Component-Builder/admin/custom/downloadController.php

<?php
/**
*
*  @version		2.0.0 - September 03, 2014
*  @package		Component Builder
*  @author		Llewellyn van de Merwe <http://www.vdm.io>
*  @copyright		Copyright (C) 2014. All Rights Reserved
*  @license		GNU/GPL Version 2 or later - http://www.gnu.org/licenses/gpl-2.0.html
*
**/

// No direct access to this file
defined('_JEXEC') or die('Restricted access');
?>
###BOM###

// No direct access to this file
defined('_JEXEC') or die('Restricted access');

// import Joomla controllerform library
jimport('joomla.application.component.controller');

/**
 * ###Component### Download Controller
 */
class ###Component###ControllerDownload extends JControllerLegacy
{
	
	public function __construct($config)
	{
		parent::__construct($config);
		// load the tasks 
		$this->registerTask('file', 'download');
	}
	
	public function download()
	{
		$user 		= JFactory::getUser();
		$jinput 	= JFactory::getApplication()->input;
		// Check Token!
		$token 		= JSession::getFormToken();
		$call_token	= $jinput->get('token', 0, 'ALNUM');
		$userAllowed	= $jinput->get('key', NULL, 'INT');
		if($user->id != 0 && $userAllowed == $user->id && $token == $call_token)
                {
			$task = $this->getTask();
			switch($task)
                        {
				case 'file':
					$enUrl = $jinput->get('link', NULL, 'BASE64');
					$filename = $jinput->get('filename', NULL, 'CMD');
					if(base64_encode(base64_decode($enUrl, true)) === $enUrl && $filename)
					{
						// Get local key
						$localkey = md5(JComponentHelper::getParams('com_###component###')->get('basic_key', 'localKey34fdWEkl'));
						$opener = new FOFEncryptAes($localkey, 256);
						$link = rtrim($opener->decryptString(base64_decode($enUrl)));
						$info = $this->getContentInfo($link);
						// set headers
						if (isset($info['type']) && $info['type'])
						{
							header('Content-Type: '.$info['type']);
						}
						elseif (strpos($filename, '.mp3') !== false)
						{
							header('Content-Type: audio/mpeg');
						}
						else
						{
							header('Content-Type: application/octet-stream');
						}
						header("Content-Transfer-Encoding: Binary"); 
						header("Content-disposition: attachment; filename=\"" . $filename . "\"");
						header('Expires: 0');
						header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
						header('Pragma: public');
						if (isset($info['filesize']) && $info['filesize'])
						{
							header('Content-Length: ' . $info['filesize']);
						}
						ob_clean();
						flush();
						// this is faster but expose the dropbox url
						// header("Location: $link");
						// this is slower but better much more secure
						readfile($link); 
						jexit();
					}
				break;
			}
		}
                
		return false;
	}
	
	protected function getContentInfo($url)
	{
		// we first try the curl option
		if ($this->_isCurl())
		{
			$ch = curl_init($url);
			curl_setopt($ch, CURLOPT_NOBODY, true);
			curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
			curl_setopt($ch, CURLOPT_HEADER, true);
			curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

			$data = curl_exec($ch);
			curl_close($ch);
		}
		else
		{
			// then we try getheaders (this is slower)
			stream_context_set_default( array('http' => array('method' => 'HEAD')));
			$headers = get_headers($url);
			if (###Component###Helper::checkArray($headers))
			{
				$data = implode("\n", $headers);
			}
		}
		// get the Content Length
		if (preg_match('/Content-Length: (\d+)/', $data, $matches))
		{
			// Contains file size in bytes
			$found['filesize'] = (int)$matches[1];

		}
		// get the Content Type
		if (preg_match_all('/Content-Type: (.+)/', $data, $matches))
		{
			foreach ($matches[1] as $match)
			{
				// not the html
				if (strpos( $match, 'text/html') === false)
				{
					$found['type'] =  $match;
					break;
				}
			}

		}
		// return found values
		if (isset($found) && ###Component###Helper::checkArray($found))
		{
			return $found;
		}
		return false;
	}
	
	protected function _isCurl()
	{
		return function_exists('curl_version');
	}
}