Skip to content
This repository
Fetching contributors…

Cannot retrieve contributors at this time

file 77 lines (66 sloc) 2.352 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
<?php
/**
* Handle attachment downloads
*
* PHP Version 5.3
*
* This Source Code Form is subject to the terms of the Mozilla Public License,
* v. 2.0. If a copy of the MPL was not distributed with this file, You can
* obtain one at http://mozilla.org/MPL/2.0/.
*
* @category phpMyFAQ
* @package Frontend
* @author Anatoliy Belsky <ab@php.net>
* @copyright 2009-2012 phpMyFAQ Team
* @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
* @link http://www.phpmyfaq.de
* @since 2009-06-23
*/

if (!defined('IS_VALID_PHPMYFAQ')) {
    header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']));
    exit();
}

set_time_limit(0);

if (headers_sent()) {
    die();
}

$attachmentErrors = array();

// authenticate with session information
$user = PMF_User_CurrentUser::getFromSession($faqConfig);
if (!$user instanceof PMF_User_CurrentUser) {
    $user = new PMF_User_CurrentUser($faqConfig); // user not logged in -> empty user object
}

$id = PMF_Filter::filterInput(INPUT_GET, 'id', FILTER_VALIDATE_INT);
$attachment = PMF_Attachment_Factory::create($id);

$userPermission = $faq->getPermission('user', $attachment->getRecordId());
$groupPermission = $faq->getPermission('group', $attachment->getRecordId());

// Check on group permissions
if ($user->perm instanceof PMF_Perm_PermMedium) {
    if (count($groupPermission) && in_array($groupPermission[0], $user->perm->getUserGroups($user->getUserId()))) {
        $groupPermission = true;
    } else {
        $groupPermission = false;
    }
} else {
    $groupPermission = true;
}

// Check in user's permissions
if (in_array($user->getUserId(), $userPermission)) {
    $userPermission = true;
} else {
    $userPermission = false;
}

if ($attachment && ($groupPermission || ($groupPermission && $userPermission))) {
    try {
        $attachment->rawOut();
        exit(0);
    } catch (Exception $e) {
        $attachmentErrors[] = $PMF_LANG['msgAttachmentInvalid'] . ' (' . $e->getMessage() . ')';
    }
} else {
    $attachmentErrors[] = $PMF_LANG['err_NotAuth'];
}

// If we're here, there was an error with file download
$tpl->parseBlock('writeContent', 'attachmentErrors', array('item' => implode('<br/>', $attachmentErrors)));
$tpl->parse('writeContent', array());
$tpl->merge('writeContent', 'index');
Something went wrong with that request. Please try again.