Location: PHPKode > scripts > wpStoreCart > wpstorecart/php/download.php
<?php

global $wpsc_error_reporting;
if($wpsc_error_reporting==false) {
    error_reporting(0);
}

/** if (substr_count($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')) {
    try {
        @apache_setenv('no-gzip', '1');
    } catch (Exception $e) {

    }
}
try {
    @ini_set('zlib.output_compression', 'Off');
} catch (Exception $e) {

}
*/

if (get_magic_quotes_gpc()) {
    $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
    while (list($key, $val) = each($process)) {
        foreach ($val as $k => $v) {
            unset($process[$key][$k]);
            if (is_array($v)) {
                $process[$key][stripslashes($k)] = $v;
                $process[] = &$process[$key][stripslashes($k)];
            } else {
                $process[$key][stripslashes($k)] = stripslashes($v);
            }
        }
    }
    unset($process);
}

if (!function_exists('add_action'))
{
    require_once("../../../../wp-config.php");
}

global $current_user,$wpdb;

wp_get_current_user();
if ( 0 == $current_user->ID ) {
    // Not logged in.
} else {

    //Give actual path here
    if(isset($_GET['file']) && is_numeric($_GET['file'])){
        $file = $_GET['file'];
    }

    $file_real = NULL;

    // Logged in.
    $table_name3 = $wpdb->prefix . "wpstorecart_orders";
    $sql = "SELECT * FROM `{$table_name3}` WHERE `wpuser`='{$current_user->ID}'  ORDER BY `date` DESC;";
    $results = $wpdb->get_results( $sql , ARRAY_A );
    if(isset($results)) {
        foreach ($results as $result) {
            if ($result['orderstatus']=='Completed') {
                
                $specific_items = explode(",", $result['cartcontents']);
                foreach($specific_items as $specific_item) {
                    if($specific_item != '0*0') { // This is filler, all cart entries contain a 0*0 entry
                        $current_item = explode('*', $specific_item);

                        if(isset($current_item[0]) && $current_item[0]==$file) { // If the customer has purchased the product that is being requested for download
                            $table_name4 = $wpdb->prefix . "wpstorecart_products";
                            $current_item[0] = substr($current_item[0], 0, strpos("$current_item[0]-", "-")); // Remove the variation from the initial product lookup
                            $sql2 = "SELECT * FROM `{$table_name4}` WHERE `primkey`='{$current_item[0]}';";
                            $results2 = $wpdb->get_results( $sql2 , ARRAY_A );
                            if(isset($results2)) {
                                $xpart = 1;
                                foreach ($results2 as $result2) {
                                    if($result2['download']!='') {
                                        $multidownloads = explode('||', $result2['download']);
                                        if(@isset($_GET['isvariation']) && @isset($_GET['variationdl']) && @$_GET['isvariation']=="true") {
                                            // Variation download
                                            $secretPath = WP_CONTENT_DIR . '/uploads/wpstorecart/';
                                            $file_real = $secretPath.$_GET['variationdl'];
                                            $productDownloadName =  $result2['name']. '_' .$current_user->user_login.'_part'.$xpart.'_'. substr($_GET['variationdl'], -12);
                                        } else {
                                            // Standard download
                                            if(@isset($_GET['part']) && @isset($multidownloads[$_GET['part']])) {
                                                // Multi part file download
                                                $secretPath = WP_CONTENT_DIR . '/uploads/wpstorecart/';
                                                $file_real = $secretPath.stripslashes($multidownloads[$_GET['part']]);
                                                $productDownloadName =  $result2['name']. '_' .$current_user->user_login.'_part'.$_GET['part'].'_'. stripslashes(substr($multidownloads[$_GET['part']], -12));
                                            } else {
                                                // Single files to download
                                                $secretPath = WP_CONTENT_DIR . '/uploads/wpstorecart/';
                                                $file_real = $secretPath.stripslashes($result2['download']);
                                                $productDownloadName =  $result2['name']. '_' .$current_user->user_login.'_part'.$xpart.'_'. stripslashes(substr($result2['download']), -12);
                                            }
                                        }
                                    }
                                    $xpart++;
                                }
                                
                            }
                        }
                    }
                }
            }
        }
    } else {
        echo("Unauthorized access - No order found.");
        die();
    }

    if (file_exists($file_real)){
                // Get extension of requested file
                $extension = strtolower(substr(strrchr($file_real, "."), 1));
                // Determine correct MIME type

                switch($extension){
                    case "avi": $type = "video/x-msvideo"; break;
                    case "exe": $type = "application/octet-stream"; break;
                    case "mov": $type = "video/quicktime"; break;
                    case "mp3": $type = "audio/mpeg"; break;
                    case "mpg": $type = "video/mpeg"; break;
                    case "mpeg": $type = "video/mpeg"; break;
                    case "rar": $type = "encoding/x-compress"; break;
                    case "txt": $type = "text/plain"; break;
                    case "wav": $type = "audio/wav"; break;
                    case "wma": $type = "audio/x-ms-wma"; break;
                    case "wmv": $type = "video/x-ms-wmv"; break;
                    case "zip": $type = "application/x-zip-compressed"; break;
                    case "7z": $type = "application/x-zip-compressed"; break;
                    case "asf": $type = "video/x-ms-asf"; break;
                    default: $type = "application/force-download"; break;
                }
    // Fix IE bug [0]
    $header_file = (strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE')) ? preg_replace('/\./', '%2e', $productDownloadName, substr_count($productDownloadName, '.') - 1) : $productDownloadName;
    // Prepare headers
    header("Pragma: public");
    header("Expires: 0");
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
    header("Cache-Control: public", false);
    header("Content-Description: File Transfer");
    header("Content-Type: " . $type);
    header("Accept-Ranges: bytes");
    header("Content-Disposition: attachment; filename=\"" . $header_file . "\";");
    header("Content-Transfer-Encoding: binary");
    header("X-Compression: None");
    //header("Content-Length: " . filesize($file_real));
    // Send file for download
    if ($stream = fopen($file_real, 'rb')){
    while(!feof($stream) && connection_status() == 0){
    //reset time limit for big files
    set_time_limit(0);
    print(fread($stream,1024*8));
    flush();
    }
    fclose($stream);
    }
    }else{
        // Requested file does not exist (File not found)
        echo("Unathorized Access.  File does not exist.");
    die();
    }
}
?>
Return current item: wpStoreCart