<?php
//Set no caching
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
?>
<?php
// session_start();
//include($_SERVER['DOCUMENT_ROOT'] . '/admin/admin_login.php');
if( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')
$server_request="https://";
else
$server_request="http://";
$web_url_to_be=$server_request.$_SERVER['HTTP_HOST'];
require_once "config/config.php";
require_once INCLUDE_DIR."/product_protection_class.php";
ob_clean();
ob_start();
$product=new product_protection_class();
$arrExcutableFileExtension=array("php","html","htm","shtml");
//if(isset($_SESSION[SESSION_PREFIX.'UserName']) or isset($_SESSION[SESSION_PREFIX.'Admin_UserName']))
$modUrl= $_GET['file'];
$modUrl=preg_replace("/\/{2,}/", "/", $modUrl);
//is free product
$queryProducts="select distinct product_id from ".TABLE_PREFIX."drips pp
join ".TABLE_PREFIX."products p on p.id = pp.product_id
where locate(pp.fileurl, '$modUrl')>0
and ifnull(p.`IsApproved`,1)=1
and ifnull(p.`IsDeleted`,0) != 1
and ifnull(p.`isProhibited`,0) != 1
and (pp.status=1 and pp.isfilefree=1) or (pp.status=0 and pp.isfilefree=1) ;";
$lsProducts=$product->View($queryProducts);
if(sizeof($lsProducts)>0 and $lsProducts!=false)
{
$full_file_path=$_SERVER['DOCUMENT_ROOT'].$modUrl;
$path_parts = pathinfo($full_file_path);
$filename=$path_parts['filename'].'.'.$path_parts['extension'];
switch(strtolower($path_parts['extension']))
{
case 'html':
setcookie('membersite_userid',0,time()+300,'/');
redirect($web_url_to_be.$modUrl);
setcookie('membersite_userid',0,time()+10,'/');
die;
break;
case 'htm':
setcookie('membersite_userid',0,time()+300,'/');
redirect($web_url_to_be.$modUrl);
setcookie('membersite_userid',0,time()+10,'/');
die;
break;
case 'php':
setcookie('membersite_userid',0,time()+300,'/');
redirect($web_url_to_be.$modUrl);
setcookie('membersite_userid',0,time()+10,'/');
die;
break;
case 'php5':
setcookie('membersite_userid',0,time()+300,'/');
redirect($web_url_to_be.$modUrl);
setcookie('membersite_userid',0,time()+10,'/');
die;
break;
case 'jpeg':
header('Content-Type: image/jpeg');
readfile($full_file_path);
break;
case 'bmp':
header('Content-Type: image/bmp');
readfile($full_file_path);
break;
case 'jpg':
header('Content-Type: image/jpeg');
readfile($full_file_path);
break;
case 'gif':
header('Content-Type: image/gif');
readfile($full_file_path);
break;
case 'png':
header('Content-Type: image/png');
readfile($full_file_path);
break;
case 'zip':
header("Pragma: public");
header ("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: maxage=1"); //In seconds
header ("Content-Type: application/zip");
header ("Content-Length: " . filesize($full_file_path));
header ("Content-Disposition: attachment; filename=$filename");
readfile($full_file_path);
break;
case 'mp3':
header("Pragma: public");
header ("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: maxage=1"); //In seconds
header ("Content-Type: audio/mpeg");
header ("Content-Length: " . filesize($full_file_path));
header ("Content-Disposition: attachment; filename=$filename");
readfile($full_file_path);
break;
case 'mov':
header("Pragma: public");
header ("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: maxage=1"); //In seconds
header ("Content-Type: video/quicktime");
header ("Content-Length: " . filesize($full_file_path));
header ("Content-Disposition: attachment; filename=$filename");
readfile($full_file_path);
break;
case 'swf':
header('Content-Type: application/x-shockwave-flash'); // Flash animation
readfile($full_file_path);
break;
default:
setcookie('membersite_userid',0,time()+300,'/');
redirect($web_url_to_be.$modUrl);
setcookie('membersite_userid',0,time()+10,'/');
die;
}
exit;
}
if((string)$users_config->UserID != '0')
{
//$userid=$_SESSION[SESSION_PREFIX.'UserID'];
$userid= $users_config->UserID;
$path = "http://".$_SERVER["HTTP_HOST"];
$path.=$modUrl;
$file= $_SERVER['DOCUMENT_ROOT'].$modUrl;
$ext=explode("/",$file);
$lsFileName= $ext[count($ext)-1];
$lsFileExtension=substr(strrchr($lsFileName,'.'),1);
$flag=false;
/* if(isset($_GET['req']))
{
$lenUrl=strlen($url);
$lastChar= substr($url,$lenUrl-1,1);
if($lastChar!="/")
$modUrl=$modUrl."/";
$fullPaths= $server_request.$_SERVER['HTTP_HOST'].$_GET['file'];
$fullPaths=str_replace("\\","/",$fullPaths);
if(substr($fullPaths,(strlen($fullPaths)-1),1)!="/")
$fullPaths.="/";
$userImgdir=USER_IMAGE_DIR;
$path=$_SERVER['DOCUMENT_ROOT'].$modUrl;
$dir_handle = @opendir($path) or die("Unable to open $path");
$str="<table width=90% ><tr><td><h1 style='font-size: 15px'>Directory Contains following folders/files</h1></td></tr>
<tr><td><div style='border:solid 1px #ccc;width:90%'>";
$flag_files=false;
while ($file = readdir($dir_handle)) {
if($file == "." || $file == ".." || $file == "index.php" || $file == ".htaccess" || $file == ".htpasswd" || $file == "page_not_found.php" )
continue;
$flag_files=true;
if(is_dir($path.$file))
{
$str.= " <div style='padding-top:5px;padding-bottom:2px;clear:both;text-align:left;'>
<img src=\"$userImgdir/closed.gif\" align=\"absmiddle\" height=\"18\" width=\"18\" style=\"margin-left:1px;\" />
<a href=\"$fullPaths$file/\" style=padding-left:5px; >$file</a></div><br>";
}
else
{
$str.= " <div style='padding-top:5px;padding-bottom:2px;clear:both;;text-align:left;'>
<img src=\"$userImgdir/document.png\" height=20px align=\"absmiddle\"/>
<a href=\"$fullPaths$file\" style=padding-left:5px; >$file</a></div><br>";
}
}
if($flag_files==false)
$str.= " <center><h3>No folders/files found</h3></center>";
$str.="</div></td></tr></table>";
// Close
closedir($dir_handle);
$smarty->assign('msg',$str);
$PAGE_CONTENT = $smarty->fetch('page_not_found.tpl');
$smarty->assign('USER_CONTENT', $PAGE_CONTENT);
$smarty->display('user_page_main.tpl');
exit;
}
else*/ if(isset($_GET['req_no_file']))
{
$mes="<center>";
$mes.="Requested resource not found or removed";
$mes.="</center>";
$smarty->assign('msg',$mes);
$PAGE_CONTENT = $smarty->fetch('page_not_found.tpl');
$smarty->assign('USER_CONTENT', $PAGE_CONTENT);
$smarty->display('user_page_main.tpl');
exit;
}
else
{
$queryProducts="select distinct product_id,pp.isfilefree,pp.trackingtype,pp.fromdays,pp.uptodays,pp.clicks,pp.fromfixeddate,pp.uptofixeddate from ".TABLE_PREFIX."drips pp
join ".TABLE_PREFIX."products p on p.id = pp.product_id
where locate(pp.fileurl, '$modUrl')>0
and ifnull(p.`IsApproved`,1)=1
and ifnull(p.`IsDeleted`,0) != 1
and ifnull(p.`isProhibited`,0) != 1
and pp.status=1;";
$lsProducts=$product->View($queryProducts);
if($lsProducts!=false and sizeof($lsProducts)>0)
{
$i=0;
foreach($lsProducts as $key=>$value)
{
$lProduct[$i]=$value['product_id'];
$i++;
}
$impoledValue=(implode(',',$lProduct));
$resultofValidRequest=$product->isValidProductRequest($impoledValue,$userid);
$validSubscription=$product->getUsersValidSubscription($impoledValue,$userid);
$url=$server_request.$_SERVER['HTTP_HOST'].$modUrl;
if($resultofValidRequest==true)
{
if(count($validSubscription)>0)
{
$isAccessible=false;
$validProLen=count($validSubscription);
for($i=0;$i<$validProLen;$i++)
{
$proRequest=$product->getDripInfo($validSubscription[$i]['productid'],$modUrl);
$tracking=$proRequest[0]['trackingtype'];
if($tracking==3)
{
$todayTimeStemp=strtotime(date("m/d/YH:i:s"));
$StartDate=$proRequest[0]['fromfixeddate'];
$enddate= $proRequest[0]['uptofixeddate'];
if($todayTimeStemp >= $StartDate and $todayTimeStemp<= $enddate)
{
$isAccessible=true;
break;
}
}
else if($tracking==1)
{
$fromdays=(int)$proRequest[0]['fromdays'];
$uptodays=(int)$proRequest[0]['uptodays'];
$productUserArr=$product->getProductUserPaidOnDate($validSubscription[$i]['productid'],$userid);
$paygearPaidOn=$productUserArr[0]['paygear_paidon'];
$startDate=$paygearPaidOn+($fromdays * 86400);
$enddate=$startDate+($uptodays * 86400);
$todayTimeStemp=strtotime(date("m/d/YH:i:s"));
//$paygearPiadOnReal=date("m/d/Y",$paygearPaidOn);
//$stdateinreal=date("m/d/Y",$startDate);
//$endDateReal=date("m/d/Y",$enddate);
if($todayTimeStemp>=$startDate and $uptodays =='*')
{
$isAccessible=true;
break;
}
else if($todayTimeStemp>=$startDate and $todayTimeStemp <=$enddate)
{
$isAccessible=true;
break;
}
}
else if($tracking==2)
{
$totalCLicks=(int)$proRequest[0]['clicks'];
$dripId=$proRequest[0]['id'];
$userClicks=$product->getuser_clicks_for_drips($validSubscription[$i]['id'],$dripId);
if($userClicks==false)
{
$userClicks=$product->update_Drip_Clicks($validSubscription[$i]['id'],1,$dripId);
$isAccessible=true;
break;
}
else
{
$clicks=(int)$userClicks[0]['clicks'];
if($clicks<$totalCLicks)
{
$clicks=$clicks+1;
$product->update_Drip_Clicks($validSubscription[$i]['id'],$clicks,$dripId);
$isAccessible=true;
break;
}
}
}
}
if($isAccessible==true)
{
$full_file_path=$_SERVER['DOCUMENT_ROOT'].$modUrl;
$path_parts = pathinfo($full_file_path);
$filename=$path_parts['filename'].'.'.$path_parts['extension'];
switch(strtolower($path_parts['extension']))
{
case 'html':
setcookie('membersite_userid',$users_config->UserID ,time()+300,'/');
redirect($web_url_to_be.$modUrl);
setcookie('membersite_userid',$users_config->UserID ,time()+10,'/');
die;
break;
case 'htm':
setcookie('membersite_userid',$users_config->UserID ,time()+300,'/');
redirect($web_url_to_be.$modUrl);
setcookie('membersite_userid',$users_config->UserID ,time()+10,'/');
die;
break;
case 'php':
setcookie('membersite_userid',$users_config->UserID ,time()+300,'/');
redirect($web_url_to_be.$modUrl);
setcookie('membersite_userid',$users_config->UserID ,time()+10,'/');
die;
break;
case 'php5':
setcookie('membersite_userid',$users_config->UserID ,time()+300,'/');
redirect($web_url_to_be.$modUrl);
setcookie('membersite_userid',$users_config->UserID ,time()+10,'/');
die;
break;
case 'jpeg':
header('Content-Type: image/jpeg');
readfile($full_file_path);
break;
case 'bmp':
header('Content-Type: image/bmp');
readfile($full_file_path);
break;
case 'jpg':
header('Content-Type: image/jpeg');
readfile($full_file_path);
break;
case 'gif':
header('Content-Type: image/gif');
readfile($full_file_path);
break;
case 'png':
header('Content-Type: image/png');
readfile($full_file_path);
break;
case 'zip':
header("Pragma: public");
header ("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: maxage=1"); //In seconds
header ("Content-Type: application/zip");
header ("Content-Length: " . filesize($full_file_path));
header ("Content-Disposition: attachment; filename=$filename");
readfile($full_file_path);
break;
case 'mp3':
header("Pragma: public");
header ("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: maxage=1"); //In seconds
header ("Content-Type: audio/mpeg");
header ("Content-Length: " . filesize($full_file_path));
header ("Content-Disposition: attachment; filename=".urldecode($filename)."");
readfile($full_file_path);
break;
case 'mov':
header("Pragma: public");
header ("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: maxage=1"); //In seconds
header ("Content-Type: video/quicktime");
header ("Content-Length: " . filesize($full_file_path));
header ("Content-Disposition: attachment; filename=$filename");
readfile($full_file_path);
break;
case 'swf':
header('Content-Type: application/x-shockwave-flash'); // Flash animation
readfile($full_file_path);
break;
default:
setcookie('membersite_userid',$users_config->UserID ,time()+300,'/');
redirect($web_url_to_be.$modUrl);
setcookie('membersite_userid',$users_config->UserID ,time()+10,'/');
die;
}
}
else
{
$mes="<center>";
$mes.="You are not authorized to view this file";
$mes.="</center>";
$smarty->assign('msg',$mes);
$PAGE_CONTENT = $smarty->fetch('page_not_found.tpl');
$smarty->assign('USER_CONTENT', $PAGE_CONTENT);
$smarty->display('user_page_main.tpl');
break;
}
}
else
{
$mes="<center>";
$mes.="You are not authorized to view this file";
$mes.="</center>";
$smarty->assign('msg',$mes);
$PAGE_CONTENT = $smarty->fetch('page_not_found.tpl');
$smarty->assign('USER_CONTENT', $PAGE_CONTENT);
$smarty->display('user_page_main.tpl');
break;
}
}
else
{
$mes="<center>";
$mes.="You are not authorized to view this file";
$mes.="</center>";
$smarty->assign('msg',$mes);
$PAGE_CONTENT = $smarty->fetch('page_not_found.tpl');
$smarty->assign('USER_CONTENT', $PAGE_CONTENT);
$smarty->display('user_page_main.tpl');
break;
}
}
else
{
$full_file_path=$_SERVER['DOCUMENT_ROOT'].$modUrl;
$path_parts = pathinfo($full_file_path);
$filename=$path_parts['filename'].'.'.$path_parts['extension'];
switch(strtolower($path_parts['extension']))
{
case 'html':
setcookie('membersite_userid',$users_config->UserID ,time()+300,'/');
redirect($web_url_to_be.$modUrl);
setcookie('membersite_userid',$users_config->UserID ,time()+10,'/');
die;
break;
case 'htm':
setcookie('membersite_userid',$users_config->UserID ,time()+300,'/');
redirect($web_url_to_be.$modUrl);
setcookie('membersite_userid',$users_config->UserID ,time()+10,'/');
die;
break;
case 'php':
setcookie('membersite_userid',$users_config->UserID ,time()+300,'/');
redirect($web_url_to_be.$modUrl);
setcookie('membersite_userid',$users_config->UserID ,time()+10,'/');
die;
break;
case 'php5':
setcookie('membersite_userid',$users_config->UserID ,time()+300,'/');
redirect($web_url_to_be.$modUrl);
setcookie('membersite_userid',$users_config->UserID ,time()+10,'/');
die;
break;
case 'jpeg':
header('Content-Type: image/jpeg');
readfile($full_file_path);
break;
case 'bmp':
header('Content-Type: image/bmp');
readfile($full_file_path);
break;
case 'jpg':
header('Content-Type: image/jpeg');
readfile($full_file_path);
break;
case 'gif':
header('Content-Type: image/gif');
readfile($full_file_path);
break;
case 'png':
header('Content-Type: image/png');
readfile($full_file_path);
break;
case 'zip':
header("Pragma: public");
header ("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: maxage=1"); //In seconds
header ("Content-Type: application/zip");
header ("Content-Length: " . filesize($full_file_path));
header ("Content-Disposition: attachment; filename=$filename");
readfile($full_file_path);
break;
case 'mp3':
header("Pragma: public");
header ("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: maxage=1"); //In seconds
header ("Content-Type: audio/mpeg");
header ("Content-Length: " . filesize($full_file_path));
header ("Content-Disposition: attachment; filename=".urldecode($filename)."");
readfile($full_file_path);
break;
case 'mov':
header("Pragma: public");
header ("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: maxage=1"); //In seconds
header ("Content-Type: video/quicktime");
header ("Content-Length: " . filesize($full_file_path));
header ("Content-Disposition: attachment; filename=$filename");
readfile($full_file_path);
break;
case 'swf':
header('Content-Type: application/x-shockwave-flash'); // Flash animation
readfile($full_file_path);
break;
default:
setcookie('membersite_userid',$users_config->UserID ,time()+300,'/');
redirect($web_url_to_be.$modUrl);
setcookie('membersite_userid',$users_config->UserID ,time()+10,'/');
die;
}
exit;
}
}
}
else
{
$modUrl= $modUrl;
$_SESSION[SESSION_PREFIX.'valid_user']='yes';
$url=urlencode($modUrl);
Redirect(WEB_URL."/user_invalid_access.php?url=$url");
exit;
}
function encrypt_protected_folder($string,$pkey='MEMBERSITEENCRYPTEDKEY') {
$key = $pkey;
if(!isset($key) or $key=="")
$key='MEMBERSITE';
$result = '';
for($i=0; $i<strlen($string); $i++) {
$char = substr($string, $i, 1);
$keychar = substr($key, ($i % strlen($key))-1, 1);
$char = chr(ord($char)+ord($keychar));
$result.=$char;
}
$skey=urlencode(base64_encode($result));
return $skey;
}
?>