<?php
require_once "../config/config.php";
require_once INCLUDE_DIR."/users_class.php";
$users = new users_class();
if($users->IsAdminhavePermission($_SESSION[SESSION_PREFIX.'Admin_UserID'],'Can download backup')==false)
{
Redirect('admin_nopermission.php',true);
}
//$file = $_GET['file'] ;
/*
$file = WEB_URL.'/admin/db_backups/'.$_GET['file'];
// Force the download
header('Cache-Control: private');
header('Pragma: private');
header("Content-Disposition: attachment; filename=\"" . basename($file) . "\"");
header("Content-type: application/force-download");
header("Content-Transfer-Encoding: Binary");
//header("Content-Length: " . filesize($file));
header("Content-Type: application/octet-stream;");
readfile($file);
//Redirect($file);
*/
$backupfolder = PHYSICAL_DIR.'/admin/db_backups/';
if(!is__writable($backupfolder))
{
$message->SetMessage('Please change <b>/admin/db_backups/</b> folders permission to read and write');
Redirect('admin_db_manage.php');
}
// Allow direct file download (hotlinking)?
// Empty - allow hotlinking
// If set to nonempty value (Example: example.com) will only allow downloads when referrer contains this text
define('ALLOWED_REFERRER', '');
// Download folder, i.e. folder where you keep all files for download.
// MUST end with slash (i.e. "/" )
define('BASE_DIR',PHYSICAL_DIR.'/admin/db_backups/');
// log downloads? true/false
define('LOG_DOWNLOADS',false);
// log file name
define('LOG_FILE','downloads.log');
// Allowed extensions list in format 'extension' => 'mime type'
// If myme type is set to empty string then script will try to detect mime type
// itself, which would only work if you have Mimetype or Fileinfo extensions
// installed on server.
$allowed_ext = array (
'sql' => 'application/x-sql'
);
####################################################################
### DO NOT CHANGE BELOW
####################################################################
// If hotlinking not allowed then make hackers think there are some server problems
if (ALLOWED_REFERRER !== ''
&& (!isset($_SERVER['HTTP_REFERER']) || strpos(strtoupper($_SERVER['HTTP_REFERER']),strtoupper(ALLOWED_REFERRER)) === false)
) {
die('<br><br><h1 style="text-align:center">Internal server error. Please contact system administrator.</h1><br><a href="'.WEB_URL.'/admin/admin_db_restore.php"><h2 style="text-align:center">Back to restore page !</h2></a>');
}
// Make sure program execution doesn't time out
// Set maximum script execution time in seconds (0 means no limit)
set_time_limit(0);
if (!isset($_GET['file']) || empty($_GET['file'])) {
die('<br><br><h1 style="text-align:center">Please specify file name for download.</h1><br><a href="'.WEB_URL.'/admin/admin_db_restore.php"><h2 style="text-align:center">Back to restore page !</h2></a>');
}
// Get real file name.
// Remove any path info to avoid hacking by adding relative path, etc.
$fname = basename($_GET['file']);
// Check if the file exists
// Check in subfolders too
function find_file ($dirname, $fname, &$file_path) {
$dir = opendir($dirname);
while ($file = readdir($dir)) {
if (empty($file_path) && $file != '.' && $file != '..') {
if (is_dir($dirname.'/'.$file)) {
find_file($dirname.'/'.$file, $fname, $file_path);
}
else {
if (file_exists($dirname.'/'.$fname)) {
$file_path = $dirname.'/'.$fname;
return;
}
}
}
}
} // find_file
// get full file path (including subfolders)
$file_path = '';
find_file(BASE_DIR, $fname, $file_path);
if (!is_file($file_path)) {
die('<br><br><h1 style="text-align:center">File does not exist. Make sure you specified correct file name.</h1><br><a href="'.WEB_URL.'/admin/admin_db_restore.php"><h2 style="text-align:center">Back to restore page !</h2></a>');
}
// file size in bytes
$fsize = filesize($file_path);
// file extension
$fext = strtolower(substr(strrchr($fname,"."),1));
// check if allowed extension
if (!array_key_exists($fext, $allowed_ext)) {
die('<br><br><h1 style="text-align:center">Not allowed file type.</h1><br><a href="'.WEB_URL.'/admin/admin_db_restore.php"><h2 style="text-align:center">Back to restore page !</h2></a>');
}
// get mime type
if ($allowed_ext[$fext] == '') {
$mtype = '';
// mime type is not set, get from server settings
if (function_exists('mime_content_type')) {
$mtype = mime_content_type($file_path);
}
else if (function_exists('finfo_file')) {
$finfo = finfo_open(FILEINFO_MIME); // return mime type
$mtype = finfo_file($finfo, $file_path);
finfo_close($finfo);
}
if ($mtype == '') {
$mtype = "application/force-download";
}
}
else {
// get mime type defined by admin
$mtype = $allowed_ext[$fext];
}
// Browser will try to save file with this filename, regardless original filename.
// You can override it if needed.
if (!isset($_GET['fc']) || empty($_GET['fc'])) {
$asfname = $fname;
}
else {
// remove some bad chars
$asfname = str_replace(array('"',"'",'\\','/'), '', $_GET['fc']);
if ($asfname === '') $asfname = 'NoName';
}
// set headers
/*
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Type: $mtype");
header("Content-Disposition: attachment; filename=\"$asfname\"");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . $fsize);
*/
header('Cache-Control: private');
header('Pragma: private');
header("Content-Disposition: attachment; filename=\"" . $asfname . "\"");
header("Content-type: application/force-download");
header("Content-Transfer-Encoding: Binary");
//header("Content-Length: " . filesize($file));
header("Content-Type: application/octet-stream;");
//readfile($file);
// download
// @readfile($file_path);
$file = @fopen($file_path,"rb");
if ($file) {
while(!feof($file)) {
print(fread($file, 1024*8));
flush();
if (connection_status()!=0) {
@fclose($file);
die();
}
}
@fclose($file);
}
/*
// log downloads
if (!LOG_DOWNLOADS) die();
$f = @fopen(LOG_FILE, 'a+');
if ($f) {
@fputs($f, date("m.d.Y g:ia")." ".$_SERVER['REMOTE_ADDR']." ".$fname."\n");
@fclose($f);
}
*/
?>