Location: PHPKode > projects > MembersGear > membersgear/is_valid_request.php
<?php
//Set no caching

header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); 


?>
<?php
  // session_start(); 
  //include($_SERVER['DOCUMENT_ROOT'] . '/admin/admin_login.php');
  
  if( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')  
    $server_request="https://";
  else
   $server_request="http://";   
   
  $web_url_to_be=$server_request.$_SERVER['HTTP_HOST'];        

  require_once "config/config.php";
  require_once INCLUDE_DIR."/product_protection_class.php"; 
  ob_clean();
  ob_start();
  $product=new product_protection_class();  
  $arrExcutableFileExtension=array("php","html","htm","shtml");
  //if(isset($_SESSION[SESSION_PREFIX.'UserName']) or isset($_SESSION[SESSION_PREFIX.'Admin_UserName']))
  $modUrl= $_GET['file'];
  $modUrl=preg_replace("/\/{2,}/", "/", $modUrl);
  
  

  //is free product
  
  $queryProducts="select distinct product_id from ".TABLE_PREFIX."drips pp
                   join ".TABLE_PREFIX."products p on p.id = pp.product_id 
                    where locate(pp.fileurl, '$modUrl')>0
                    and ifnull(p.`IsApproved`,1)=1
                    and ifnull(p.`IsDeleted`,0) != 1
                    and ifnull(p.`isProhibited`,0) != 1
                    and (pp.status=1 and pp.isfilefree=1) or (pp.status=0 and pp.isfilefree=1)  ;";
    
   
  
   
 $lsProducts=$product->View($queryProducts);

 if(sizeof($lsProducts)>0 and $lsProducts!=false)
     {
         $full_file_path=$_SERVER['DOCUMENT_ROOT'].$modUrl;
           $path_parts = pathinfo($full_file_path);
           $filename=$path_parts['filename'].'.'.$path_parts['extension'];  
           switch(strtolower($path_parts['extension']))
              {
                 
                    case 'html':
                      setcookie('membersite_userid',0,time()+300,'/');
                      redirect($web_url_to_be.$modUrl);             
                      setcookie('membersite_userid',0,time()+10,'/');
                      die;
                      break;
                      
                      case 'htm':
                       setcookie('membersite_userid',0,time()+300,'/');
                       redirect($web_url_to_be.$modUrl);             
                       setcookie('membersite_userid',0,time()+10,'/');
                       die;
                      break;
                      
                      case 'php':
                        setcookie('membersite_userid',0,time()+300,'/');
                        redirect($web_url_to_be.$modUrl);             
                        setcookie('membersite_userid',0,time()+10,'/');
                        die;
                      break; 
                      
                      case 'php5':
                        setcookie('membersite_userid',0,time()+300,'/');
                        redirect($web_url_to_be.$modUrl);             
                        setcookie('membersite_userid',0,time()+10,'/');
                        die;
                      break;
                     
                     case 'jpeg':
                       header('Content-Type: image/jpeg');
                       readfile($full_file_path);  
                      break;
                      
                      case 'bmp':
                       header('Content-Type: image/bmp');
                       readfile($full_file_path);  
                      break; 
                     
                     case 'jpg':
                       header('Content-Type: image/jpeg');
                       readfile($full_file_path);  
                      break;
                      
                     case 'gif':
                       header('Content-Type: image/gif');
                       readfile($full_file_path);  
                      break;
                      
                      case 'png':
                       header('Content-Type: image/png');
                       readfile($full_file_path);  
                      break;
                      
                      case 'zip':
                          header("Pragma: public");     
                          header ("Cache-Control: must-revalidate, post-check=0, pre-check=0");
                          header("Cache-Control: maxage=1"); //In seconds   
                          header ("Content-Type: application/zip");
                          header ("Content-Length: " . filesize($full_file_path));
                          header ("Content-Disposition: attachment; filename=$filename");
                          readfile($full_file_path);
                        break;
                       
                       case 'mp3':     
                       
                          header("Pragma: public");     
                          header ("Cache-Control: must-revalidate, post-check=0, pre-check=0");
                          header("Cache-Control: maxage=1"); //In seconds  
                          header ("Content-Type: audio/mpeg");
                          header ("Content-Length: " . filesize($full_file_path));
                          header ("Content-Disposition: attachment; filename=$filename");  
                          readfile($full_file_path);
                       
                       break; 
                       
                       case 'mov':
                         
                          header("Pragma: public");     
                          header ("Cache-Control: must-revalidate, post-check=0, pre-check=0");
                          header("Cache-Control: maxage=1"); //In seconds   
                          header ("Content-Type: video/quicktime");
                          header ("Content-Length: " . filesize($full_file_path));
                          header ("Content-Disposition: attachment; filename=$filename");
                          readfile($full_file_path);
                       break; 
                       case 'swf':
                       header('Content-Type: application/x-shockwave-flash'); // Flash animation
                       readfile($full_file_path);  
                       break;
                       

                     default:
                        setcookie('membersite_userid',0,time()+300,'/');
                        redirect($web_url_to_be.$modUrl);             
                        setcookie('membersite_userid',0,time()+10,'/');
                        die;
          
              }
         
         exit;  
     }
 
  
  if((string)$users_config->UserID != '0')
  {
              
            
            //$userid=$_SESSION[SESSION_PREFIX.'UserID'];
            
             $userid= $users_config->UserID;
             
             $path = "http://".$_SERVER["HTTP_HOST"];
             $path.=$modUrl;                 
             $file=  $_SERVER['DOCUMENT_ROOT'].$modUrl;
             $ext=explode("/",$file);
             $lsFileName= $ext[count($ext)-1];
             $lsFileExtension=substr(strrchr($lsFileName,'.'),1);
             $flag=false;
           
          /*  if(isset($_GET['req']))
            {
           
                   $lenUrl=strlen($url);
                   $lastChar= substr($url,$lenUrl-1,1);
                   if($lastChar!="/")
                     $modUrl=$modUrl."/";
       
                  
                           
                   $fullPaths= $server_request.$_SERVER['HTTP_HOST'].$_GET['file'];
                   $fullPaths=str_replace("\\","/",$fullPaths);
                   
                   if(substr($fullPaths,(strlen($fullPaths)-1),1)!="/")
                      $fullPaths.="/";
                      
                   $userImgdir=USER_IMAGE_DIR;
                   $path=$_SERVER['DOCUMENT_ROOT'].$modUrl;
                   $dir_handle = @opendir($path) or die("Unable to open $path");
                   $str="<table width=90% ><tr><td><h1 style='font-size: 15px'>Directory Contains following folders/files</h1></td></tr>
                    <tr><td><div style='border:solid 1px #ccc;width:90%'>";  
                   $flag_files=false;
                    while ($file = readdir($dir_handle)) {

                         if($file == "." || $file == ".." || $file == "index.php" || $file == ".htaccess" || $file == ".htpasswd" || $file == "page_not_found.php" )
                        continue;
                        $flag_files=true;
                        if(is_dir($path.$file))
                        {
                                $str.= " <div style='padding-top:5px;padding-bottom:2px;clear:both;text-align:left;'>
                                <img src=\"$userImgdir/closed.gif\"  align=\"absmiddle\"  height=\"18\" width=\"18\" style=\"margin-left:1px;\" />      
                                <a href=\"$fullPaths$file/\" style=padding-left:5px; >$file</a></div><br>";
                        }
                       else
                        {
                               $str.= " <div style='padding-top:5px;padding-bottom:2px;clear:both;;text-align:left;'>
                                <img src=\"$userImgdir/document.png\" height=20px align=\"absmiddle\"/>
                                <a href=\"$fullPaths$file\" style=padding-left:5px; >$file</a></div><br>";
                        }      
                    }

                    if($flag_files==false)
                       $str.= " <center><h3>No folders/files found</h3></center>";
                       
                    $str.="</div></td></tr></table>"; 
                    // Close
                    closedir($dir_handle); 
                   $smarty->assign('msg',$str);  
                   $PAGE_CONTENT          = $smarty->fetch('page_not_found.tpl');  

                    $smarty->assign('USER_CONTENT',     $PAGE_CONTENT);
               
                     
                    $smarty->display('user_page_main.tpl'); 
                    exit;
                   
          
                   
             }
            else*/ if(isset($_GET['req_no_file']))
               {
                   
                    $mes="<center>";  
                    $mes.="Requested resource not found or removed";
                    $mes.="</center>";
                    $smarty->assign('msg',$mes); 
                     $PAGE_CONTENT          = $smarty->fetch('page_not_found.tpl');  

                    $smarty->assign('USER_CONTENT',     $PAGE_CONTENT);
                    $smarty->display('user_page_main.tpl');
                    exit; 
         
               } 
            else
             {  

                
                 $queryProducts="select distinct product_id,pp.isfilefree,pp.trackingtype,pp.fromdays,pp.uptodays,pp.clicks,pp.fromfixeddate,pp.uptofixeddate from ".TABLE_PREFIX."drips pp
                                join ".TABLE_PREFIX."products p on p.id = pp.product_id 
                                where locate(pp.fileurl, '$modUrl')>0
                                and ifnull(p.`IsApproved`,1)=1
                                and ifnull(p.`IsDeleted`,0) != 1
                                and ifnull(p.`isProhibited`,0) != 1
                                and pp.status=1;";
            
            
                    $lsProducts=$product->View($queryProducts);
                    
                    if($lsProducts!=false and sizeof($lsProducts)>0)
                       {
                                
                             $i=0;                                                                                
                             foreach($lsProducts as $key=>$value)
                             {
                                 $lProduct[$i]=$value['product_id'];
                                 $i++;
                             }
                             $impoledValue=(implode(',',$lProduct));   
                                 
                               
            
                                $resultofValidRequest=$product->isValidProductRequest($impoledValue,$userid); 
                                
                                $validSubscription=$product->getUsersValidSubscription($impoledValue,$userid);
                                
                                $url=$server_request.$_SERVER['HTTP_HOST'].$modUrl;   
                                if($resultofValidRequest==true)
                                  {  
                                      
                              
                                         
                                               
                                               if(count($validSubscription)>0)
                                               {
                                                   
                                                         $isAccessible=false;  
                                                         $validProLen=count($validSubscription);
                                                         for($i=0;$i<$validProLen;$i++)
                                                          {
                                                              
                                                              
                                                                  $proRequest=$product->getDripInfo($validSubscription[$i]['productid'],$modUrl);  
                                                              
                                                                  $tracking=$proRequest[0]['trackingtype'];
                                                                  
                                                                   if($tracking==3)
                                                                    {
                                                                       $todayTimeStemp=strtotime(date("m/d/YH:i:s"));
                                                                       $StartDate=$proRequest[0]['fromfixeddate']; 
                                                                       $enddate= $proRequest[0]['uptofixeddate'];  
                                                                     
                                                                       if($todayTimeStemp >=  $StartDate  and  $todayTimeStemp<= $enddate)
                                                                        {
                                                                          $isAccessible=true;
                                                                          break;
                                                                        } 
                                                                        
                                                                     }
                                                                   else if($tracking==1)
                                                                    {
                                                                    
                                                                        $fromdays=(int)$proRequest[0]['fromdays'];
                                                                        $uptodays=(int)$proRequest[0]['uptodays'];
                                                                        $productUserArr=$product->getProductUserPaidOnDate($validSubscription[$i]['productid'],$userid);
                                                                        $paygearPaidOn=$productUserArr[0]['paygear_paidon'];
                                                                        
                                                                        $startDate=$paygearPaidOn+($fromdays *  86400); 
                                                                        $enddate=$startDate+($uptodays *  86400);
                                                                        $todayTimeStemp=strtotime(date("m/d/YH:i:s"));    
                                                                          
                                                                        //$paygearPiadOnReal=date("m/d/Y",$paygearPaidOn);
                                                                        //$stdateinreal=date("m/d/Y",$startDate);
                                                                        //$endDateReal=date("m/d/Y",$enddate);
                                                                        
                                                                        if($todayTimeStemp>=$startDate and $uptodays =='*')
                                                                        {
                                                                         $isAccessible=true;
                                                                          break;
                                                                        }
                                                                         else if($todayTimeStemp>=$startDate and $todayTimeStemp <=$enddate)
                                                                          {
                                                                            $isAccessible=true;
                                                                            break;     
                                                                          }
                                                                        
                                                                    }
                                                                   else if($tracking==2) 
                                                                    {
                                                                        
                                                                           $totalCLicks=(int)$proRequest[0]['clicks'];
                                                                           $dripId=$proRequest[0]['id'];
                                                                           $userClicks=$product->getuser_clicks_for_drips($validSubscription[$i]['id'],$dripId);
                                                                           if($userClicks==false)
                                                                            {
                                                                              $userClicks=$product->update_Drip_Clicks($validSubscription[$i]['id'],1,$dripId);  
                                                                              $isAccessible=true;
                                                                              break;
                                                                            }
                                                                          else
                                                                           {
                                                                              $clicks=(int)$userClicks[0]['clicks'];
                                                                              if($clicks<$totalCLicks)
                                                                               {
                                                                                 $clicks=$clicks+1;  
                                                                                 $product->update_Drip_Clicks($validSubscription[$i]['id'],$clicks,$dripId);
                                                                                 $isAccessible=true;  
                                                                                 break;  
                                                                                   
                                                                               }
                                                                           
                                                                           }  
                                                                       
                                                                    
                                                                    }  
                                                          
                                                              
                                                           }
                                                           
                                                           if($isAccessible==true)
                                                           {
                                                                $full_file_path=$_SERVER['DOCUMENT_ROOT'].$modUrl;
                                                                $path_parts = pathinfo($full_file_path);
                                                                $filename=$path_parts['filename'].'.'.$path_parts['extension'];  
                                                                switch(strtolower($path_parts['extension']))
                                                                {
                                                                     
                                                                    case 'html':
                                                                          setcookie('membersite_userid',$users_config->UserID ,time()+300,'/');
                                                                          redirect($web_url_to_be.$modUrl);             
                                                                          setcookie('membersite_userid',$users_config->UserID ,time()+10,'/');
                                                                          die;
                                                                      break;
                                                                      
                                                                      case 'htm':
                                                                        setcookie('membersite_userid',$users_config->UserID ,time()+300,'/');
                                                                        redirect($web_url_to_be.$modUrl);             
                                                                        setcookie('membersite_userid',$users_config->UserID ,time()+10,'/');
                                                                        die;
                                                                      break;
                                                                      
                                                                      case 'php':
                                                                        setcookie('membersite_userid',$users_config->UserID ,time()+300,'/');
                                                                        redirect($web_url_to_be.$modUrl);             
                                                                        setcookie('membersite_userid',$users_config->UserID ,time()+10,'/');
                                                                        die;
                                                                      break; 
                                                                      
                                                                      case 'php5':
                                                                         setcookie('membersite_userid',$users_config->UserID ,time()+300,'/');
                                                                          redirect($web_url_to_be.$modUrl);             
                                                                          setcookie('membersite_userid',$users_config->UserID ,time()+10,'/');
                                                                          die;
                                                                      break;
                                                                     
                                                                     case 'jpeg':
                                                                       header('Content-Type: image/jpeg');
                                                                       readfile($full_file_path);  
                                                                      break;
                                                                      
                                                                      case 'bmp':
                                                                       header('Content-Type: image/bmp');
                                                                       readfile($full_file_path);  
                                                                      break; 
                                                                     
                                                                     case 'jpg':
                                                                       header('Content-Type: image/jpeg');
                                                                       readfile($full_file_path);  
                                                                      break;
                                                                      
                                                                     case 'gif':
                                                                       header('Content-Type: image/gif');
                                                                       readfile($full_file_path);  
                                                                      break;
                                                                      
                                                                      case 'png':
                                                                       header('Content-Type: image/png');
                                                                       readfile($full_file_path);  
                                                                      break;
                                                                      
                                                                      case 'zip':
                                                                          header("Pragma: public");     
                                                                          header ("Cache-Control: must-revalidate, post-check=0, pre-check=0");
                                                                          header("Cache-Control: maxage=1"); //In seconds   
                                                                          header ("Content-Type: application/zip");
                                                                          header ("Content-Length: " . filesize($full_file_path));
                                                                          header ("Content-Disposition: attachment; filename=$filename");
                                                                          readfile($full_file_path);
                                                                        break;
                                                                       
                                                                       case 'mp3':
                                                                       
                                                                          header("Pragma: public");     
                                                                          header ("Cache-Control: must-revalidate, post-check=0, pre-check=0");
                                                                          header("Cache-Control: maxage=1"); //In seconds   
                                                                          header ("Content-Type: audio/mpeg");
                                                                          header ("Content-Length: " . filesize($full_file_path));
                                                                          header ("Content-Disposition: attachment; filename=".urldecode($filename)."");
                                                                          readfile($full_file_path);
                                                                       
                                                                       break; 
                                                                       
                                                                       case 'mov':
                                                                          header("Pragma: public");     
                                                                          header ("Cache-Control: must-revalidate, post-check=0, pre-check=0");
                                                                          header("Cache-Control: maxage=1"); //In seconds   
                                                                          header ("Content-Type: video/quicktime");
                                                                          header ("Content-Length: " . filesize($full_file_path));
                                                                          header ("Content-Disposition: attachment; filename=$filename");
                                                                          readfile($full_file_path);
                                                                       break; 
                                                                       case 'swf':
                                                                       header('Content-Type: application/x-shockwave-flash'); // Flash animation
                                                                       readfile($full_file_path);  
                                                                       break;
                                                                       

                                                                     default:
                                                                          setcookie('membersite_userid',$users_config->UserID ,time()+300,'/');
                                                                          redirect($web_url_to_be.$modUrl);             
                                                                          setcookie('membersite_userid',$users_config->UserID ,time()+10,'/');
                                                                          die;
                                                              
                                                              }
                                                           }
                                                          else
                                                           {
                                                                    $mes="<center>";  
                                                                    $mes.="You are not authorized to view this file";
                                                                    $mes.="</center>";
                                                                    $smarty->assign('msg',$mes); 
                                                                     $PAGE_CONTENT = $smarty->fetch('page_not_found.tpl');  
                                                
                                                                    $smarty->assign('USER_CONTENT',     $PAGE_CONTENT);
                                                                    $smarty->display('user_page_main.tpl'); 
                                                                    break;
                                                           
                                                           
                                                           }   
                                                    
                                                }
                                               else
                                                {
                                                       $mes="<center>";  
                                                        $mes.="You are not authorized to view this file";
                                                        $mes.="</center>";
                                                        $smarty->assign('msg',$mes); 
                                                         $PAGE_CONTENT = $smarty->fetch('page_not_found.tpl');  
                                    
                                                        $smarty->assign('USER_CONTENT',     $PAGE_CONTENT);
                                                        $smarty->display('user_page_main.tpl'); 
                                                        break;
                                                
                                                } 
                                               
                                   
                                     
                                          
                                           
                                  }
                                  else
                                  {
                                        $mes="<center>";  
                                        $mes.="You are not authorized to view this file";
                                        $mes.="</center>";
                                        $smarty->assign('msg',$mes); 
                                         $PAGE_CONTENT = $smarty->fetch('page_not_found.tpl');  

                                        $smarty->assign('USER_CONTENT',     $PAGE_CONTENT);
                                        $smarty->display('user_page_main.tpl'); 
                                        break;
                                  }
                       }
                      else
                       {
                       
                           $full_file_path=$_SERVER['DOCUMENT_ROOT'].$modUrl;
                           $path_parts = pathinfo($full_file_path);
                           $filename=$path_parts['filename'].'.'.$path_parts['extension'];  
                           switch(strtolower($path_parts['extension']))
                            {
                                 
                                case 'html':
                                    setcookie('membersite_userid',$users_config->UserID ,time()+300,'/');
                                    redirect($web_url_to_be.$modUrl);             
                                    setcookie('membersite_userid',$users_config->UserID ,time()+10,'/');
                                    die;
                                  break;
                                  
                                  case 'htm':
                                    setcookie('membersite_userid',$users_config->UserID ,time()+300,'/');
                                    redirect($web_url_to_be.$modUrl);             
                                    setcookie('membersite_userid',$users_config->UserID ,time()+10,'/');
                                    die;
                                  break;
                                  
                                  case 'php':
                                    setcookie('membersite_userid',$users_config->UserID ,time()+300,'/');
                                    redirect($web_url_to_be.$modUrl);             
                                    setcookie('membersite_userid',$users_config->UserID ,time()+10,'/');
                                    die;
                                  break; 
                                  
                                  case 'php5':
                                    setcookie('membersite_userid',$users_config->UserID ,time()+300,'/');
                                    redirect($web_url_to_be.$modUrl);             
                                    setcookie('membersite_userid',$users_config->UserID ,time()+10,'/');
                                    die;
                                  break;
                                 
                                 case 'jpeg':
                                   header('Content-Type: image/jpeg');
                                   readfile($full_file_path);  
                                  break;
                                  
                                  case 'bmp':
                                   header('Content-Type: image/bmp');
                                   readfile($full_file_path);  
                                  break; 
                                 
                                 case 'jpg':
                                   header('Content-Type: image/jpeg');
                                   readfile($full_file_path);  
                                  break;
                                  
                                 case 'gif':
                                   header('Content-Type: image/gif');
                                   readfile($full_file_path);  
                                  break;
                                  
                                  case 'png':
                                   header('Content-Type: image/png');
                                   readfile($full_file_path);  
                                  break;
                                  
                                  case 'zip':
                                      header("Pragma: public");     
                                      header ("Cache-Control: must-revalidate, post-check=0, pre-check=0");
                                      header("Cache-Control: maxage=1"); //In seconds   

                                      header ("Content-Type: application/zip");
                                      header ("Content-Length: " . filesize($full_file_path));
                                      header ("Content-Disposition: attachment; filename=$filename");
                                      readfile($full_file_path);
                                    break;
                                   
                                   case 'mp3':
                                      header("Pragma: public");     
                                      header ("Cache-Control: must-revalidate, post-check=0, pre-check=0");
                                      header("Cache-Control: maxage=1"); //In seconds   

                                      header ("Content-Type: audio/mpeg");
                                      header ("Content-Length: " . filesize($full_file_path));
                                      header ("Content-Disposition: attachment; filename=".urldecode($filename)."");
                                      readfile($full_file_path);
                                   
                                   break; 
                                   
                                   case 'mov':
                                      header("Pragma: public");     
                                      header ("Cache-Control: must-revalidate, post-check=0, pre-check=0");
                                      header("Cache-Control: maxage=1"); //In seconds   

                                      header ("Content-Type: video/quicktime");
                                      header ("Content-Length: " . filesize($full_file_path));
                                      header ("Content-Disposition: attachment; filename=$filename");
                                      readfile($full_file_path);
                                   break; 
                                   case 'swf':
                                   header('Content-Type: application/x-shockwave-flash'); // Flash animation
                                   readfile($full_file_path);  
                                   break;
                                   

                                 default:
                                    setcookie('membersite_userid',$users_config->UserID ,time()+300,'/');
                                    redirect($web_url_to_be.$modUrl);             
                                    setcookie('membersite_userid',$users_config->UserID ,time()+10,'/');
                                    die;
                          
                          }
         
                            exit;  
                       
                       }      
                      
           }                                 
    }
  else
   {
      $modUrl= $modUrl;
      $_SESSION[SESSION_PREFIX.'valid_user']='yes';
       $url=urlencode($modUrl);  
       Redirect(WEB_URL."/user_invalid_access.php?url=$url");
       exit;
      
   }
   
   
 function encrypt_protected_folder($string,$pkey='MEMBERSITEENCRYPTEDKEY') {
        $key = $pkey;
        if(!isset($key) or $key=="")
            $key='MEMBERSITE'; 
        $result = '';
        for($i=0; $i<strlen($string); $i++) {
             $char = substr($string, $i, 1);
             $keychar = substr($key, ($i % strlen($key))-1, 1);
             $char = chr(ord($char)+ord($keychar));
             $result.=$char;
         }
         
       $skey=urlencode(base64_encode($result));
       
       return $skey;
  }  
           
?>
Return current item: MembersGear