<?php
// connect to the database
mysql_connect ('host', 'user', 'password');
// select database
mysql_select_db ("database");
if (isset($lid)) {
/*
This is a function that corresponds the id to a filename. You
may get the filename from the db or whatever..
*/
$filename = getFilenameFromID($lid, $user);
// let's strip the filename, to get a real name without path
$fnam = substr($filename, (strrpos($filename, "/") + 1), strlen($filename));
$furl = substr($filename, 0, (strrpos($filename, "/") + 1)); // returns real filename
// now set the right headers...
header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=$fnam");
header("Content-Location:$furl" );
header("Content-Transfer-Encoding: binary");
if (is_file($furl. $fnam)) {
$handle = fopen($furl . $fnam, "rb");
$content = fread($handle, filesize($furl . $fnam));
fclose($handle);
}
else {
if ($fnam == "404.txt") {
$content = "Download no longer active, please request new download.";
}
else {
$content = "Missing or corrupt file, please let us know which file you tried to download";
}
}
// now print the file..
print $content;
exit();
}
session_start();
if (isset($_POST['from_name'])) {
$_SESSION['from_name'] = $from_name;
}
if (isset($_POST['from_company'])) {
$_SESSION['from_company'] = $from_company;
}
if (isset($_POST['from_phone'])) {
$_SESSION['from_phone'] = $from_phone;
}
if (isset($_POST['from_email'])) {
$_SESSION['from_email'] = $from_email;
}
function getFilenameFromID($file_id, $from)
{
// kjør query mot db, WHERE id = '$file_id'
$result = mysql_query("SELECT * from tbl_attatchment, tbl_downloads WHERE
att_lid = d_id_f_id AND d_by_email = '" . $from . "' AND
d_active = 1 AND att_lid = '$file_id'");
if (mysql_num_rows($result) == 1) {
while($row = mysql_fetch_array($result)) {
$f = $row['att_url'];
}
}
else {
$f = "/404.txt";
}
$resupdt = mysql_query("UPDATE `tbl_downloads` SET `d_dt` = NOW( '20050820135738' ) ,
`d_active` = '0' WHERE `d_id_f_id` = '$file_id' AND
d_by_email = '" . $from . "' AND d_active='1' LIMIT 1");
return $f;
}
if ($rf != "") {
$_POST['key'] = $_SESSION['key'];
if( $_POST['action'] == "Send") {
$res = mysql_query("SELECT * FROM `tbl_downloads` WHERE d_by_email = '". $_SESSION['from_email'] . "'
AND d_active = '1' AND `d_id_f_id` = '". $rf . "'");
if (mysql_num_rows($res) < 1) {
$results = mysql_query("INSERT INTO `tbl_downloads` ( `d_id` , `d_id_f_id` , `d_dt` , `d_by_name` , `d_by_phone` , `d_by_company_name` , `d_by_email` , `d_active` )
VALUES (
'', '" . $rf ."', NOW( ) , '" . $_SESSION['from_name'] . "', '" . $_SESSION['from_phone'] . "', '" . $_SESSION['from_company'] . "', '" . $_SESSION['from_email'] . "', '1');") OR DIE ("foo");
// send mail with link
$toname = $_SESSION['from_name'];
$toadress = $_SESSION['from_email'];
$subject = "YourCompanyName - Requested Download Link";
$message = "Hi, " . $_SESSION['from_name'] .
" / " . $_SESSION['from_company'] .
"\n\nThe file you requested for download, can be accessed here: " .
"\n[URL unfurl="true"]http://www.yourdomain.tld/downloads/?lid="[/URL] . $rf . "&user=" . $_SESSION['from_email'] .
"\n\n The download url can only be used once.";
mail($_SESSION['from_email'], $subject, $message);
}
$rf = "";
$_POST['key'] = $_SESSION['key'];
}
}
?>
<?php
echo $_SESSION['fubar'];
if (isset($submit)) {
if ($submit == "logout") {
unset($_SESSION['key']);
}
}
if ($_SESSION['key'] != $_POST['key'] || (!($_SESSION['key']))) {
$_SESSION['key'] = substr(md5(time()), 0, 6);
echo "<p>To access our contact-form, enter the security-code as seen below:</p>
<form action=\"\" method=\"post\">
<p>
<strong>Security-Code:</strong><br />
<img src=\"/sec.jpg\" />
</p>
<p>
<strong>Type Security-Code, as seen above:</strong><br />
<input type=\"text\" name=\"key\" />
<input type=\"submit\" name=\"submit\" value=\"submit\" />
</p>
</form>";
exit();
}
else {
if ($from_email != "" && $enquery != "" || !isset($rf) || $rf == "") {
// session_destroy();
if (isset($from_name)) {
$_SESSION['from_name'] = $from_name;
}
if (isset($from_company)) {
$_SESSION['from_company'] = $from_company;
}
if (isset($from_phone)) {
$_SESSION['from_phone'] = $from_phone;
}
if (isset($from_email)) {
$_SESSION['from_email'] = $from_email;
}
$_POST['key'] = $_SESSION['key'];
$toname = "yourCompanyName";
$toadress = "reply.Adress@yourdomain.tld";
$subject = "YourCompanyName - Feedback form";
$message = "Name: " . $from_name .
"\nCompany: " . $from_company .
"\nPhone: " . $from_phone .
"\nEmail: " . $from_email .
"\n\n\n" . $enquery;
/*if (mail($toadress, $subject, $message)) {
echo "Thank you for your enquery!<br />We will get back to your shortly.";
}
else {
echo "Oops! Something went wrong!";
}*/
// start download
$result = mysql_query("SELECT * from tbl_attatchment
ORDER BY att_title ASC") or die (mysql_error());
while($row = mysql_fetch_array($result)) {
// let's strip the filename, to get a real name without path
$fnam = substr($filename, (strrpos($filename, "/") + 1), strlen($filename));
$furl = substr($filename, 0, (strrpos($filename, "/") + 1)); // returns real filename
echo $furl . $fnam;
?>
<p>
<strong>Title: </strong><?=$row['att_title'] ?><br />
<strong>Description: </strong> <?=$row['att_description'] ?><br />
<a href="?rf=<?=$row['att_lid'] ?>">Request File</a></td>
</p>
<?
}
?>
</table>
<?php
// end download
}
if ($rf != "") { // show form
$_POST['key'] = $_SESSION['key'];
?>
<strong>Information:</strong>
After requesting file-download, please look in your mail inbox.<br />
You will recieve an e-mail with a download URL.
<form action="?" method="post">
<table border="1">
<tr><td>
<p>
Your name:<br />
<input type="text" name="from_name" value="<?=$_SESSION['from_name']?>" />
</p>
<p>
Company Name:<br />
<input type="text" name="from_company" value="<?=$_SESSION['from_company']?>" />
</p>
<p>
Phone#:<br />
<input type="text" name="from_phone" value="<?=$_SESSION['from_phone']?>" />
</p>
<p>
<strong>Your e-mail adress*:</strong><br />
<input type="text" name="from_email" value="<?=$_SESSION['from_email']?>" />
<input type="hidden" name="rf" value="<?=$rf?>" />
</p>
</td>
<td></td>
</tr>
<tr>
<td colspan="2">
<p>
<strong>Comments / Questions*:</strong><br />
<textarea name="enquery" cols="45" rows="10"><?=$enquery?></textarea><br />
<strong>* Required fields</strong>
</p>
<input type="hidden" name="key" value="<?=$key?>" />
<input type="submit" name="action" value="Send" />
<input type="reset" value="Clear" />
</td>
</tr>
</table>
</form>
<?php
}
}
?>