Component-Builder-fork/admin/custom/downloadController.php

154 lines
4.0 KiB
PHP
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
/**
*
*@version 2.0.0 - September 03, 2014
*@package Component Builder
*@author Llewellyn van de Merwe <http://www.vdm.io>
*@copyright Copyright (C) 2014. All Rights Reserved
*@license GNU/GPL Version 2 or later - http://www.gnu.org/licenses/gpl-2.0.html
*
**/
// No direct access to this file
defined('_JEXEC') or die('Restricted access');
?>
###BOM###
// No direct access to this file
defined('_JEXEC') or die('Restricted access');
// import Joomla controllerform library
jimport('joomla.application.component.controller');
/**
* ###Component### Download Controller
*/
class ###Component###ControllerDownload extends JControllerLegacy
{
public function __construct($config)
{
parent::__construct($config);
// load the tasks
$this->registerTask('file', 'download');
}
public function download()
{
$user = JFactory::getUser();
$jinput = JFactory::getApplication()->input;
// Check Token!
$token = JSession::getFormToken();
$call_token = $jinput->get('token', 0, 'ALNUM');
$userAllowed = $jinput->get('key', NULL, 'INT');
if($user->id != 0 && $userAllowed == $user->id && $token == $call_token)
{
$task = $this->getTask();
switch($task)
{
case 'file':
$enUrl = $jinput->get('link', NULL, 'BASE64');
$filename = $jinput->get('filename', NULL, 'CMD');
if(base64_encode(base64_decode($enUrl, true)) === $enUrl && $filename)
{
// Get local key
$localkey = md5(JComponentHelper::getParams('com_###component###')->get('basic_key', 'localKey34fdWEkl'));
$opener = new FOFEncryptAes($localkey, 256);
$link = rtrim($opener->decryptString(base64_decode($enUrl)));
$info = $this->getContentInfo($link);
// set headers
if (isset($info['type']) && $info['type'])
{
header('Content-Type: '.$info['type']);
}
elseif (strpos($filename, '.mp3') !== false)
{
header('Content-Type: audio/mpeg');
}
else
{
header('Content-Type: application/octet-stream');
}
header("Content-Transfer-Encoding: Binary");
header("Content-disposition: attachment; filename=\"" . $filename . "\"");
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
if (isset($info['filesize']) && $info['filesize'])
{
header('Content-Length: ' . $info['filesize']);
}
ob_clean();
flush();
// this is faster but expose the dropbox url
// header("Location: $link");
// this is slower but better much more secure
readfile($link);
jexit();
}
break;
}
}
return false;
}
protected function getContentInfo($url)
{
// we first try the curl option
if ($this->_isCurl())
{
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_NOBODY, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$data = curl_exec($ch);
curl_close($ch);
}
else
{
// then we try getheaders (this is slower)
stream_context_set_default( array('http' => array('method' => 'HEAD')));
$headers = get_headers($url);
if (###Component###Helper::checkArray($headers))
{
$data = implode("\n", $headers);
}
}
// get the Content Length
if (preg_match('/Content-Length: (\d+)/', $data, $matches))
{
// Contains file size in bytes
$found['filesize'] = (int)$matches[1];
}
// get the Content Type
if (preg_match_all('/Content-Type: (.+)/', $data, $matches))
{
foreach ($matches[1] as $match)
{
// not the html
if (strpos( $match, 'text/html') === false)
{
$found['type'] = $match;
break;
}
}
}
// return found values
if (isset($found) && ###Component###Helper::checkArray($found))
{
return $found;
}
return false;
}
protected function _isCurl()
{
return function_exists('curl_version');
}
}