lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-14 12:30:49 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
cf4479ebea111c216110ed4cb747a1e18a31063f
nexusphp/public/download.php
xiaomlove cf4479ebea reset authkey + rss download link use downhash
2021-06-04 02:18:34 +08:00

173 lines
8.1 KiB
PHP
Raw Blame History

<?php
require_once("../include/bittorrent.php");
dbconn();
$torrentRep = new \App\Repositories\TorrentRepository();
if (!empty($_REQUEST['downhash'])){
$params = explode('|', $_REQUEST['downhash']);
if (empty($params[0]) || empty($params[1])) {
die("invalid downhash, format error");
}
$uid = $params[0];
$hash = $params[1];
$res = sql_query("SELECT * FROM users WHERE id=". sqlesc($uid)." LIMIT 1");
$user = mysql_fetch_array($res);
if (!$user)
die("invalid uid");
elseif ($user['enabled'] == 'no' || $user['parked'] == 'yes')
die("account disabed or parked");
$oldip = $user['ip'];
$user['ip'] = getip();
$CURUSER = $user;
$decrypted = $torrentRep->decryptDownHash($hash, $user);
if (empty($decrypted)) {
do_log("downhash invalid: " . nexus_json_encode($_REQUEST));
die("invalid downhash, decrpyt fail");
}
$id = $decrypted[0];
}
else
{
$id = (int)$_GET["id"];
if (!$id)
httperr();
loggedinorreturn();
parked();
$letdown = intval($_GET['letdown'] ?? 0);
if (!$letdown && $CURUSER['showdlnotice'] == 1)
{
header("Location: " . get_protocol_prefix() . "$BASEURL/downloadnotice.php?torrentid=".$id."&type=firsttime");
}
elseif (!$letdown && $CURUSER['showclienterror'] == 'yes')
{
header("Location: " . get_protocol_prefix() . "$BASEURL/downloadnotice.php?torrentid=".$id."&type=client");
}
elseif (!$letdown && $CURUSER['leechwarn'] == 'yes')
{
header("Location: " . get_protocol_prefix() . "$BASEURL/downloadnotice.php?torrentid=".$id."&type=ratio");
}
}
//User may choose to download torrent from RSS. So log ip changes when downloading torrents.
if ($iplog1 == "yes") {
if (($oldip != $CURUSER["ip"]) && $CURUSER["ip"])
sql_query("INSERT INTO iplog (ip, userid, access) VALUES (" . sqlesc($CURUSER['ip']) . ", " . $CURUSER['id'] . ", '" . $CURUSER['last_access'] . "')");
}
//User may choose to download torrent from RSS. So update his last_access and ip when downloading torrents.
sql_query("UPDATE users SET last_access = ".sqlesc(date("Y-m-d H:i:s")).", ip = ".sqlesc($CURUSER['ip'])." WHERE id = ".sqlesc($CURUSER['id']));
/*
@ini_set('zlib.output_compression', 'Off');
@set_time_limit(0);
if (@ini_get('output_handler') == 'ob_gzhandler' AND @ob_get_length() !== false)
{ // if output_handler = ob_gzhandler, turn it off and remove the header sent by PHP
@ob_end_clean();
header('Content-Encoding:');
}
*/
if (isset($_COOKIE["c_secure_tracker_ssl"]) && $_COOKIE["c_secure_tracker_ssl"] == base64("yeah"))
$tracker_ssl = true;
else
$tracker_ssl = false;
if ($tracker_ssl == true){
$ssl_torrent = "https://";
if ($https_announce_urls[0] != "")
$base_announce_url = $https_announce_urls[0];
else
$base_announce_url = $announce_urls[0];
}
else{
$ssl_torrent = "http://";
$base_announce_url = $announce_urls[0];
}
$res = sql_query("SELECT torrents.name, torrents.filename, torrents.save_as, torrents.size, torrents.owner, torrents.banned, categories.mode as search_box_id FROM torrents left join categories on torrents.category = categories.id WHERE torrents.id = ".sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$row = mysql_fetch_assoc($res);
$fn = ROOT_PATH . "$torrent_dir/$id.torrent";
if ($CURUSER['downloadpos']=="no") {
permissiondenied();
}
if (!$row || !is_file($fn) || !is_readable($fn)) {
httperr();
}
if (($row['banned'] == 'yes' && get_user_class() < $seebanned_class) || !can_access_torrent($row)) {
permissiondenied();
}
sql_query("UPDATE torrents SET hits = hits + 1 WHERE id = ".sqlesc($id)) or sqlerr(__FILE__, __LINE__);
require_once "include/benc.php";
if (strlen($CURUSER['passkey']) != 32) {
$CURUSER['passkey'] = md5($CURUSER['username'].date("Y-m-d H:i:s").$CURUSER['passhash']);
sql_query("UPDATE users SET passkey=".sqlesc($CURUSER['passkey'])." WHERE id=".sqlesc($CURUSER['id']));
}
$trackerReportAuthKey = $torrentRep->getTrackerReportAuthKey($id, $CURUSER['id'], true);
$dict = bdec_file($fn, $max_torrent_size);
//$dict['value']['announce']['value'] = $ssl_torrent . $base_announce_url . "?passkey=$CURUSER[passkey]";
$dict['value']['announce']['value'] = getSchemeAndHttpHost() . "/announce.php?authkey=$trackerReportAuthKey";
$dict['value']['announce']['string'] = strlen($dict['value']['announce']['value']).":".$dict['value']['announce']['value'];
$dict['value']['announce']['strlen'] = strlen($dict['value']['announce']['string']);
/*if ($announce_urls[1] != "") // add multi-tracker
{
$dict['value']['announce-list']['type'] = "list";
$dict['value']['announce-list']['value'][0]['type'] = "list";
$dict['value']['announce-list']['value'][0]['value'][0]["type"] = "string";
$dict['value']['announce-list']['value'][0]['value'][0]["value"] = $ssl_torrent . $announce_urls[0] . "?passkey=$CURUSER[passkey]";
$dict['value']['announce-list']['value'][0]['value'][0]["string"] = strlen($dict['value']['announce-list']['value'][0]['value'][0]["value"]).":".$dict['value']['announce-list']['value'][0]['value'][0]["value"];
$dict['value']['announce-list']['value'][0]['value'][0]["strlen"] = strlen($dict['value']['announce-list']['value'][0]['value'][0]["string"]);
$dict['value']['announce-list']['value'][0]['string'] = "l".$dict['value']['announce-list']['value'][0]['value'][0]["string"]."e";
$dict['value']['announce-list']['value'][0]['strlen'] = strlen($dict['value']['announce-list']['value'][0]['string']);
$dict['value']['announce-list']['value'][1]['type'] = "list";
$dict['value']['announce-list']['value'][1]['value'][0]["type"] = "string";
$dict['value']['announce-list']['value'][1]['value'][0]["value"] = $ssl_torrent . $announce_urls[1] . "?passkey=$CURUSER[passkey]";
$dict['value']['announce-list']['value'][1]['value'][0]["string"] = strlen($dict['value']['announce-list']['value'][0]['value'][0]["value"]).":".$dict['value']['announce-list']['value'][0]['value'][0]["value"];
$dict['value']['announce-list']['value'][1]['value'][0]["strlen"] = strlen($dict['value']['announce-list']['value'][0]['value'][0]["string"]);
$dict['value']['announce-list']['value'][1]['string'] = "l".$dict['value']['announce-list']['value'][0]['value'][0]["string"]."e";
$dict['value']['announce-list']['value'][1]['strlen'] = strlen($dict['value']['announce-list']['value'][0]['string']);
$dict['value']['announce-list']['string'] = "l".$dict['value']['announce-list']['value'][0]['string'].$dict['value']['announce-list']['value'][1]['string']."e";
$dict['value']['announce-list']['strlen'] = strlen($dict['value']['announce-list']['string']);
}*/
/*
header ("Expires: Tue, 1 Jan 1980 00:00:00 GMT");
header ("Last-Modified: ".date("D, d M Y H:i:s"));
header ("Cache-Control: no-store, no-cache, must-revalidate");
header ("Cache-Control: post-check=0, pre-check=0", false);
header ("Pragma: no-cache");
header ("X-Powered-By: ".VERSION." (c) ".date("Y")." ".$SITENAME."");
header ("Accept-Ranges: bytes");
header ("Connection: close");
header ("Content-Transfer-Encoding: binary");
*/
header("Content-Type: application/x-bittorrent");
if ( str_replace("Gecko", "", $_SERVER['HTTP_USER_AGENT']) != $_SERVER['HTTP_USER_AGENT'])
{
header ("Content-Disposition: attachment; filename=\"$torrentnameprefix.".$row["save_as"].".torrent\" ; charset=utf-8");
}
else if ( str_replace("Firefox", "", $_SERVER['HTTP_USER_AGENT']) != $_SERVER['HTTP_USER_AGENT'] )
{
header ("Content-Disposition: attachment; filename=\"$torrentnameprefix.".$row["save_as"].".torrent\" ; charset=utf-8");
}
else if ( str_replace("Opera", "", $_SERVER['HTTP_USER_AGENT']) != $_SERVER['HTTP_USER_AGENT'] )
{
header ("Content-Disposition: attachment; filename=\"$torrentnameprefix.".$row["save_as"].".torrent\" ; charset=utf-8");
}
else if ( str_replace("IE", "", $_SERVER['HTTP_USER_AGENT']) != $_SERVER['HTTP_USER_AGENT'] )
{
header ("Content-Disposition: attachment; filename=".str_replace("+", "%20", rawurlencode("$torrentnameprefix." . $row["save_as"] .".torrent")));
}
else
{
header ("Content-Disposition: attachment; filename=".str_replace("+", "%20", rawurlencode("$torrentnameprefix." . $row["save_as"] .".torrent")));
}
//header ("Content-Disposition: attachment; filename=".$row["filename"]."");
//ob_implicit_flush(true);
print(benc($dict));
?>
Reference in New Issue View Git Blame Copy Permalink