db = pc_base::load_model('content_model'); } public function init() { $a_k = trim($_GET['a_k']); if(!isset($a_k)) showmessage(L('illegal_parameters')); $a_k = sys_auth($a_k, 'DECODE', pc_base::load_config('system','auth_key')); if(empty($a_k)) showmessage(L('illegal_parameters')); unset($i,$m,$f); $a_k = safe_replace($a_k); parse_str($a_k); if(isset($i)) $i = $id = intval($i); if(!isset($m)) showmessage(L('illegal_parameters')); if(!isset($modelid)||!isset($catid)) showmessage(L('illegal_parameters')); if(empty($f)) showmessage(L('url_invalid')); $allow_visitor = 1; $MODEL = getcache('model','commons'); $tablename = $this->db->table_name = $this->db->db_tablepre.$MODEL[$modelid]['tablename']; $this->db->table_name = $tablename.'_data'; $rs = $this->db->get_one(array('id'=>$id)); $siteids = getcache('category_content','commons'); $siteid = $siteids[$catid]; $CATEGORYS = getcache('category_content_'.$siteid,'commons'); $this->category = $CATEGORYS[$catid]; $this->category_setting = string2array($this->category['setting']); //检查文章会员组权限 $groupids_view = ''; if ($rs['groupids_view']) $groupids_view = explode(',', $rs['groupids_view']); if($groupids_view && is_array($groupids_view)) { $_groupid = param::get_cookie('_groupid'); $_groupid = intval($_groupid); if(!$_groupid) { $forward = urlencode(get_url()); showmessage(L('login_website'),APP_PATH.'index.php?m=member&c=index&a=login&forward='.$forward); } if(!in_array($_groupid,$groupids_view)) showmessage(L('no_priv')); } else { //根据栏目访问权限判断权限 $_priv_data = $this->_category_priv($catid); if($_priv_data=='-1') { $forward = urlencode(get_url()); showmessage(L('login_website'),APP_PATH.'index.php?m=member&c=index&a=login&forward='.$forward); } elseif($_priv_data=='-2') { showmessage(L('no_priv')); } } //阅读收费 类型 $paytype = $rs['paytype']; $readpoint = $rs['readpoint']; if($readpoint || $this->category_setting['defaultchargepoint']) { if(!$readpoint) { $readpoint = $this->category_setting['defaultchargepoint']; $paytype = $this->category_setting['paytype']; } //检查是否支付过 $allow_visitor = self::_check_payment($catid.'_'.$id,$paytype,$catid); if(!$allow_visitor) { $http_referer = urlencode(get_url()); $allow_visitor = sys_auth($catid.'_'.$id.'|'.$readpoint.'|'.$paytype).'&http_referer='.$http_referer; } else { $allow_visitor = 1; } } if(preg_match('/(php|phtml|php3|php4|jsp|dll|asp|cer|asa|shtml|shtm|aspx|asax|cgi|fcgi|pl)(\.|$)/i',$f) || strpos($f, ":\\")!==FALSE || strpos($f,'..')!==FALSE) showmessage(L('url_error')); if(strpos($f, 'http://') !== FALSE || strpos($f, 'ftp://') !== FALSE || strpos($f, '://') === FALSE) { $pc_auth_key = md5(pc_base::load_config('system','auth_key').$_SERVER['HTTP_USER_AGENT'].'down'); $a_k = urlencode(sys_auth("i=$i&d=$d&s=$s&t=".SYS_TIME."&ip=".ip()."&m=".$m."&f=$f&modelid=".$modelid, 'ENCODE', $pc_auth_key)); $downurl = '?m=content&c=down&a=download&a_k='.$a_k; } else { $downurl = $f; } include template('content','download'); } public function download() { $a_k = trim($_GET['a_k']); $pc_auth_key = md5(pc_base::load_config('system','auth_key').$_SERVER['HTTP_USER_AGENT'].'down'); $a_k = sys_auth($a_k, 'DECODE', $pc_auth_key); if(empty($a_k)) showmessage(L('illegal_parameters')); unset($i,$m,$f,$t,$ip); $a_k = safe_replace($a_k); parse_str($a_k); if(isset($i)) $downid = intval($i); if(!isset($m)) showmessage(L('illegal_parameters')); if(!isset($modelid)) showmessage(L('illegal_parameters')); if(empty($f)) showmessage(L('url_invalid')); if(!$i || $m<0) showmessage(L('illegal_parameters')); if(!isset($t)) showmessage(L('illegal_parameters')); if(!isset($ip)) showmessage(L('illegal_parameters')); $starttime = intval($t); if(preg_match('/(php|phtml|php3|php4|jsp|dll|asp|cer|asa|shtml|shtm|aspx|asax|cgi|fcgi|pl)(\.|$)/i',$f) || strpos($f, ":\\")!==FALSE || strpos($f,'..')!==FALSE) showmessage(L('url_error')); $fileurl = trim($f); if(!$downid || empty($fileurl) || !preg_match("/[0-9]{10}/", $starttime) || !preg_match("/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/", $ip) || $ip != ip()) showmessage(L('illegal_parameters')); $endtime = SYS_TIME - $starttime; if($endtime > 3600) showmessage(L('url_invalid')); if($m) $fileurl = trim($s).trim($fileurl); if(preg_match('/(php|phtml|php3|php4|jsp|dll|asp|cer|asa|shtml|shtm|aspx|asax|cgi|fcgi|pl)(\.|$)/i',$fileurl) ) showmessage(L('url_error')); //远程文件 if(strpos($fileurl, ':/') && (strpos($fileurl, pc_base::load_config('system','upload_url')) === false)) { header("Location: $fileurl"); } else { if($d == 0) { header("Location: ".$fileurl); } else { $fileurl = str_replace(array(pc_base::load_config('system','upload_url'),'/'), array(pc_base::load_config('system','upload_path'),DIRECTORY_SEPARATOR), $fileurl); $filename = basename($fileurl); //处理中文文件 if(preg_match("/^([\s\S]*?)([\x81-\xfe][\x40-\xfe])([\s\S]*?)/", $fileurl)) { $filename = str_replace(array("%5C", "%2F", "%3A"), array("\\", "/", ":"), urlencode($fileurl)); $filename = urldecode(basename($filename)); } $ext = fileext($filename); $filename = date('Ymd_his').random(3).'.'.$ext; $fileurl = str_replace(array('<','>'), '',$fileurl); file_down($fileurl, $filename); } } } /** * 检查支付状态 */ private function _check_payment($flag,$paytype,$catid) { $_userid = param::get_cookie('_userid'); $_username = param::get_cookie('_username'); $siteids = getcache('category_content','commons'); $siteid = $siteids[$catid]; $CATEGORYS = getcache('category_content_'.$siteid,'commons'); $this->category = $CATEGORYS[$catid]; $this->category_setting = string2array($this->category['setting']); if(!$_userid) return false; pc_base::load_app_class('spend','pay',0); $setting = $this->category_setting; $repeatchargedays = intval($setting['repeatchargedays']); if($repeatchargedays) { $fromtime = SYS_TIME - 86400 * $repeatchargedays; $r = spend::spend_time($_userid,$fromtime,$flag); if($r['id']) return true; } return false; } /** * 检查阅读权限 * */ private function _category_priv($catid) { $catid = intval($catid); if(!$catid) return '-2'; $_groupid = param::get_cookie('_groupid'); $_groupid = intval($_groupid); if($_groupid==0) $_groupid = 8; $this->category_priv_db = pc_base::load_model('category_priv_model'); $result = $this->category_priv_db->select(array('catid'=>$catid,'is_admin'=>0,'action'=>'visit')); if($result) { if(!$_groupid) return '-1'; foreach($result as $r) { if($r['roleid'] == $_groupid) return '1'; } return '-1'; } else { return '1'; } } } ?>