okay, dann nichadidas hat geschrieben:nein will ich nicht, also ist ok, dass es zeigt dass es von meiner seite downloadet, obwohl es von meinem freunds webspace tutNico Haase hat geschrieben:da müsstest du die download.php modifizieren. stell sie mir mal zum download bereit und ich werf nen blick rein
klappt den der download? auf jeden fall gibts kein patentrezept für diese lösung - und ohne einen einblick in die download.php kann ich sowieso nicht helfenCode: Alles auswählen
<?php
/***************************************************************************
* download.php
* -------------------
* begin : Monday, Apr 1, 2002
* copyright : (C) 2002 Meik Sievertsen
* email : acyd.burn@gmx.de
*
* $Id: download.php,v 1.39 2004/12/09 20:12:12 acydburn Exp $
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
if ( defined('IN_PHPBB') )
{
die('Hacking attempt');
exit;
}
define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
//
// Delete the / * to uncomment the block, and edit the values (read the comments) to
// enable additional security to your board (preventing third site linkage)
//
/*
define('ALLOWED_DENIED', 0);
define('DENIED_ALLOWED', 1);
//
// From this line on you are able to edit the stuff
//
// Possible Values:
// ALLOWED_DENIED <- First allow the listed sites, and then deny all others
// DENIED_ALLOWED <- First deny the listed sites, and then allow all others
$allow_deny_order = ALLOWED_DENIED;
//
// Allowed Syntax:
// Full Domain Name -> www.opentools.de
// Partial Domain Names -> opentools.de
//
$sites = array(
$board_config['server_name'], // This is your domain
'opentools.de',
'phpbb.com',
'phpbbhacks.com',
'phpbb.de'
);
// This is the message displayed, if someone links to this site...
$lang['Denied_Message'] = 'You are not authorized to view, download or link to this Site.';
// End of editable area
//
// Parse the order and evaluate the array
//
$site = explode('?', $HTTP_SERVER_VARS['HTTP_REFERER']);
$url = trim($site[0]);
//$url = $HTTP_HOST;
if ($url != '')
{
$allowed = ($allow_deny_order == ALLOWED_DENIED) ? FALSE : TRUE;
for ($i = 0; $i < count($sites); $i++)
{
if (strstr($url, $sites[$i]))
{
$allowed = ($allow_deny_order == ALLOWED_DENIED) ? TRUE : FALSE;
break;
}
}
}
else
{
$allowed = TRUE;
}
if ($allowed == FALSE)
{
message_die(GENERAL_MESSAGE, $lang['Denied_Message']);
}
// Delete the following line, to uncomment this block
*/
$download_id = get_var('id', 0);
$thumbnail = get_var('thumb', 0);
// Send file to browser
function send_file_to_browser($attachment, $upload_dir)
{
global $_SERVER, $HTTP_USER_AGENT, $HTTP_SERVER_VARS, $lang, $db, $attach_config;
$filename = ($upload_dir == '') ? $attachment['physical_filename'] : $upload_dir . '/' . $attachment['physical_filename'];
$gotit = FALSE;
if (!intval($attach_config['allow_ftp_upload']))
{
if (@!file_exists(@amod_realpath($filename)))
{
message_die(GENERAL_ERROR, $lang['Error_no_attachment'] . "<br /><br /><b>404 File Not Found:</b> The File <i>" . $filename . "</i> does not exist.");
}
else
{
$gotit = TRUE;
}
}
//
// Determine the Browser the User is using, because of some nasty incompatibilities.
// Most of the methods used in this function are from phpMyAdmin. :)
//
if (!empty($_SERVER['HTTP_USER_AGENT']))
{
$HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
}
else if (!empty($HTTP_SERVER_VARS['HTTP_USER_AGENT']))
{
$HTTP_USER_AGENT = $HTTP_SERVER_VARS['HTTP_USER_AGENT'];
}
else if (!isset($HTTP_USER_AGENT))
{
$HTTP_USER_AGENT = '';
}
if (ereg('Opera(/| )([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version))
{
$browser_version = $log_version[2];
$browser_agent = 'opera';
}
else if (ereg('MSIE ([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version))
{
$browser_version = $log_version[1];
$browser_agent = 'ie';
}
else if (ereg('OmniWeb/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version))
{
$browser_version = $log_version[1];
$browser_agent = 'omniweb';
}
else if (ereg('Netscape([0-9]{1})', $HTTP_USER_AGENT, $log_version))
{
$browser_version = $log_version[1];
$browser_agent = 'netscape';
}
else if (ereg('Mozilla/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version))
{
$browser_version = $log_version[1];
$browser_agent = 'mozilla';
}
else if (ereg('Konqueror/([0-9].[0-9]{1,2})', $HTTP_USER_AGENT, $log_version))
{
$browser_version = $log_version[1];
$browser_agent = 'konqueror';
}
else
{
$browser_version = 0;
$browser_agent = 'other';
}
// Correct the mime type - we force application/octetstream for all files, except images
// Please do not change this, it is a security precaution
if (!strstr($attachment['mimetype'], 'image'))
{
$attachment['mimetype'] = ($browser_agent == 'ie' || $browser_agent == 'opera') ? 'application/octetstream' : 'application/octet-stream';
}
// Now the tricky part... let's dance
// @ob_end_clean();
// @ini_set('zlib.output_compression', 'Off');
header('Pragma: public');
// header('Content-Transfer-Encoding: none');
// Send out the Headers
header('Content-Type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"');
header('Content-Disposition: inline; filename="' . $attachment['real_filename'] . '"');
//
// Now send the File Contents to the Browser
//
if ($gotit)
{
$size = @filesize($filename);
if ($size)
{
header("Content-length: $size");
}
readfile($filename);
}
else if (!$gotit && intval($attach_config['allow_ftp_upload']))
{
$conn_id = attach_init_ftp();
$ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
$tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : $upload_dir . '/tmp';
$tmp_filename = @tempnam($tmp_path, 't0000');
@unlink($tmp_filename);
$mode = FTP_BINARY;
if ( (preg_match("/text/i", $attachment['mimetype'])) || (preg_match("/html/i", $attachment['mimetype'])) )
{
$mode = FTP_ASCII;
}
$result = @ftp_get($conn_id, $tmp_filename, $filename, $mode);
if (!$result)
{
message_die(GENERAL_ERROR, $lang['Error_no_attachment'] . "<br /><br /><b>404 File Not Found:</b> The File <i>" . $filename . "</i> does not exist.");
}
@ftp_quit($conn_id);
$size = @filesize($tmp_filename);
if ($size)
{
header("Content-length: $size");
}
readfile($tmp_filename);
@unlink($tmp_filename);
}
else
{
message_die(GENERAL_ERROR, $lang['Error_no_attachment'] . "<br /><br /><b>404 File Not Found:</b> The File <i>" . $filename . "</i> does not exist.");
}
exit;
}
//
// End Functions
//
//
// Start Session Management
//
$userdata = session_pagestart($user_ip, PAGE_INDEX);
init_userprefs($userdata);
if (!$download_id)
{
message_die(GENERAL_ERROR, $lang['No_attachment_selected']);
}
if ($attach_config['disable_mod'] && $userdata['user_level'] != ADMIN)
{
message_die(GENERAL_MESSAGE, $lang['Attachment_feature_disabled']);
}
$sql = 'SELECT *
FROM ' . ATTACHMENTS_DESC_TABLE . "
WHERE attach_id = $download_id";
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not query attachment informations', '', __LINE__, __FILE__, $sql);
}
if (!($attachment = $db->sql_fetchrow($result)))
{
message_die(GENERAL_MESSAGE, $lang['Error_no_attachment']);
}
$attachment['physical_filename'] = basename($attachment['physical_filename']);
$db->sql_freeresult($result);
// get forum_id for attachment authorization or private message authorization
$authorised = false;
$sql = 'SELECT *
FROM ' . ATTACHMENTS_TABLE . '
WHERE attach_id = ' . $attachment['attach_id'];
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not query attachment informations', '', __LINE__, __FILE__, $sql);
}
$auth_pages = $db->sql_fetchrowset($result);
$num_auth_pages = $db->sql_numrows($result);
for ($i = 0; $i < $num_auth_pages && $authorised == false; $i++)
{
if (intval($auth_pages[$i]['post_id']) != 0)
{
$sql = 'SELECT forum_id
FROM ' . POSTS_TABLE . '
WHERE post_id = ' . $auth_pages[$i]['post_id'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not query post information', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$forum_id = $row['forum_id'];
$is_auth = array();
$is_auth = auth(AUTH_ALL, $forum_id, $userdata);
if ($is_auth['auth_download'])
{
$authorised = TRUE;
}
}
else
{
if ( (intval($attach_config['allow_pm_attach'])) && ( ($userdata['user_id'] == $auth_pages[$i]['user_id_2']) || ($userdata['user_id'] == $auth_pages[$i]['user_id_1']) ) || ($userdata['user_level'] == ADMIN) )
{
$authorised = TRUE;
}
}
}
if (!$authorised)
{
message_die(GENERAL_MESSAGE, $lang['Sorry_auth_view_attach']);
}
//
// Get Information on currently allowed Extensions
//
$sql = "SELECT e.extension, g.download_mode
FROM " . EXTENSION_GROUPS_TABLE . " g, " . EXTENSIONS_TABLE . " e
WHERE (g.allow_group = 1) AND (g.group_id = e.group_id)";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not query Allowed Extensions.', '', __LINE__, __FILE__, $sql);
}
$rows = $db->sql_fetchrowset($result);
$num_rows = $db->sql_numrows($result);
for ($i = 0; $i < $num_rows; $i++)
{
$extension = strtolower(trim($rows[$i]['extension']));
$allowed_extensions[] = $extension;
$download_mode[$extension] = $rows[$i]['download_mode'];
}
//
// disallowed ?
//
if ( (!in_array($attachment['extension'], $allowed_extensions)) && ($userdata['user_level'] != ADMIN) )
{
message_die(GENERAL_MESSAGE, sprintf($lang['Extension_disabled_after_posting'], $attachment['extension']));
}
$download_mode = intval($download_mode[$attachment['extension']]);
if ($thumbnail)
{
$attachment['physical_filename'] = THUMB_DIR . '/t_' . $attachment['physical_filename'];
}
//
// Update download count
//
if (!$thumbnail)
{
$sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . '
SET download_count = download_count + 1
WHERE attach_id = ' . $attachment['attach_id'];
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Couldn\'t update attachment download count', '', __LINE__, __FILE__, $sql);
}
}
//
// Determine the 'presenting'-method
//
if ($download_mode == PHYSICAL_LINK)
{
$server_protocol = ($board_config['cookie_secure']) ? 'https://' : 'http://';
$server_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['server_name']));
$server_port = ($board_config['server_port'] <> 80) ? ':' . trim($board_config['server_port']) : '';
$script_name = preg_replace('/^\/?(.*?)\/?$/', '/\1', trim($board_config['script_path']));
if ($script_name[strlen($script_name)] != '/')
{
$script_name .= '/';
}
if (intval($attach_config['allow_ftp_upload']))
{
if (trim($attach_config['download_path']) == '')
{
message_die(GENERAL_ERROR, 'Physical Download not possible with the current Attachment Setting');
}
$url = trim($attach_config['download_path']) . '/' . $attachment['physical_filename'];
$redirect_path = $url;
}
else
{
$url = $upload_dir . '/' . $attachment['physical_filename'];
// $url = preg_replace('/^\/?(.*?\/)?$/', '\1', trim($url));
$redirect_path = $server_protocol . $server_name . $server_port . $script_name . $url;
}
// Redirect via an HTML form for PITA webservers
if (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')))
{
header('Refresh: 0; URL=' . $redirect_path);
echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><meta http-equiv="refresh" content="0; url=' . $redirect_path . '"><title>Redirect</title></head><body><div align="center">If your browser does not support meta redirection please click <a href="' . $redirect_path . '">HERE</a> to be redirected</div></body></html>';
exit;
}
// Behave as per HTTP/1.1 spec for others
header('Location: ' . $redirect_path);
exit;
}
else
{
if (intval($attach_config['allow_ftp_upload']))
{
// We do not need a download path, we are not downloading physically
send_file_to_browser($attachment, '');
exit;
}
else
{
send_file_to_browser($attachment, $upload_dir);
exit;
}
}
?>kannst du mir mal erklären wie du es gemacht hast? weil ich will auch so was machenadidas hat geschrieben:so es funzt doch
aber ich habe jetzt dazu eine frage:
also sagen wir ich habe die einstellung gemacht, dass das attachtement mod die daten auf www.meinfreundswebspace.de ladet
aber wenn ich nun auf www.meineseite.de was hochlade, zeigt das attachtement mod ja bei diesem download kasten:
http://www.meineseite.de/download.php?id=18
danach wird die datei gedownloadet "Datei Download"
"Möchten sie diese datei öffnen oder speichern?
Name: beispiel.zip
Typ: Winzip-Archive
Von: www.meineseite.de"
Müsste da nicht "von www.meinfreundswebspace.de" stehen? und wenn jemand dann die datei downloadet, geht von mir traffic weg oder von mein freunds webspace?
weil da steht ja von www.meineseite.de und man klickt ja auch www.meineseite.de/download.php?id=18 an
konnte ich es richtig erklären?
