Protected Downloads. Link to any file in your download directory using the following URL query format: ?dl=filename.ext Examples: /blog/index.php?dl=test-program.zip http://www.example.com/?dl=RedSox_2004_stats.sxc */ // user-configurable variable > // Set $tracking_type to have Protected Downloads use a single table to // track downloads, multiple tables (one per blog), or do not track. // Valid value: 'single', 'multiple', 'none' $tracking_type = 'multiple'; // < user-configurable variable global $tracking_type; load_plugin_textdomain('download-mgr'); // plugin localization if(is_plugin_page()) { download_Mgr_page(); } else { function download_Mgr_page() { global $tracking_type, $user_level, $table_prefix, $wpdb; if(8 > $user_level) { _e('You do not have sufficient permissions to access this page.', 'download-mgr'); return; } $levels = array(10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0, 'public'); $option = get_option('download_mgr'); $test_download_option = $option; $button_text = __('Update Settings', 'download-mgr'); if(isset($_POST['Submit'])) { $option = array(); $option['path'] = $_POST['path']; $option['url'] = $_POST['url']; $option['allowed_level'] = $_POST['allowed_level']; $option['show_msgs'] = $_POST['show_msgs']; $option['wrong_level_msg'] = $_POST['wrong_level_msg']; $option['no_login_msg'] = $_POST['no_login_msg']; if(!$test_download_option) { add_option('download_mgr', $option, 'Settings for Protected Downloads plugin. To configure, look under Manage > Protected Downloads'); $test_download_option = 1; } else { update_option('download_mgr', $option); } ?>

«]'; ?>

\n"; } } add_action('admin_head', 'download_Mgr_head'); function download_Mgr_table($do='', $download_param='') { global $tracking_type, $table_prefix, $wpdb; $option = get_option('download_mgr'); if('none' != $tracking_type) { if('multiple' == $tracking_type) $wpdb->downloads = $table_prefix . 'downloads'; else $wpdb->downloads = 'downloads'; switch($do) : case 'create' : $downloads_table = "CREATE TABLE IF NOT EXISTS $wpdb->downloads( id INT UNSIGNED NOT NULL auto_increment, file_name VARCHAR(255) NOT NULL default '', login VARCHAR(60) default '', referer TEXT default '', remote_addr VARCHAR(40) default '', date DATETIME NOT NULL default '0000-00-00 00:00:00', PRIMARY KEY (id), KEY file_name (file_name) )"; $wpdb->query($downloads_table); break; case 'insert' : $result = $wpdb->query( "INSERT INTO $wpdb->downloads (id, file_name, login, referer, remote_addr, date) VALUES(NULL, '" . $download_param[0] . "', '" . $download_param[1] . "', '" . $download_param[2] . "', '" . $download_param[3] . "', '" . $download_param[4] . "')" ); return $result; break; case 'list' : $file_names = @$wpdb->get_col("SELECT DISTINCT file_name FROM $wpdb->downloads ORDER BY file_name ASC"); if($file_names) { if('public' != $option['allowed_level']) { $login = "login"; } $download_list = "\nfilename$loginrefereriptimestampcount\n"; foreach($file_names as $file_name) { $class = ('alternate' == $class) ? '' : 'alternate'; $download = @$wpdb->get_row("SELECT * FROM $wpdb->downloads WHERE file_name = '$file_name' ORDER BY date DESC"); $download_count = count($wpdb->get_col("SELECT id FROM $wpdb->downloads WHERE file_name = '$file_name'")); if('public' != $option['allowed_level']) { $td_login = "

$download->login

"; } $download_list .= "\n

file_name\" class=\"list_file\" title=\"$download->file_name ($download_count)\" alt\"$download->file_name ($download_count)\">$download->file_name

$td_login

$download->referer

$download->remote_addr

$download->date

$download_count

\n"; } } else { $download_list = "\n" . __('No downloads have been tracked.', 'download-mgr') . "\n"; } echo $download_list; break; case 'list_file' : $downloads = @$wpdb->get_results("SELECT login, referer, remote_addr, date FROM $wpdb->downloads WHERE file_name = '$download_param' ORDER BY date DESC"); if($downloads) { if('public' != $option['allowed_level']) { $login = "login"; } $download_list = "\n$loginrefereriptimestamp\n"; foreach($downloads as $download) { $class = ('alternate' == $class) ? '' : 'alternate'; if('public' != $option['allowed_level']) { $td_login = "

$download->login

"; } $download_list .= "\n$td_login

$download->referer

$download->remote_addr

$download->date

\n"; } } else { $download_list = "\n" . __('No downloads have been tracked.', 'download-mgr') . "\n"; } echo $download_list; break; endswitch; } } if(isset($_GET['dl'])) { // if 'dl' GET query, start downloadin'! $file_name = $_GET['dl']; $option = get_option('download_mgr'); if (isset($_COOKIE['wordpressuser_' . COOKIEHASH])) { $user_login = $_COOKIE['wordpressuser_' . COOKIEHASH]; $user_level = $wpdb->get_var("SELECT user_level FROM $wpdb->users WHERE user_login = '$user_login'"); } if(('public' == $option['allowed_level']) || ($user_login && ($user_level >= $option['allowed_level']))) { // if proper access level $file_name = str_replace('../', '', $file_name); // protect from site traversing if($file_name) { // if filename // directory crawl process $path = rtrim(stripslashes($option['path']), '/'); $dir_stack = array($path); $files = array(); while($dir = array_shift($dir_stack)) { if($dh = opendir($dir)) { while(($file = readdir($dh)) !== false) { if($file != '.' && $file != '..') { $full_path = "$dir/$file"; $files[] = $full_path; if(is_dir($full_path)) { $dir_stack[] = $full_path; } } } } closedir($dh); } foreach($files as $file) { if(preg_match("%$file_name$%", $file)) { $correct_path = str_replace($path, '', $file); $url = rtrim(stripslashes($option['$url']), '/'); $file_url = $url . $correct_path; @ignore_user_abort(); @set_time_limit(0); $mimetype = 'application/octet-stream'; // set mime-type $handle = fopen($file, "rb"); // now let's get the file! header("Pragma: "); // Leave blank for issues with IE header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Type: $mimetype"); header("Content-Disposition: attachment; filename=" . basename($file_name)); header("Content-Length: " . (filesize($file))); fpassthru($handle); $referer = $_SERVER['HTTP_REFERER']; $ip = $_SERVER['REMOTE_ADDR']; $now = date('Y-m-d H:i:s'); $download_array = array($file_name, $user_login, $referer, $ip, $now); download_Mgr_table('insert', $download_array); // add record to table die; } } if(!$correct_path) { // file does not exist; provide 404 error if(preg_match('/cgi/', php_sapi_name())) { header('Status: 404 Not Found'); } else { header('HTTP/1.x 404 Not Found'); } } } else { return; // no file specified, so end gracefully } } else { if(1 == $option['show_msgs']) { if($user_login && ($user_level < $option['allowed_level'])) { // is user but wrong level exit(stripslashes($option['wrong_level_msg'])); } else { // is not a user exit(stripslashes($option['no_login_msg'])); } } else { return; } } } } ?>




	onclick="toggle('msgs')" />