Browse code
Changed majority of files.
DoubleBastionAdmin authored on 30/11/2024 06:56:40
Showing 1 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,63 @@ |
| 1 |
+<?php |
|
| 2 |
+/** |
|
| 3 |
+ * Copyright (C) 2022, 2024 Double Bastion LLC |
|
| 4 |
+ * |
|
| 5 |
+ * This file is part of Roundpin, which is licensed under the |
|
| 6 |
+ * GNU Affero General Public License Version 3.0. The license terms |
|
| 7 |
+ * are detailed in the "LICENSE.txt" file located in the root directory. |
|
| 8 |
+ */ |
|
| 9 |
+ |
|
| 10 |
+session_start(); |
|
| 11 |
+ |
|
| 12 |
+if (isset($_GET['sipusername']) && $_GET['sipusername'] != '' && isset($_GET['encextenpass']) && $_GET['encextenpass'] != '' && isset($_GET['recSipUser']) && |
|
| 13 |
+ $_GET['recSipUser'] != '' && isset($_GET['recFlNm']) && $_GET['recFlNm'] != '') {
|
|
| 14 |
+ |
|
| 15 |
+ define('ACCESSCONST', TRUE);
|
|
| 16 |
+ |
|
| 17 |
+ require('db-connect.php');
|
|
| 18 |
+ |
|
| 19 |
+ $vconfExtension = $_GET['sipusername']; |
|
| 20 |
+ $extenPassEnc = rawurldecode($_GET['encextenpass']); |
|
| 21 |
+ |
|
| 22 |
+ $recSipUser = $_GET['recSipUser']; |
|
| 23 |
+ $recFileName = $_GET['recFlNm']; |
|
| 24 |
+ |
|
| 25 |
+ $fileToDownload = '../textchat/' . $recSipUser . '/uploads/' . $recFileName; |
|
| 26 |
+ |
|
| 27 |
+ // Check if the received external user extension, the corresponding encrypted password and the extension of the conference, match the data in the 'external_users' table |
|
| 28 |
+ $query = $mysqli->prepare("SELECT id, exten_for_external, exten_for_ext_pass, conf_extension FROM external_users WHERE exten_for_external = ? AND exten_for_ext_pass = ? AND conf_extension = ?");
|
|
| 29 |
+ $query->bind_param("sss", $vconfExtension, $extenPassEnc, $recSipUser);
|
|
| 30 |
+ $query->execute(); |
|
| 31 |
+ $extqueryres = $query->get_result()->fetch_array(); |
|
| 32 |
+ |
|
| 33 |
+ if (!$extqueryres) {
|
|
| 34 |
+ |
|
| 35 |
+ http_response_code(400); |
|
| 36 |
+ exit(); |
|
| 37 |
+ |
|
| 38 |
+ } else {
|
|
| 39 |
+ |
|
| 40 |
+ // Process the download |
|
| 41 |
+ if (is_file($fileToDownload)) {
|
|
| 42 |
+ header('Content-Description: File Transfer');
|
|
| 43 |
+ header('Content-Type: application/octet-stream');
|
|
| 44 |
+ header('Content-Disposition: attachment; filename="' . basename($fileToDownload) . '"');
|
|
| 45 |
+ header('Expires: 0');
|
|
| 46 |
+ header('Cache-Control: no-cache, must-revalidate');
|
|
| 47 |
+ header('Pragma: public');
|
|
| 48 |
+ header('Content-Length: ' . filesize($fileToDownload));
|
|
| 49 |
+ flush(); |
|
| 50 |
+ readfile($fileToDownload); |
|
| 51 |
+ exit(); |
|
| 52 |
+ } else {
|
|
| 53 |
+ http_response_code(404); |
|
| 54 |
+ exit(); |
|
| 55 |
+ } |
|
| 56 |
+ |
|
| 57 |
+ } |
|
| 58 |
+ |
|
| 59 |
+} else {
|
|
| 60 |
+ header("Location: ../login.php");
|
|
| 61 |
+} |
|
| 62 |
+ |
|
| 63 |
+?> |