Download-Modul mit Prüfung auf Berechtigung

Gesperrt
achiboy
Beiträge: 138
Registriert: Do 26. Aug 2004, 05:05
Kontaktdaten:
Kontaktdaten von achiboy

Beitrag von achiboy »

Downloadliste (Mddul)
Input
?>
<table cellspacing="0" cellpadding="0" cellpadding="4">

<tr>
<td style="font-size:11px">Upload-Zweig:</td>
<td>
<select name="CMS_VAR[0]">
<option value="0"></option>
<?php

$sql = "SELECT DISTINCT dirname from ".$cfg["tab"]["upl"]." WHERE dirname LIKE '%download%' ";

$db->query($sql);

while ( $db->next_record() ) {

$upload_dir=substr_replace($db->f("dirname"),'',(strlen($db->f("dirname"))-1));

if ( "CMS_VALUE[0]" == $upload_dir) {
echo '<option selected="selected" value="'.$upload_dir.'">'.$db->f("dirname").'</option>';

} else {
echo '<option value="'.$upload_dir.'">'.$db->f("dirname").'</option>';

}
}

?>
</select>
</td>
</tr>
</table>

<?php
Output
<?php
$sql = "SELECT idcat, public
FROM ".$cfg["tab"]["cat_lang"]."
WHERE idcat = ".$idcat;

$db->query($sql);
$db->next_record();

if ($db->f("public") == 1 || $perm->have_perm_area_action_item("str","front_allow", $db->f("idcat")) || $perm->have_perm())
{



//Datenbankanfrage wird definiert (was, wo und wie sortiert)
$sql = "SELECT * FROM ".$cfg["tab"]["upl"]." WHERE dirname ='CMS_VALUE[0]/' order by description, filename";


//Verbindung zur Datenbank wird hergestellt
$db->query($sql);

echo '<div class="list"><table width="100%" border="0" cellspacing="2" cellpadding="5">'."\n";
echo ' <tr><td class="headings">Datei</td><td class="headings">Typ</td><td class="headings">Grösse</td></tr>'."\n";

//Link zur Datei im Upload-Verzeichnis
$href = $cfgClient[$client]["htmlpath"]["frontend"] . $cfgClient[$client]["upload"];
$i = 1;
$pdfvorhanden = false;

while ($db->next_record())
{
$filetyp = strtolower($db->f("filetype"));
if ($filetyp == "pdf")
{
$filetyp = $filetyp." *";
$pdfvorhanden = true;
}

if ($db->f("description") != "")
{
$bezeichnung = $db->f("description");
} else {
$bezeichnung = $db->f("filename");
}

echo "<tr class=\"textsmall line_color0\"><td><a title=\"Download: ".$bezeichnung."\" href=\"load.php?id=".$db->f("idupl")."\">".$bezeichnung."</a></td><td>".$filetyp."</td><td style=\"text-align:right\">".round($db->f("size")/1024,1)." KB</td></tr>";
$i++;
}
echo '</table></div>';
if ($pdfvorhanden)
{
echo '<div class="textsmall"><br />* Um diese Dokumente zu öffnen, brauchen Sie den Acrobat Reader.<br />Sie können diesen <a class="klein" onfocus="this.blur()" href="http://www.adobe.com/products/acrobat/readstep.html" target="_blank">kostenlos herunterladen</a>.<br /></div>';
}




} else {
echo 'nicht berechtigt' ;
$link = $sess->url($cfgClient[$client]["path"]["htmlpath"]."front_content.php?idart=78&idcat=62");
echo '<meta http-equiv="refresh" content="0;'.$link.'">';
}

?>
neue Datei "load.php" im Verzeichnis "cms"
<?php

include_once ("config.php");
include_once ($contenido_path . "includes/config.php");
cInclude("includes", "cfg_sql.inc.php");
cInclude("includes", "functions.general.php");
cInclude("includes", "functions.i18n.php");
cInclude("includes", "functions.tpl.php");
cInclude("includes", "functions.con.php");
cInclude("includes", "functions.mod.php");
cInclude("includes", "functions.api.php");
cInclude("classes", 'class.inuse.php');
cInclude("classes", 'class.user.php');
cInclude("classes", 'class.notification.php');
cInclude("classes", 'class.table.php');

$link = "http://www.feg-hauptwil.ch/cms/front_co ... 8&idcat=62";
$upload = "http://www.feg-hauptwil.ch/cms/upload/";
//Frontend
ob_start();
page_open(array('sess' => 'Contenido_Frontend_Session',
'auth' => 'Contenido_Frontend_Challenge_Crypt_Auth',
'perm' => 'Contenido_Perm'));


$db = new DB_Contenido;
if (isset($_POST['id']))
{
$id = intval($_POST['id']);
}
elseif (isset($_GET['id']))
{
$id = intval($_GET['id']);
}
else
{
ob_end_clean();
header("Location: $link");
exit;
}
$sql = "SELECT dirname, filename
FROM ".$cfg["tab"]["upl"]."
WHERE idupl = ".$id;

$db->query($sql);
$db->next_record();
if (!stristr ($db->f("dirname"), "download"))
{
ob_end_clean();
header("Location: $link");
exit;
} else {
$verzeichnis = $db->f("dirname");
$dateiname = $db->f("filename");
}
$suchpfad = '0=' . str_replace("/","%2F",substr($verzeichnis, 0, -1)).'&';

$sql = "SELECT a.public, a.idcat
FROM ".$cfg["tab"]["cat_lang"]." AS a,
".$cfg["tab"]["container_conf"]." AS b,
con_template_conf AS c
WHERE c.idtplcfg = b.idtplcfg AND
c.idtplcfg = a.idtplcfg AND
b.container = '".$suchpfad."'";

$db->query($sql);
if (!$db->next_record())
{
$sql = "SELECT d.public, d.idcat
FROM ".$cfg["tab"]["cat_lang"]." AS d,
".$cfg["tab"]["cat_art"]." AS e,
".$cfg["tab"]["art_lang"]." AS a,
".$cfg["tab"]["container_conf"]." AS b,
con_template_conf AS c
WHERE c.idtplcfg = b.idtplcfg AND
c.idtplcfg = a.idtplcfg AND
e.idart = a.idart AND
e.idcat = d.idcat AND
b.container = '".$suchpfad."'";

$db->query($sql);
$db->next_record();
}

if ($db->f("public") == 1 || $perm->have_perm_area_action_item("str","front_allow", $db->f("idcat")) ||
$perm->have_perm())
{
ob_end_clean();
$mod_gmt = gmdate("D, d M Y H:i:s", getlastmod()) . " GMT";
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . $mod_gmt);
header("Cache-Control: private");
header("Cache-Control: max-age=" . $this->allowcache_expire * 60);
header("Cache-Control: pre-check=" . $this->allowcache_expire * 60);
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=\"".$dateiname."\"");
readfile($upload . $verzeichnis . $dateiname);
exit;
} else {
ob_end_clean();
header("Location: $link");
exit;
}
?>
Nach oben
Gesperrt

Zurück zu „Version 4.4“