Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Downloads are now secured using md5 hashing logic instead of using my…
…sql database to keep track of random keys. Download links are valid for two days only. The default interval WordPress uses for theme updates is 12 hours.
- Loading branch information
1 parent
6345736
commit c48e5d1
Showing
8 changed files
with
185 additions
and
291 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,73 +1,32 @@ | ||
<?php | ||
/* | ||
* | ||
* One Time Download | ||
* Jacob Wyke | ||
* jacob@frozensheep.com | ||
* | ||
*/ | ||
require_once('packages.php'); | ||
// This is the folder where all update files are stored | ||
$update_folder = './update/'; | ||
|
||
//The directory where the download files are kept - random folder names are best | ||
$strDownloadFolder = "./update/"; | ||
if ( isset( $_GET['key'] ) ) { | ||
// loop over all the theme and plugin arrays | ||
foreach ( $packages as $package ) { | ||
// loop over all the versions for each theme and plugin | ||
foreach ( $package['versions'] as $version ) { | ||
// md5 timestamp of current and previous day and the file name | ||
$tod_md5 = md5( $version['file_name'] . mktime( 0, 0, 0, date( "m" ), date( "d" ), date( "Y" ) ) ); | ||
$yes_md5 = md5( $version['file_name'] . mktime( 0, 0, 0, date( "m" ), date( "d" ) - 1, date( "Y" ) ) ); | ||
// test if the either of the md5 hashes match what was passed | ||
if ( $_GET['key'] == $tod_md5 || $_GET['key'] == $yes_md5 ) { | ||
$download = $update_folder . $version['file_name']; | ||
if ( file_exists( $download ) ) { | ||
//get the file content | ||
$file = file_get_contents( $download ); | ||
|
||
//If you can download a file more than once | ||
$boolAllowMultipleDownload = 0; | ||
//set the headers to force a download | ||
header( "Content-type: application/force-download" ); | ||
header( "Content-Disposition: attachment; filename=\"" . str_replace( " ", "_", $version['file_name'] ) . "\"" ); | ||
|
||
//connect to the DB | ||
|
||
/*********************** | ||
DATABASE INFO | ||
************************/ | ||
|
||
$resDB = mysql_connect("DB_SERVER", "DB_USER", "DB_PASSWORD"); | ||
mysql_select_db("DB_NAME", $resDB); | ||
|
||
if(!empty($_GET['key'])){ | ||
//check the DB for the key | ||
$resCheck = mysql_query("SELECT * FROM downloads WHERE downloadkey = '".mysql_real_escape_string($_GET['key'])."' LIMIT 1"); | ||
$arrCheck = mysql_fetch_assoc($resCheck); | ||
if(!empty($arrCheck['file'])){ | ||
//check that the download time hasnt expired | ||
if($arrCheck['expires']>=time()){ | ||
if(!$arrCheck['downloads'] OR $boolAllowMultipleDownload){ | ||
//everything is hunky dory - check the file exists and then let the user download it | ||
$strDownload = $strDownloadFolder.$arrCheck['file']; | ||
|
||
if(file_exists($strDownload)){ | ||
|
||
//get the file content | ||
$strFile = file_get_contents($strDownload); | ||
|
||
//set the headers to force a download | ||
header("Content-type: application/force-download"); | ||
header("Content-Disposition: attachment; filename=\"".str_replace(" ", "_", $arrCheck['file'])."\""); | ||
|
||
//echo the file to the user | ||
echo $strFile; | ||
|
||
//update the DB to say this file has been downloaded | ||
mysql_query("UPDATE downloads SET downloads = downloads + 1 WHERE downloadkey = '".mysql_real_escape_string($_GET['key'])."' LIMIT 1"); | ||
|
||
exit; | ||
|
||
}else{ | ||
echo "We couldn't find the file to download."; | ||
//echo the file to the user | ||
echo $file; | ||
} | ||
} | ||
} | ||
}else{ | ||
//this file has already been downloaded and multiple downloads are not allowed | ||
echo "This file has already been downloaded."; | ||
} | ||
}else{ | ||
//this download has passed its expiry date | ||
echo "This download has expired."; | ||
} | ||
}else{ | ||
//the download key given didnt match anything in the DB | ||
echo "No file was found to download."; | ||
} | ||
}else{ | ||
//No download key wa provided to this script | ||
echo "No download key was provided. Please return to the previous page and try again."; | ||
} | ||
|
||
?> |
Oops, something went wrong.