PluginProbe ʕ •ᴥ•ʔ
Download Manager / trunk
Download Manager vtrunk
3.3.61 3.3.60 3.3.59 3.3.58 3.3.57 3.3.56 trunk 2.1.3 2.3.0 2.5.96 2.5.97 2.6.2 2.6.96 2.8.3 2.9.99 3.0.4 3.1.05 3.1.07 3.1.08 3.1.11 3.1.12 3.1.14 3.1.17 3.1.18 3.1.22 3.1.23 3.1.24 3.1.25 3.1.26 3.1.27 3.1.28 3.2.04 3.2.13 3.2.14 3.2.16 3.2.18 3.2.19 3.2.21 3.2.22 3.2.23 3.2.24 3.2.25 3.2.27 3.2.28 3.2.29 3.2.30 3.2.31 3.2.32 3.2.33 3.2.34 3.2.35 3.2.37 3.2.38 3.2.39 3.2.40 3.2.41 3.2.42 3.2.43 3.2.44 3.2.45 3.2.46 3.2.47 3.2.48 3.2.49 3.2.50 3.2.51 3.2.52 3.2.53 3.2.54 3.2.55 3.2.56 3.2.57 3.2.58 3.2.59 3.2.60 3.2.61 3.2.63 3.2.64 3.2.65 3.2.66 3.2.67 3.2.68 3.2.69 3.2.70 3.2.71 3.2.72 3.2.73 3.2.74 3.2.75 3.2.76 3.2.77 3.2.78 3.2.79 3.2.80 3.2.81 3.2.82 3.2.83 3.2.84 3.2.85 3.2.86 3.2.87 3.2.88 3.2.89 3.2.90 3.2.91 3.2.92 3.2.93 3.2.94 3.2.95 3.2.96 3.2.97 3.2.98 3.2.99 3.3.00 3.3.01 3.3.02 3.3.03 3.3.04 3.3.05 3.3.06 3.3.07 3.3.08 3.3.09 3.3.10 3.3.11 3.3.12 3.3.13 3.3.14 3.3.15 3.3.16 3.3.17 3.3.18 3.3.19 3.3.20 3.3.21 3.3.22 3.3.23 3.3.24 3.3.25 3.3.26 3.3.27 3.3.28 3.3.29 3.3.30 3.3.31 3.3.32 3.3.33 3.3.34 3.3.35 3.3.36 3.3.37 3.3.38 3.3.39 3.3.40 3.3.41 3.3.42 3.3.43 3.3.44 3.3.45 3.3.46 3.3.47 3.3.48 3.3.49 3.3.50 3.3.51 3.3.52 3.3.53 3.3.54 3.3.55
download-manager / src / MediaLibrary / MediaAccessControl.php
download-manager / src / MediaLibrary Last commit date
views 5 months ago MediaAccessControl.php 3 months ago MediaHandler.php 4 years ago RestAPI.php 4 years ago
MediaAccessControl.php
479 lines
1 <?php
2
3 /**
4 *
5 */
6
7 namespace WPDM\MediaLibrary;
8
9
10 use WPDM\__\__;
11 use WPDM\__\Crypt;
12 use WPDM\__\Messages;
13 use WPDM\__\Template;
14 use WPDM\__\TempStorage;
15 use WPDM\__\FileSystem;
16 use WPDM\__\UI;
17
18 class MediaAccessControl {
19 function __construct() {
20 add_action( 'init', array( $this, 'mediaDownload' ) );
21 add_action( 'wp_ajax_wpdm_media_pass', array( $this, 'makeMediaPass' ) );
22 add_action( 'wp_ajax_nopriv_wpdm_media_pass', array( $this, 'makeMediaPass' ) );
23
24 if ( is_admin() ) {
25 add_filter( 'attachment_fields_to_edit', array( $this, 'protectionSettings' ), null, 2 );
26 add_action( 'wp_ajax_wpdm_media_access', array( $this, 'mediaAccessControl' ) );
27 add_action( 'wp_ajax_make_media_public', array( $this, 'makeMediaPublic' ) );
28 add_action( 'wp_ajax_make_media_private', array( $this, 'makeMediaPrivate' ) );
29 add_action( 'admin_footer', array( $this, 'footerScripts' ) );
30 } else {
31 add_action( "init", array( $this, 'protectMediaLibrary' ), 8 );
32
33 }
34
35 add_shortcode( 'wpdm_media', array( $this, 'mediaShortcode' ) );
36
37
38 }
39
40 function mediaDownload() {
41 if ( isset( $_REQUEST['__mediakey'] ) ) {
42 $mediaid = TempStorage::get( '__wpdm_meida_key_' . wpdm_query_var( '__mediakey', 'txt' ) );
43 if ( $mediaid > 0 ) {
44 $file = get_attached_file( $mediaid );
45 $file = apply_filters( "wpdm_media_download", $file, $mediaid );
46 FileSystem::downloadFile( $file, basename( $file ), 10240, 0, array( 'play' => 1 ) );
47 die();
48 }
49 }
50 }
51
52
53 function makeMediaPass() {
54 if ( wpdm_query_var( '__xnonce' ) && wp_verify_nonce( wpdm_query_var( '__xnonce' ), NONCE_KEY ) ) {
55 $mediaid = Crypt::decrypt( wpdm_query_var( '__meida' ) );
56 $password = get_post_meta( $mediaid, '__wpdm_media_pass', true );
57 //wpdmdd([wpdm_query_var('__pswd'), $password]);
58 if ( $password == wpdm_query_var( '__pswd' ) ) {
59 $mediakey = uniqid();
60 $xpire_sex = (int) get_option( '__wpdm_private_link_expiration_period' ) * (int) get_option( '__wpdm_private_link_expiration_period_unit' );
61 $xpire_sex = $xpire_sex > 0 ? $xpire_sex : 30;
62 TempStorage::set( '__wpdm_meida_key_' . $mediakey, $mediaid, $xpire_sex );
63 wp_send_json( array( 'success' => true, '__mediakey' => $mediakey ) );
64 }
65 }
66 wp_send_json( array(
67 'success' => false,
68 'error' => __( "<b>Error:</b> Wrong Password! Try Again.", "download-manager" )
69 ) );
70 }
71
72 function mediaShortcode( $params ) {
73 if ( ! isset( $params['id'] ) || (int) $params['id'] < 1 ) {
74 return __( "Missing ID!", "download-manager" );
75 }
76 $media = get_post( $params['id'] );
77 $media->path = str_replace( home_url( '/' ), ABSPATH . '/', $media->guid );
78 $media->filesize = wpdm_file_size( $media->path );
79 $picon = ! substr_count( $media->post_mime_type, 'image' ) ? wp_get_attachment_image( $media->ID, 'thumbnail', true ) : UI::img( wpdm_dynamic_thumb( $media->path, [
80 128,
81 128
82 ], true ), 'Thumb', [ 'width' => 48 ] );
83 $media->icon = $picon;
84 ob_start();
85 include Template::locate( "media-shortcode.php", __DIR__ . '/views' );
86 $content = ob_get_clean();
87
88 return $content;
89 }
90
91 /*
92 function protectMediaLibrary(){
93 if(isset($_REQUEST['wpdmmediaid'])){
94 global $wpdb;
95 $current_user = wp_get_current_user();
96 $ID = wpdm_query_var('wpdmmediaid', 'int');
97 $media = get_post($ID);
98 if(!$media) Messages::fullPage('404', esc_attr__( 'Media not found!', "download-manager" ));
99 $media_meta = wp_get_attachment_metadata($ID);
100 //wpdmdd($media_meta);
101 //wpdmdd($media);
102 $media->path = str_replace(home_url('/'), ABSPATH.'/', $media->guid);
103 $media->filesize = wpdm_file_size($media->path);
104
105 $access = get_post_meta($media->ID, '__wpdm_media_access', true);
106 if(!is_array($access)) $access = ['public'];
107 $password = get_post_meta($media->ID, '__wpdm_media_pass', true);
108 $private = get_post_meta($media->ID, '__wpdm_private', true);
109 if(current_user_can('manage_options')) $private = false;
110 $user_roles = is_user_logged_in() ? $current_user->roles + array('public') : array();
111 $user_roles[] = 'public';
112 $user_allowed = array_intersect($user_roles, $access);
113 $user_allowed = count($user_allowed);
114 if( $private && ( $password || !$user_allowed ) ) {
115
116 if(!$user_allowed && substr_count($media->post_mime_type, 'image')) {
117 $access_denied_placeholder = apply_filters("access_denied_placeholder", WPDM_BASE_DIR.'assets/images/denied.png', $media);
118 FileSystem::downloadFile($access_denied_placeholder, basename($media->guid), 10240, 0, ['play' => 1]);
119 die();
120 }
121
122 $picon = wp_get_attachment_image($media->ID, 'thumbnail', true);
123 $keyvalid = true;
124 $__hash = Crypt::encrypt($media->ID);
125 $download_url = "";
126 //wp_die('Direct access disabled!');
127 Messages::fullPage("Error!", UI::div('Direct access disabled!', 'alert alert-danger', ['style' => 'display:table;margin: 0 auto']));
128
129 }
130
131 $upload_dir = wp_upload_dir();
132 $file_path = wpdm_valueof($upload_dir, 'basedir').'/'.wpdm_query_var('wpdmmedia');
133 $file_path = apply_filters("wpdm_media_download", $file_path, $media->ID);
134 FileSystem::downloadFile($file_path, basename($file_path), 10240, 0, array('play' => 1));
135 die();
136 }
137 }
138 //*/
139
140 function protectMediaLibrary() {
141 if ( isset( $_REQUEST['wpdmmediaid'] ) ) {
142 global $wpdb;
143 $current_user = wp_get_current_user();
144 $ID = wpdm_query_var( 'wpdmmediaid', 'int' );
145 $media = get_post( $ID );
146 if ( ! $media ) {
147 Messages::fullPage( '404', esc_attr__( 'Media not found!', WPDM_TEXT_DOMAIN ) );
148 }
149 $media_meta = wp_get_attachment_metadata( $ID );
150 //wpdmdd($media);
151 $validFilenames = [ basename( wpdm_valueof( $media_meta, 'file' ) ), basename( $media->guid ) ];
152 foreach ( $media_meta['sizes'] as $key => $item ) {
153 $validFilenames[] = $item['file'];
154 }
155 $media_rel_path = get_post_meta( $media->ID, '_wp_attached_file', true );
156 if ( ! $media_rel_path && isset( $media['file'] ) ) {
157 $media_rel_path = $media['file'];
158 }
159 $validRelPath = str_replace( basename( $media_rel_path ), '', $media_rel_path );
160 $reqFilename = basename( $_REQUEST['wpdmmedia'] );
161 //wpdmdd($reqFilename, $validFilenames, $_REQUEST['wpdmmedia'], $validRelPath);
162 //wpdmdd(substr_count($media->guid, $_REQUEST['wpdmmedia']), $reqFilename, $validFilenames, in_array($reqFilename, $validFilenames));
163 if ( ! in_array( $reqFilename, $validFilenames ) || substr_count( $media->guid, $_REQUEST['wpdmmedia'] ) === 0 ) {
164 wp_die( __( 'Invalid file path!', 'download-manager' ) );
165 }
166
167
168 $upload_dir = wp_upload_dir();
169 // wpdmdd($media);
170 $media->path = trailingslashit( $upload_dir['basedir'] ) . $media_rel_path;
171 $media->filesize = wpdm_file_size( $media->path );
172
173 $access = get_post_meta( $media->ID, '__wpdm_media_access', true );
174 if ( ! is_array( $access ) ) {
175 $access = [ 'public' ];
176 }
177 $password = get_post_meta( $media->ID, '__wpdm_media_pass', true );
178 $private = get_post_meta( $media->ID, '__wpdm_private', true );
179 if ( current_user_can( 'manage_options' ) ) {
180 $private = false;
181 }
182 $user_roles = is_user_logged_in() ? $current_user->roles + array( 'public' ) : array();
183 $user_roles[] = 'public';
184 $user_allowed = array_intersect( $user_roles, $access );
185 $user_allowed = count( $user_allowed );
186 if ( $private && ( $password || ! $user_allowed ) ) {
187
188 if ( ! $user_allowed && substr_count( $media->post_mime_type, 'image' ) ) {
189 $access_denied_placeholder = apply_filters( "access_denied_placeholder", WPDM_BASE_DIR . 'assets/images/denied.png', $media );
190 FileSystem::downloadFile( $access_denied_placeholder, basename( $media->guid ), 10240, 0, [ 'play' => 1 ] );
191 die();
192 }
193
194 $picon = ! substr_count( $media->post_mime_type, 'image' ) ? wp_get_attachment_image( $media->ID, 'thumbnail', true ) : UI::img( wpdm_dynamic_thumb( $media->path, [
195 128,
196 128
197 ], true ), 'Thumb', [ 'width' => 48 ] );
198 $keyvalid = true;
199 $__hash = Crypt::encrypt( $media->ID );
200 $download_url = "";
201 include Template::locate( "media-download.php", __DIR__ . '/views' );
202 die();
203 }
204
205 //$upload_dir = wp_upload_dir();
206 $file_path = $upload_dir['basedir'] . '/' . __::query_var( 'wpdmmedia' );
207 $file_path = apply_filters( "wpdm_media_download", $file_path, $media->ID );
208 //wpdmdd($file_path);
209 FileSystem::downloadFile( $file_path, basename( $file_path ), 10240, 0, array( 'play' => 1 ) );
210 die();
211 }
212 }
213
214 function updateMediaAccess() {
215 $protected = get_option( "__wpdm_media_private" );
216 $protected = $protected ? (array) json_decode( $protected ) : array();
217 $upload_dir = wp_upload_dir();
218 $upload_dir = $upload_dir['basedir'];
219 $htaccess_rules = "<IfModule mod_rewrite.c>\nRewriteEngine On\n";
220 foreach ( $protected as $id => $path ) {
221 $path = str_replace( $upload_dir . '/', "", $path );
222 $file_dir = preg_replace( "/\/([^\/]+)$/i", "/", $path );
223 $htaccess_rules .= "RewriteRule ^({$path})$ ../../index.php?wpdmmediaid={$id}&wpdmmedia=$1\n";
224 if ( wp_attachment_is_image( $id ) ) {
225 $meta = wp_get_attachment_metadata( $id );
226 $thumbs = $meta['sizes'];
227 foreach ( $thumbs as $size => $thumb ) {
228 $_path = $file_dir . $thumb['file'];
229 $htaccess_rules .= "RewriteRule ^({$_path})$ ../../index.php?wpdmmediaid={$id}&wpdmmedia=$1&thumb={$size}\n";
230 }
231 }
232
233 }
234 $htaccess_rules .= "</IfModule>";
235 file_put_contents( $upload_dir . '/.htaccess', $htaccess_rules );
236 }
237
238 function makeMediaPrivate() {
239
240 __::isAuthentic( "mmpnonce", WPDM_PRI_NONCE, 'edit_posts' );
241 $id = wpdm_query_var( 'mediaid' );
242 // Verify user can edit this media
243 if (!current_user_can('edit_post', $id)) {
244 wp_send_json([
245 'success' => false,
246 'message' => __('You are not allowed to edit this media.', 'download-manager')
247 ]);
248 }
249 //$meta = wp_get_attachment_metadata($id);
250 //wpdmdd($meta);
251 update_post_meta( $id, '__wpdm_media_access', wpdm_query_var( 'media_access' ) );
252 update_post_meta( $id, '__wpdm_media_pass', wpdm_query_var( 'media_pass' ) );
253 update_post_meta( $id, '__wpdm_private', 1 );
254 $protected = get_option( "__wpdm_media_private" );
255 $protected = $protected ? (array) json_decode( $protected ) : array();
256 $protected[ $id ] = get_attached_file( $id );
257 $protected = json_encode( $protected );
258 update_option( '__wpdm_media_private', $protected, 'no' );
259 do_action( "wpdm_make_media_private" );
260 $this->updateMediaAccess();
261
262 $this->mediaAccessControl();
263 }
264
265 function makeMediaPublic() {
266
267 __::isAuthentic( "mmpnonce", WPDM_PRI_NONCE, 'edit_posts' );
268
269 $id = wpdm_query_var( 'mediaid' );
270
271 // Verify user can edit this media
272 if (!current_user_can('edit_post', $id)) {
273 wp_send_json([
274 'success' => false,
275 'message' => __('You are not allowed to edit this media.', 'download-manager')
276 ]);
277 }
278
279 delete_post_meta( $id, '__wpdm_media_access' );
280 delete_post_meta( $id, '__wpdm_media_pass' );
281 delete_post_meta( $id, '__wpdm_private' );
282 $protected = get_option( "__wpdm_media_private" );
283 $protected = $protected ? (array) json_decode( $protected ) : array();
284 unset( $protected[ $id ] );
285 $protected = json_encode( $protected );
286 update_option( '__wpdm_media_private', $protected, 'no' );
287 do_action( "wpdm_make_media_public" );
288 $this->updateMediaAccess();
289 $this->mediaAccessControl();
290 }
291
292 function mediaAccessControl() {
293
294 __::isAuthentic('pmanonce', WPDM_PRI_NONCE, WPDM_ADMIN_CAP);
295
296 $id = wpdm_query_var( 'mediaid' );
297 $wpdm_media_access = maybe_unserialize( get_post_meta( $id, '__wpdm_media_access', true ) );
298 $wpdm_media_pass = get_post_meta( $id, '__wpdm_media_pass', true );
299 $wpdm_media_private = (int) get_post_meta( $id, '__wpdm_private', true );
300 ?>
301
302 <div class="panel panel-default"
303 id="__protm" <?php if ( $wpdm_media_private ) { ?> style="display: none" <?php } ?>>
304 <div class="panel-body">
305 <?php _e( 'This file is not protected.', 'download-manager' ) ?>
306 </div>
307 <div class="panel-footer">
308 <button class="btn btn-success btn-block"
309 onclick="jQuery('#__protm').slideUp();jQuery('#__prots').slideDown();"><?php _e( 'Protect this file', 'download-manager' ); ?></button>
310 </div>
311 </div>
312
313 <div id="__prots"
314 class="panel panel-default" <?php if ( ! $wpdm_media_private ) { ?> style="display: none" <?php } ?>>
315 <?php if ( $wpdm_media_private ) { ?>
316 <div class="panel-body text-danger"><i class="fa fa-lock"></i>
317 &mdash; <?php echo __( "This file is protected", "download-manager" ); ?></div><?php } ?>
318 <div class="panel-heading"><?php _e( 'Password:', 'download-manager' ); ?></div>
319 <div class="panel-body"><input type="text" value="<?php echo $wpdm_media_pass; ?>" id="media_pass"
320 class="form-control"
321 style="border-radius: 3px;border: 0;box-shadow: none !important;"
322 name="media[password]"
323 placeholder="<?php _e( 'Password', 'download-manager' ); ?>"/></div>
324 <div class="panel-heading"
325 style="border-radius: 0;border-top: 1px solid #ddd"><?php _e( 'Allow Access:', 'download-manager' ); ?></div>
326 <div class="panel-body" id="acx">
327
328 <?php
329
330
331 $selz = '';
332 if ( is_array( $wpdm_media_access ) ) {
333 $selz = ( in_array( 'public', $wpdm_media_access ) ) ? 'checked=checked' : '';
334 }
335
336 ?>
337
338 <label><input class="media_access" style="margin: 0" name="media[access][]" type="checkbox"
339 value="public" <?php echo $selz ?>> <?php echo __( "Public", "download-manager" ); ?>
340 </label>
341 <?php
342 global $wp_roles;
343 $roles = array_reverse( $wp_roles->role_names );
344 unset( $roles['administrator'] );
345 foreach ( $roles as $role => $name ) {
346
347
348 if ( is_array( $wpdm_media_access ) ) {
349 $sel = ( in_array( $role, $wpdm_media_access ) ) ? 'checked=checked' : '';
350 } else {
351 $sel = '';
352 }
353
354
355 ?>
356 <label><input class="media_access" style="margin: 0" name="media[access][]" type="checkbox"
357 value="<?php echo $role; ?>" <?php echo $sel ?>> <?php echo $name; ?></label>
358 <?php } ?>
359
360 </div>
361 <?php do_action( "wpdm_meidia_access_settings" ); ?>
362 <div class="panel-heading">
363 <?php echo __( "Shortcode:", "download-manager" ) ?>
364 </div>
365 <div>
366 <input onfocus="this.select()" type="text" readonly="readonly" class="form-control"
367 style="border: 0;box-shadow: none !important;text-align: center;background: #ffffff;font-family: monospace"
368 value="[wpdm_media id=<?php echo $id; ?>]"/>
369 </div>
370 <div class="panel-footer">
371 <button class="btn btn-block btn-primary btn-sm" id="__makeprivate"
372 data-id="<?php echo $id; ?>"><?php _e( 'Apply restrictions', 'download-manager' ); ?></button>
373 </div>
374 <div class="panel-footer">
375 <button class="btn btn-block btn-danger btn-sm" id="__makepublic"
376 data-id="<?php echo $id; ?>"><?php _e( 'Remove all restrictions', 'download-manager' ); ?></button>
377 </div>
378 </div>
379
380
381 <style>
382 #acx {
383 height: 150px;
384 overflow: auto;
385 }
386
387 #acx input[type=checkbox] {
388 transform: scale(0.7);
389 margin-top: -1px;
390 }
391
392 #acx label {
393 font-weight: 400;
394 padding: 0 15px;
395 line-height: 18px;
396 font-size: 10px;
397 display: block;
398 width: 100%;
399 }
400 </style>
401 <?php
402 die();
403 }
404
405 function footerScripts() {
406 global $pagenow;
407 ?>
408 <script>
409 var xhr = null;
410 jQuery(function ($) {
411
412 $('body').on('click', '#__makepublic', function () {
413 $('#__prots').addClass('blockui');
414 $.post(ajaxurl, {
415 action: 'make_media_public',
416 mmpnonce: '<?php echo wp_create_nonce( WPDM_PRI_NONCE ); ?>',
417 mediaid: $(this).data('id')
418 }, function (res) {
419 $('#__prots').removeClass('blockui');
420 $('#__prots').slideUp();
421 $('#__protm').slideDown(function () {
422 $('#wpdm-media-access').html(res);
423 });
424 });
425 });
426
427 $('body').on('click', '#__makeprivate', function () {
428 $('#__prots').addClass('blockui');
429 var media_access = $("input.media_access:checkbox:checked").map(function () {
430 return $(this).val();
431 }).get();
432 $.post(ajaxurl, {
433 action: 'make_media_private',
434 mmpnonce: '<?php echo wp_create_nonce( WPDM_PRI_NONCE ); ?>',
435 mediaid: $(this).data('id'),
436 media_pass: $('#media_pass').val(),
437 media_access: media_access
438 }, function (res) {
439 $('#__prots').removeClass('blockui');
440 $('#wpdm-media-access').html(res);
441 });
442 });
443 });
444 </script>
445 <?php
446 }
447
448 function protectionSettings( $form_fields, $post ) {
449 ob_start();
450 //wpdmprecho($post);
451 ?>
452 <script>
453 jQuery(function ($) {
454 $('.w3eden.media-access-control-container').remove();
455 $('.attachment-info .details').after("<div class='w3eden media-access-control-container'><br style='clear:both;'/><hr style='clear:both;margin-bottom:10px'/><div id='wpdm-media-access'><div class='panel panel-default'><div class='panel-body'><i class='fa fa-sun fa-spin'></i> <?php echo __( "Checking status...", "download-manager" ); ?></div></div></div></div>");
456 xhr = $.ajax({
457 type: "GET",
458 url: ajaxurl,
459 data: "action=wpdm_media_access&mediaid=<?php echo $post->ID; ?>&pmanonce=<?php echo wp_create_nonce(WPDM_PRI_NONCE) ?>", //+$(this).data('id'),
460 success: function (res) {
461 $('#wpdm-media-access').html(res);
462 }
463 });
464 });
465 </script><?php
466 $html = ob_get_clean();
467 $form_fields["mac"] = array(
468 "label" => '',
469 "input" => "html", // this is default if "input" is omitted
470 "html" => $html
471 );
472
473
474 return $form_fields;
475 }
476
477 }
478
479