<?php
$chunk=20480; // bytes
set_time_limit(0);
ignore_user_abort(true);
set_magic_quotes_runtime(0);
require'includes/constants.inc.php';
require'includes/db.class.php';
require'includes/mime.inc.php';
function out($f){header('Content-type: image/gif');@readfile($f);exit;}
$DB=new DB;if($DB->open(UPLOADER_SETTINGS))$UFD=$DB->get('userfiles_dir');else exit("Couldn't open ".UPLOADER_SETTINGS);
$userid=@$_GET['userid']?(int)$_GET['userid']:exit('No userid.');
$FILE=@$_GET['file']?$_GET['file']:exit('No file.');
$ACT=@$_GET['action'];
if(get_magic_quotes_gpc()){$FILE=stripslashes($FILE);}
if(strstr($FILE,'../'))exit('Access Denied');
$PATH="$UFD/$userid/$FILE";
//work around for special chars
if(!is_file($PATH))
{
$fname=basename(rawurldecode($_SERVER['REQUEST_URI']));
if(strstr($fname,'../'))exit('Access Denied');
$PATH="$UFD/$userid/".dirname($FILE)."/$fname";
$FILE=$fname;
clearstatcache();
}
// file exists?
if(is_file($PATH))
{
# Update bandwidth counter
$size=filesize($PATH);
$user=new User;
if($user->open($userid))
{
$uinfo=$user->all();
$bw_used=$uinfo['bw_used'];
$bw_max=$uinfo['bw_max']*1024;
# Reached limit?
if($bw_max!=0&&$bw_used>$bw_max)
{
# auto reset?
if($uinfo['bw_auto_reset'])
{
# Yes, only if last reset > bw_reset_period
$lstrst=(time()-$uinfo['bw_last_reset'])/86400; // days
if($lstrst>=$uinfo['bw_reset_period']) {$user->set('bw_last_reset',time()); $user->set('bw_used',0);$user->save();$bw_used=0;}
else out('data/bandwidth_exceeded.gif');
}
else
{
# Wait for admin to reset by adding user to the list
if($uinfo['bw_limit_notice']==0)
{
require_once 'includes/index.class.php';
$bw_idx=new Index;
if($bw_idx->open(BANDWIDTH_INDEX)){if($bw_idx->search($uinfo['name'])===false){$bw_idx->insert($uinfo['name'],$userid);$bw_idx->save();}}
$user->set('bw_limit_notice',1);
$user->save();
}
else out('data/bandwidth_exceeded.gif');
}
}
# Send & update
header('Content-disposition: '.($ACT=='download'?'attachment;':'').'filename="'.rawurlencode(basename($FILE)).'";');
header('Content-type: '.mime_type($PATH));
header('Content-length: '.$size);
header('Cache-control: max-age=2592000');
header('Expires: '.gmdate('D, d M Y H:i:s \G\M\T',time()+2592000));
$sent=0; $fp=fopen($PATH, 'rb');
do{$buffer=fread($fp,$chunk);$sent+=strlen($buffer);print$buffer;flush();}while(!feof($fp)&&!connection_aborted());
fclose($fp);
unset($user);
$user=new User;
$user->open($userid);
$user->set('bw_used',$user->get('bw_used')+($sent/1024));
$user->save();
}
else exit('Could not open user data.');
}
else out('data/file_not_found.gif');
?>