get.php

   1 <?php
   2 /************************************************************************/
   3 /* AContent                                                             */
   4 /************************************************************************/
   5 /* Copyright (c) 2010                                                   */
   6 /* Inclusive Design Institute                                           */
   7 /*                                                                      */
   8 /* This program is free software. You can redistribute it and/or        */
   9 /* modify it under the terms of the GNU General Public License          */
  10 /* as published by the Free Software Foundation.                        */
  11 /************************************************************************/
  12
  13 define('TR_INCLUDE_PATH', 'include/');
  14 @ob_end_clean();
  15 header("Content-Encoding: none");
  16 if (isset($_GET['test'])) {
  17         header('HTTP/1.1 200 OK', TRUE);
  18         header('Trans-Get: OK');
  19         exit;
  20 }
  21 $in_get = TRUE;
  22
  23 require(TR_INCLUDE_PATH . 'vitals.inc.php');
  24 require(TR_INCLUDE_PATH . 'lib/mime.inc.php');
  25
  26 $force_download = false;
  27
  28 //get path to file
  29 if (defined('TR_FORCE_GET_FILE') && TR_FORCE_GET_FILE) {
  30         if ((version_compare(phpversion(), '5.2.0', '<') > 0) && !empty($_SERVER['ORIG_PATH_INFO'])){
  31                 //http://www.atutor.ca/atutor/mantis/view.php?id=3436
  32                 $current_file = $_SERVER['ORIG_PATH_INFO'];
  33         } else if (!empty($_SERVER['PATH_INFO'])) {
  34         $current_file = $_SERVER['PATH_INFO'];
  35         } else if (!empty($_SERVER['REQUEST_URI'])) {
  36                 $current_file = $_SERVER['REQUEST_URI'];
  37     } else if (!empty($_SERVER['PHP_SELF'])) {
  38                 if (!empty($_SERVER['QUERY_STRING'])) {
  39             $current_file = $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'];
  40         } else {
  41                 $current_file = $_SERVER['PHP_SELF'];
  42                 }
  43     } else if (!empty($_SERVER['SCRIPT_NAME'])) {
  44                 if (!empty($_SERVER['QUERY_STRING'])) {
  45             $current_file = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];
  46         } else {
  47                 $current_file = $_SERVER['SCRIPT_NAME'];
  48                 }
  49     } else if (!empty($_SERVER['URL'])) {
  50         if (!empty($_SERVER['QUERY_STRING'])) {
  51             $current_file = $_SERVER['URL'] . '?' . $_SERVER['QUERY_STRING'];
  52         }
  53         $current_file = $_SERVER['URL'];
  54         }
  55
  56         if (($pos = strpos($current_file, '/get.php')) !== FALSE) {
  57                 $current_file = substr($current_file, $pos + strlen('/get.php'));
  58         }
  59         if (substr($current_file, 0, 2) == '/@') {
  60                 $force_download = true;
  61                 $current_file = substr($current_file, 2);
  62         }
  63 } else {
  64         $current_file = $_GET['f'];
  65
  66         if (substr($current_file, 0, 2) == '/@') {
  67                 $force_download = true;
  68                 $current_file = substr($current_file, 2);
  69         }
  70 }
  71
  72 $file_name = pathinfo($current_file);
  73 $file_name = $file_name['basename'];
  74
  75 if (substr($file_name, 0, 4) == 'b64:') {
  76         $base64_file_name = substr($file_name, 4);
  77         $file_name = base64_decode($base64_file_name);
  78         $current_file = '/'.$file_name;
  79 }
  80
  81
  82 $file = TR_CONTENT_DIR . $_SESSION['course_id'] . $current_file;
  83
  84 //send header mime type
  85 $pathinfo = pathinfo($file);
  86 $ext = $pathinfo['extension'];
  87 if ($ext == '') {
  88         $ext = 'application/octet-stream';
  89 } else {
  90         $ext = $mime[$ext][0];
  91 }
  92
  93 //check that this file is within the content directory & exists
  94
  95 // NOTE!! for some reason realpath() is not returning FALSE when the file doesn't exist!
  96 $real = realpath($file);
  97
  98 if (file_exists($real) && (substr($real, 0, strlen(TR_CONTENT_DIR)) == TR_CONTENT_DIR)) {
  99         if ($force_download) {
 100                 header('Content-Type: application/force-download');
 101                 header('Content-transfer-encoding: binary');
 102                 header('Content-Disposition: attachment; filename="'.$pathinfo['basename'].'"');
 103         } else {
 104                 header('Content-Disposition: filename="'.$pathinfo['basename'].'"');
 105         }
 106
 107         /**
 108          * although we can check if mod_xsendfile is installed in apache2
 109          * we can't actually check if it's enabled. also, we can't check if
 110          * it's enabled and installed in lighty, so instead we send the
 111          * header anyway, if it works then the line after it will not
 112          * execute. if it doesn't work, then the line after it will replace
 113          * it so that the full server path is not exposed.
 114          *
 115          * x-sendfile is supported in apache2 and lighttpd 1.5+ (previously
 116          * named x-send-file in lighttpd 1.4)
 117          */
 118         header('x-Sendfile: '.$real);
 119         header('x-Sendfile: ', TRUE); // if we get here then it didn't work
 120
 121         header('Content-Type: '.$ext);
 122     //a hack for http://atutor.ca/atutor/mantis/view.php?id=4531
 123     //@harris
 124     if ($pathinfo['extension']=='mp3' || $pathinfo['extension']=='mp4') {
 125         header('Content-length: '.filesize($real));
 126     }
 127
 128         @readfile($real);
 129         exit;
 130 } else {
 131         header('HTTP/1.1 404 Not Found', TRUE);
 132         exit;
 133 }
 134
 135 ?>