((intval($attach_config['disable_mod']) == 1) && ($userdata['user_level'] != ADMIN)) { message_die(GENERAL_MESSAGE, $lang['Attachment_feature_disabled']); } $sql = 'SELECT * FROM ' . ATTACHMENTS_DESC_TABLE . ' WHERE attach_id = ' . intval($download_id); if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not query attachment informations', '', __LINE__, __FILE__, $sql); } if ($db->sql_numrows($result) == 0) { message_die(GENERAL_MESSAGE, $lang['Error_no_attachment']); } $attachment = $db->sql_fetchrow($result); // // get forum_id for attachment authorization or private message authorization // $authorised = FALSE; $sql = 'SELECT * FROM ' . ATTACHMENTS_TABLE . ' WHERE attach_id = ' . $attachment['attach_id']; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not query attachment informations', '', __LINE__, __FILE__, $sql); } $auth_pages = $db->sql_fetchrowset($result); $num_auth_pages = $db->sql_numrows($result); for ($i = 0; $i < $num_auth_pages && $authorised == FALSE; $i++) { if (intval($auth_pages[$i]['post_id']) != 0) { $sql = 'SELECT forum_id FROM ' . POSTS_TABLE . ' WHERE post_id = ' . $auth_pages[$i]['post_id']; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not query post information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); $forum_id = $row['forum_id']; $is_auth = array(); $is_auth = auth(AUTH_ALL, $forum_id, $userdata); if ($is_auth['auth_download']) { $authorised = TRUE; } } else { if ( (intval($attach_config['allow_pm_attach'])) && ( ($userdata['user_id'] == $auth_pages[$i]['user_id_2']) || ($userdata['user_id'] == $auth_pages[$i]['user_id_1']) ) || ($userdata['user_level'] == ADMIN) ) { $authorised = TRUE; } } } if (!$authorised) { message_die(GENERAL_MESSAGE, $lang['Sorry_auth_view_attach']); } // // Get Information on currently allowed Extensions // $sql = "SELECT e.extension, g.download_mode FROM " . EXTENSION_GROUPS_TABLE . " g, " . EXTENSIONS_TABLE . " e WHERE (g.allow_group = 1) AND (g.group_id = e.group_id)"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not query Allowed Extensions.', '', __LINE__, __FILE__, $sql); } $rows = $db->sql_fetchrowset($result); $num_rows = $db->sql_numrows($result); for ($i = 0; $i < $num_rows; $i++) { $extension = strtolower(trim($rows[$i]['extension'])); $allowed_extensions[] = $extension; $download_mode[$extension] = $rows[$i]['download_mode']; } // // disallowed ? // if ( (!in_array($attachment['extension'], $allowed_extensions)) && ($userdata['user_level'] != ADMIN) ) { message_die(GENERAL_MESSAGE, sprintf($lang['Extension_disabled_after_posting'], $attachment['extension'])); } $download_mode = intval($download_mode[$attachment['extension']]); if ($thumbnail) { $attachment['physical_filename'] = THUMB_DIR . '/t_' . $attachment['physical_filename']; } // // Update download count // if (!$thumbnail) { $sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . ' SET download_count = download_count + 1 WHERE attach_id = ' . $attachment['attach_id']; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Couldn\'t update attachment download count', '', __LINE__, __FILE__, $sql); } } // // Determine the 'presenting'-method // if ($download_mode == PHYSICAL_LINK) { $server_protocol = ($board_config['cookie_secure']) ? 'https://' : 'http://'; $server_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['server_name'])); $server_port = ($board_config['server_port'] <> 80) ? ':' . trim($board_config['server_port']) : ''; $script_name = preg_replace('/^\/?(.*?)\/?$/', '/\1', trim($board_config['script_path'])); if ($script_name[strlen($script_name)] != '/') { $script_name .= '/'; } if (intval($attach_config['allow_ftp_upload'])) { if (trim($attach_config['download_path']) == '') { message_die(GENERAL_ERROR, 'Physical Download not possible with the current Attachment Setting'); } $url = trim($attach_config['download_path']) . '/' . $attachment['physical_filename']; $redirect_path = $url; } else { $url = $upload_dir . '/' . $attachment['physical_filename']; // $url = preg_replace('/^\/?(.*?\/)?$/', '\1', trim($url)); $redirect_path = $server_protocol . $server_name . $server_port . $script_name . $url; } // Redirect via an HTML form for PITA webservers if (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE'))) { header('Refresh: 0; URL=' . $redirect_path); echo 'Redirect
If your browser does not support meta redirection please click HERE to be redirected
'; exit; } // Behave as per HTTP/1.1 spec for others header('Location: ' . $redirect_path); exit; } else { if (intval($attach_config['allow_ftp_upload'])) { // We do not need a download path, we are not downloading physically send_file_to_browser($attachment, ''); exit; } else { send_file_to_browser($attachment, $upload_dir); exit; } } ?>