malhuda/developer
1
0
Fork 0
mirror of https://github.com/easy-wi/developer.git synced 2025-02-20 11:23:28 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

FIX #992 external URLs at page downloads

Browse Source
This commit is contained in:
Ulrich Block 2017-05-13 11:27:09 +02:00
parent 996a71466d
commit 4c5a91dd02
9 changed files with 188 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
languages/default/de/page.xml
View File

@ -10,6 +10,8 @@
<contact>Kontakt</contact>
<date>Datum</date>
<defaultpage>Standard Seite</defaultpage>
<external>External</external>
<externalURL>External URL</externalURL>
<gallery>Gallery</gallery>
<intern>Intern</intern>
<keyword>Keyword</keyword>

2
languages/default/uk/page.xml
View File

@ -10,6 +10,8 @@
<contact>Contact</contact>
<date>Date</date>
<defaultpage>Default page</defaultpage>
<external>External</external>
<externalURL>External URL</externalURL>
<gallery>Gallery</gallery>
<intern>Intern</intern>
<keyword>Keyword</keyword>

153
stuff/admin/page_downloads.php
View File

@ -43,32 +43,45 @@ if ((!isset($admin_id) or $main != 1) or (isset($admin_id) and !$pa['cms_pages']
die;
}
$sprache = getlanguagefile('page',$user_language,$reseller_id);
$sprache = getlanguagefile('page', $user_language, $reseller_id);
$loguserid = $admin_id;
$logusername = getusername($admin_id);
$logusertype = 'admin';
$logreseller = 0;
$logsubuser = 0;
$logsubuser = 0;
$id = $ui->id('id', 10, 'get');
$external = ($ui->active('external', 'post')) ? $ui->active('external', 'post') : 'N';
$externalURL = ($ui->url('externalURL', 'post')) ? $ui->url('externalURL', 'post') : '';
if ($ui->w('action', 4, 'post') and !token(true)) {
$template_file = $spracheResponse->token;
} else if ($ui->id('id', 10, 'get') or $ui->st('d', 'get') == 'ad') {
$id = $ui->id('id', 10, 'get');
} else if ($id or $ui->st('d', 'get') == 'ad') {
$template_file = 'uadmin_404.tpl';
$foundLanguages = array();
$query = $sql->prepare("SELECT `lang`,`text` FROM `translations` WHERE `type`='pd' AND `transID`=? AND `lang`=? AND `resellerID`=? LIMIT 1");
foreach ($languages as $row) {
if (small_letters_check($row,2)) {
if (small_letters_check($row, 2)) {
$description = '';
unset($lang);
if ($ui->id('id', 10, 'get')) {
$query->execute(array($id, $row,$reseller_id));
if ($id) {
$query->execute(array($id, $row, $reseller_id));
while ($row2 = $query->fetch(PDO::FETCH_ASSOC)) {
$lang = $row2['lang'];
$description = $row2['text'];
}
}
if ((!$ui->id('id', 10, 'get') and $row==$rSA['language']) or isset($lang)) {
if ((!$id and $row==$rSA['language']) or isset($lang)) {
$style = '';
$displayNone = '';
$checkbox='<input type="checkbox" name="language[]" value="'.$row.'" onclick="textdrop('."'".$row."'".');" checked /> ';
@ -77,15 +90,23 @@ if ($ui->w('action', 4, 'post') and !token(true)) {
$displayNone='display_none';
$checkbox='<input type="checkbox" name="language[]" value="'.$row.'" onclick="textdrop('."'".$row."'".');" /> ';
}
$foundLanguages[] = array('style' => $style,'lang' => $row,'checkbox' => $checkbox,'description' => $description,'display' => $displayNone);
}
}
if (!$ui->st('action', 'post') and $ui->st('d', 'get') == 'ad') {
$template_file = 'admin_page_downloads_add.tpl';
} else if (!$ui->st('action', 'post') and $ui->id('id', 10, 'get') and ($ui->st('d', 'get') == 'md' or $ui->st('d', 'get') == 'dl')) {
} else if (!$ui->st('action', 'post') and $id and ($ui->st('d', 'get') == 'md' or $ui->st('d', 'get') == 'dl')) {
$query = $sql->prepare("SELECT * FROM `page_downloads` WHERE `fileID`=? AND `resellerID`=? LIMIT 1");
$query->execute(array($id,$reseller_id));
$query->execute(array($id, $reseller_id));
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
$external = $row['external'];
$externalURL = $row['externalURL'];
$show = $row['show'];
$order = $row['order'];
$count = $row['count'];
@ -93,30 +114,45 @@ if ($ui->w('action', 4, 'post') and !token(true)) {
$fileExtension = $row['fileExtension'];
$fileName = $row['fileName'];
$date = $row['date'];
$template_file = ($ui->st('d', 'get') == 'md') ? 'admin_page_downloads_mod.tpl' : 'admin_page_downloads_del.tpl';
}
} else if ($ui->st('action', 'post') == 'ad' or ($ui->st('action', 'post') == 'md' and $ui->id('id', 10, 'get'))) {
$id = $ui->id('id', 10, 'get');
} else if ($ui->st('action', 'post') == 'ad' or ($ui->st('action', 'post') == 'md' and $id)) {
if ($ui->st('action', 'post') == 'ad') {
$query = $sql->prepare("SELECT 1 FROM `page_downloads` WHERE `fileName`=? LIMIT 1");
$query->execute(array($ui->names('fileName',255, 'post')));
$query->execute(array($ui->names('fileName', 255, 'post')));
if ($query->rowCount() > 0) {
$template_file = $spracheResponse->error_name;
} else {
$query = $sql->prepare("INSERT INTO `page_downloads` (`show`,`description`,`fileName`,`date`,`resellerID`) VALUES (?,?,?,NOW(),?)");
$query->execute(array($ui->w('show',1, 'post'),$ui->names('description',255, 'post'),$ui->names('fileName',255, 'post'),$reseller_id));
if ($query->rowCount() > 0) $changed = true;
$query = $sql->prepare("INSERT INTO `page_downloads` (`show`,`description`,`fileName`,`date`,`external`,`externalURL`,`resellerID`) VALUES (?,?,?,NOW(),?,?,?)");
$query->execute(array($ui->w('show', 1, 'post'), $ui->names('description', 255, 'post'), $ui->names('fileName', 255, 'post'), $external, $externalURL, $reseller_id));
if ($query->rowCount() > 0) {
$changed = true;
}
$template_file = $spracheResponse->table_add;
$id = $sql->lastInsertId();
}
} else if ($ui->st('action', 'post') == 'md' and $ui->id('id', 10, 'get')) {
$query = $sql->prepare("UPDATE `page_downloads` SET `show`=?,`description`=?,`fileName`=? WHERE `fileID`=? AND `resellerID`=? LIMIT 1");
$query->execute(array($ui->w('show',1, 'post'),$ui->names('description',255, 'post'),$ui->names('fileName',255, 'post'),$id,$reseller_id));
if ($query->rowCount() > 0) $changed = true;
} else if ($ui->st('action', 'post') == 'md' and $id) {
$query = $sql->prepare("UPDATE `page_downloads` SET `show`=?,`description`=?,`fileName`=?,`external`=?,`externalURL`=? WHERE `fileID`=? AND `resellerID`=? LIMIT 1");
$query->execute(array($ui->w('show', 1, 'post'), $ui->names('description', 255, 'post'), $ui->names('fileName', 255, 'post'), $external, $externalURL, $id, $reseller_id));
if ($query->rowCount() > 0) {
$changed = true;
}
}
if ($id) {
if (isset($_FILES['upload']) and $_FILES['upload']['error'] == 0) {
if ($external == 'N' and isset($_FILES['upload']) and $_FILES['upload']['error'] == 0) {
$allowedTypes = array(
'avi' => 'video/x-msvideo',
@ -143,54 +179,88 @@ if ($ui->w('action', 4, 'post') and !token(true)) {
'zip' => array('application/x-zip','application/zip','application/x-zip-compressed','application/octet-stream')
);
$exploded=explode('.',$_FILES['upload']['name']);
$exploded=explode('.', $_FILES['upload']['name']);
$extension = $exploded[count($exploded)-1];
if (isset($allowedTypes[$extension]) and ((is_array($allowedTypes[$extension]) and in_array($_FILES["upload"]["type"],$allowedTypes[$extension])) or (!is_array($allowedTypes[$extension]) and $_FILES["upload"]["type"] == $allowedTypes[$extension])) ) {
if (isset($allowedTypes[$extension]) and ((is_array($allowedTypes[$extension]) and in_array($_FILES["upload"]["type"], $allowedTypes[$extension])) or (!is_array($allowedTypes[$extension]) and $_FILES["upload"]["type"] == $allowedTypes[$extension])) ) {
if (move_uploaded_file($_FILES["upload"]["tmp_name"],EASYWIDIR . '/downloads/'.$id . '.' . $extension)) {
$changed = true;
$query = $sql->prepare("UPDATE `page_downloads` SET `fileExtension`=? WHERE `fileID`=? AND `resellerID`=?");
$query->execute(array($extension,$id,$reseller_id));
$query->execute(array($extension, $id, $reseller_id));
}
}
}
if ($ui->smallletters('language',2, 'post')) {
$array=(array)$ui->smallletters('language',2, 'post');
if ($ui->smallletters('language', 2, 'post')) {
$array=(array)$ui->smallletters('language', 2, 'post');
$query = $sql->prepare("INSERT INTO `translations` (`type`,`transID`,`lang`,`text`,`resellerID`) VALUES ('pd',?,?,?,?) ON DUPLICATE KEY UPDATE `text`=VALUES(`text`)");
foreach($array as $language) {
if (small_letters_check($language,2)) {
$query->execute(array($id,$language,$ui->description('text', 'post',$language),$reseller_id));
if ($query->rowCount() > 0) $changed = true;
if (small_letters_check($language, 2)) {
$query->execute(array($id, $language, $ui->description('text', 'post', $language), $reseller_id));
if ($query->rowCount() > 0) {
$changed = true;
}
}
}
$query = $sql->prepare("SELECT `lang` FROM `translations` WHERE `type`='pd' AND `transID`=? AND `resellerID`=?");
$query->execute(array($id,$reseller_id));
$query->execute(array($id, $reseller_id));
$query2 = $sql->prepare("DELETE FROM `translations` WHERE `type`='pd' AND `transID`=? AND `lang`=? AND `resellerID`=? LIMIT 1");
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
if (!in_array($row['lang'],$array)) {
$query2->execute(array($addonid, $row['lang'],$reseller_id));
if ($query2->rowCount() > 0) $changed = true;
if (!in_array($row['lang'], $array)) {
$query2->execute(array($addonid, $row['lang'], $reseller_id));
if ($query2->rowCount() > 0) {
$changed = true;
}
}
}
} else {
$query = $sql->prepare("DELETE FROM `translations` WHERE `type`='pd' AND `transID`=? AND `resellerID`=?");
$query->execute(array($id,$reseller_id));
if ($query->rowCount() > 0) $changed = true;
$query->execute(array($id, $reseller_id));
if ($query->rowCount() > 0) {
$changed = true;
}
}
$template_file = (isset($changed)) ? $spracheResponse->table_add : $spracheResponse->error_table;
} else {
$template_file = $spracheResponse->error_table;
}
} else if ($ui->st('action', 'post') == 'dl' and $ui->id('id', 10, 'get')) {
} else if ($ui->st('action', 'post') == 'dl' and $id) {
$query = $sql->prepare("DELETE FROM `page_downloads` WHERE `fileID`=? AND `resellerID`=? LIMIT 1");
$query->execute(array($id,$reseller_id));
$query->execute(array($id, $reseller_id));
$template_file = ($query->rowCount() > 0) ? $spracheResponse->table_del : 'admin_404.tpl';
$query = $sql->prepare("DELETE FROM `translations` WHERE `type`='pd' AND `transID`=? AND `resellerID`=?");
$query->execute(array($id,$reseller_id));
@unlink(EASYWIDIR . "/downloads/${id}/${fileExtension}");
$template_file = $spracheResponse->table_del;
if ($query->rowCount() > 0) {
$query = $sql->prepare("DELETE FROM `translations` WHERE `type`='pd' AND `transID`=? AND `resellerID`=?");
$query->execute(array($id, $reseller_id));
@unlink(EASYWIDIR . "/downloads/${id}/${fileExtension}");
$template_file = $spracheResponse->table_del;
} else {
$template_file =$spracheResponse->error_table;
}
}
} else {
if ($ui->w('downloadOrder',4, 'post') == 'true') {
@ -198,9 +268,10 @@ if ($ui->w('action', 4, 'post') and !token(true)) {
$query = $sql->prepare("UPDATE `page_downloads` SET `order`=? WHERE `fileID`=? LIMIT 1");
foreach ($ui->id('downloadID',10, 'post') as $id => $order) {
$query->execute(array($order,$id));
$query->execute(array($order, $id));
}
}
$table = array();
$query = $sql->prepare("SELECT `fileID`,`description`,`order`,`count` FROM `page_downloads` WHERE `resellerID`=?");

2
stuff/admin/page_settings.php
View File

@ -40,6 +40,7 @@ if ((!isset($admin_id) or $main != 1) or (isset($admin_id) and !$pa['cms_setting
header('Location: admin.php');
die('No Access');
}
$sprache = getlanguagefile('page',$user_language,$reseller_id);
$loguserid = $admin_id;
$logusername = getusername($admin_id);
@ -47,6 +48,7 @@ $logusertype = 'admin';
$logreseller = 0;
$logsubuser = 0;
$logsubuser = 0;
if ($ui->w('action', 4, 'post') and !token(true)) {
$template_file = $spracheResponse->token;
} else if ($ui->smallletters('action',2, 'post') == 'md' and $ui->id('maxnews',19, 'post')) {

1
stuff/cms/init_page.php
View File

@ -112,6 +112,7 @@ if (isset($page_active) and $page_active == 'Y') {
$query->execute(array($user_language));
if ($seo == 'Y') {
$page_data->SetMenu($gsprache->news, $gsprache->news,'news');
if ($protectioncheck == 'Y') {

63
stuff/cms/page_download.php
View File

@ -63,42 +63,47 @@ if (isset($downloadID)) {
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
if (($row['show'] == 'E' or ($row['show'] == 'A' and isset($admin_id)) or ($row['show'] == 'R' and (isset($user_id) or isset($admin_id)))) and file_exists(EASYWIDIR . "/downloads/${row['fileID']}.${row['fileExtension']}")) {
if (($row['show'] == 'E' or ($row['show'] == 'A' and isset($admin_id)) or ($row['show'] == 'R' and (isset($user_id) or isset($admin_id)))) and ($row['external'] == 'Y' or ($row['external'] == 'N' and file_exists(EASYWIDIR . "/downloads/${row['fileID']}.${row['fileExtension']}")))) {
if (isset($startDownload)) {
$fileWithPath = EASYWIDIR . "/downloads/${row['fileID']}.${row['fileExtension']}";
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$contentType = finfo_file($finfo, $fileWithPath);
finfo_close($finfo);
header("Content-Type: ${contentType}");
if (strpos(strtolower($ui->server['SERVER_SOFTWARE']),'nginx') !== false) {
header('Content-Length: ' . (string) (filesize($fileWithPath)));
header('Cache-Control: public, must-revalidate');
header('Pragma: no-cache');
header("Content-Disposition: attachment; filename=\"${row['fileName']}.${row['fileExtension']}\"");
header('Content-Transfer-Encoding: binary');
header("X-Accel-Redirect: /downloads/${row['fileID']}.${row['fileExtension']}");
} else {
header("Content-Disposition: attachment; filename=\"${row['fileName']}.${row['fileExtension']}\"");
set_time_limit(0);
$fp = @fopen(EASYWIDIR . "/downloads/${row['fileID']}.${row['fileExtension']}","rb");
while(!feof($fp)) {
print(@fread($fp, 1024));
ob_flush();
flush();
}
}
$query2 = $sql->prepare("UPDATE `page_downloads` SET `count`=(`count`+1) WHERE `fileID`=? LIMIT 1");
$query2->execute(array($downloadID));
$query2 = $sql->prepare("INSERT INTO `page_downloads_log` (`fileID`,`date`,`ip`,`hostname`) VALUES (?,NOW(),?,?) ON DUPLICATE KEY UPDATE `fileID`=`fileID`+1");
$query2->execute(array($downloadID, $loguserip, $userHostname));
if ($row['external'] == 'N') {
$fileWithPath = EASYWIDIR . "/downloads/${row['fileID']}.${row['fileExtension']}";
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$contentType = finfo_file($finfo, $fileWithPath);
finfo_close($finfo);
header("Content-Type: ${contentType}");
if (strpos(strtolower($ui->server['SERVER_SOFTWARE']),'nginx') !== false) {
header('Content-Length: ' . (string) (filesize($fileWithPath)));
header('Cache-Control: public, must-revalidate');
header('Pragma: no-cache');
header("Content-Disposition: attachment; filename=\"${row['fileName']}.${row['fileExtension']}\"");
header('Content-Transfer-Encoding: binary');
header("X-Accel-Redirect: /downloads/${row['fileID']}.${row['fileExtension']}");
} else {
header("Content-Disposition: attachment; filename=\"${row['fileName']}.${row['fileExtension']}\"");
set_time_limit(0);
$fp = @fopen(EASYWIDIR . "/downloads/${row['fileID']}.${row['fileExtension']}","rb");
while(!feof($fp)) {
print(@fread($fp, 1024));
ob_flush();
flush();
}
}
} else {
header("location: ${row['externalURL']}");
}
die;
} else {
@ -118,7 +123,7 @@ if (isset($downloadID)) {
$query = $sql->prepare("SELECT d.*,t.`text` FROM `page_downloads` d LEFT JOIN `translations` t ON t.`type`='pd' AND t.`transID`=d.`fileID` AND t.`lang`=? ORDER BY d.`order`,d.`fileID`");
$query->execute(array($user_language));
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
if (($row['show'] == 'E' or ($row['show'] == 'A' and isset($admin_id)) or ($row['show'] == 'R' and (isset($user_id) or isset($admin_id)))) and file_exists(EASYWIDIR . "/downloads/${row['fileID']}.${row['fileExtension']}")) {
if (($row['show'] == 'E' or ($row['show'] == 'A' and isset($admin_id)) or ($row['show'] == 'R' and (isset($user_id) or isset($admin_id)))) and ($row['external'] == 'Y' or ($row['external'] == 'N' and file_exists(EASYWIDIR . "/downloads/${row['fileID']}.${row['fileExtension']}")))) {
$table[] = array('id' => $row['fileID'], 'description' => $row['description'], 'link' => (isset($seo) and $seo == 'Y') ? $page_data->pages['downloads']['link'].'get/'.$row['fileID'].'/' : $page_data->pages['downloads']['link'].'&amp;action=get&amp;id='.$row['fileID'], 'text' => $row['text']);
}
}

2
stuff/data/table_page_downloads.php
View File

@ -39,6 +39,8 @@
$defined['page_downloads'] = array(
'fileID' => array("Type"=>"int(10) unsigned","Null"=>"NO","Key"=>"PRI","Default"=>"","Extra"=>"auto_increment"),
'external' => array("Type"=>"enum('Y','N')","Null"=>"YES","Key"=>"","Default"=>"N","Extra"=>""),
'externalURL' => array("Type"=>"varchar(255)","Null"=>"YES","Key"=>"","Default"=>"","Extra"=>""),
'show' => array("Type"=>"enum('A','R','N','E')","Null"=>"YES","Key"=>"","Default"=>"E","Extra"=>""),
'order' => array("Type"=>"int(10) unsigned","Null"=>"NO","Key"=>"MUL","Default"=>"0","Extra"=>""),
'count' => array("Type"=>"int(10) unsigned","Null"=>"NO","Key"=>"","Default"=>"0","Extra"=>""),

17
template/default/admin/admin_page_downloads_add.tpl
View File

@ -22,9 +22,24 @@
<div class="box-body">
<div class="form-group">
<label for="inputExternal"><?php echo $sprache->external;?></label>
<div class="controls">
<select id="inputExternal" class="form-control" name="external" onchange="SwitchShowHideRows(this.value,'externalSwitch');">
<option value="N"><?php echo $gsprache->no;?></option>
<option value="Y" <?php if ($external=='Y') echo 'selected="selected"';?>><?php echo $gsprache->yes;?></option>
</select>
</div>
</div>
<div class="Y externalSwitch form-group<?php if($external=='N') echo ' display_none';?>">
<label for="inputExternalURL"><?php echo $sprache->externalURL;?></label>
<div class="controls"><input id="inputExternalURL" class="form-control" type="text" name="externalURL" value="<?php echo $externalURL;?>"></div>
</div>
<div class="N externalSwitch form-group<?php if($external=='Y') echo ' display_none';?>">
<label for="inputUpload"><?php echo $sprache->upload;?></label>
<div class="controls">
<input id="inputUpload" type="file" name="upload" required>
<input id="inputUpload" type="file" name="upload">
</div>
</div>

17
template/default/admin/admin_page_downloads_mod.tpl
View File

@ -26,10 +26,12 @@
<div class="controls"><input class="form-control" id="inputCount" type="text" name="downloads" value="<?php echo $count?>" readonly="readonly"></div>
</div>
<?php if($external=='N') { ?>
<div class="form-group">
<label for="inputFile"><?php echo $gsprache->file;?></label>
<div class="controls"><input class="form-control" id="inputFile" type="text" name="file" value="<?php echo $id.'.'.$fileExtension?>" readonly="readonly"></div>
</div>
<?php } ?>
<div class="form-group">
<label for="inputDate"><?php echo $sprache->date;?></label>
@ -40,6 +42,21 @@
<div class="box-body">
<div class="form-group">
<label for="inputExternal"><?php echo $sprache->external;?></label>
<div class="controls">
<select id="inputExternal" class="form-control" name="external" onchange="SwitchShowHideRows(this.value,'externalSwitch');">
<option value="N"><?php echo $gsprache->no;?></option>
<option value="Y" <?php if ($external=='Y') echo 'selected="selected"';?>><?php echo $gsprache->yes;?></option>
</select>
</div>
</div>
<div class="Y externalSwitch form-group<?php if($external=='N') echo ' display_none';?>">
<label for="inputExternalURL"><?php echo $sprache->externalURL;?></label>
<div class="controls"><input id="inputExternalURL" class="form-control" type="text" name="externalURL" value="<?php echo $externalURL;?>"></div>
</div>
<div class="N externalSwitch form-group<?php if($external=='Y') echo ' display_none';?>">
<label class="control-label" for="inputUpload"><?php echo $sprache->upload;?></label>
<div class="controls">
<input id="inputUpload" type="file" name="upload">