9673d9be7b
- Added software.php for managing software versions, including download and purchase actions. - Created upgrade_paths.php for handling upgrade paths management. - Developed user_licenses.php for managing user licenses. - Introduced version_access_rules.php for managing access rules for software versions. - Implemented frontend functions in functions.js for interacting with the software upgrade API. - Added version_access.php for user access validation and license management. - Created upgrades.php for displaying available upgrades and handling user interactions. - Enhanced UI with responsive design and progress indicators for downloads and purchases.
95 lines
2.2 KiB
PHP
95 lines
2.2 KiB
PHP
<?php
|
|
defined($security_key) or exit;
|
|
|
|
//------------------------------------------
|
|
// Secure Software Download
|
|
//------------------------------------------
|
|
|
|
//Connect to DB
|
|
$pdo = dbConnect($dbname);
|
|
|
|
$token = $_GET['token'] ?? null;
|
|
|
|
if (!$token) {
|
|
http_response_code(400);
|
|
exit('Invalid request');
|
|
}
|
|
|
|
// Validate token
|
|
$tokenData = validateDownloadToken($pdo, $token);
|
|
if (!$tokenData) {
|
|
http_response_code(403);
|
|
exit('Invalid or expired token');
|
|
}
|
|
|
|
// Get file details
|
|
$stmt = $pdo->prepare("SELECT * FROM software_versions WHERE id = ?");
|
|
$stmt->execute([$tokenData['version_id']]);
|
|
$version = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if (!$version) {
|
|
http_response_code(404);
|
|
exit('File not found');
|
|
}
|
|
|
|
// Invalidate token after use (one-time use)
|
|
invalidateToken($pdo, $token);
|
|
|
|
// Stream the file
|
|
$filePath = $version['file_path']; // e.g., '/var/www/secure_files/update_v2.0.zip'
|
|
|
|
if (!file_exists($filePath)) {
|
|
http_response_code(404);
|
|
exit('File not found on server');
|
|
}
|
|
|
|
// Set headers for file download
|
|
header('Content-Type: application/octet-stream');
|
|
header('Content-Disposition: attachment; filename="' . basename($version['filename']) . '"');
|
|
header('Content-Length: ' . filesize($filePath));
|
|
header('Cache-Control: no-cache, must-revalidate');
|
|
header('Pragma: no-cache');
|
|
header('Expires: 0');
|
|
|
|
// Stream file in chunks to handle large files
|
|
$handle = fopen($filePath, 'rb');
|
|
while (!feof($handle)) {
|
|
echo fread($handle, 8192);
|
|
flush();
|
|
}
|
|
fclose($handle);
|
|
exit;
|
|
|
|
// Helper functions for token management
|
|
function validateDownloadToken($pdo, $token) {
|
|
$stmt = $pdo->prepare(
|
|
"SELECT user_id, version_id, expires_at, used
|
|
FROM download_tokens
|
|
WHERE token = ?"
|
|
);
|
|
$stmt->execute([$token]);
|
|
$tokenData = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if (!$tokenData) {
|
|
return false;
|
|
}
|
|
|
|
// Check if expired
|
|
if (strtotime($tokenData['expires_at']) < time()) {
|
|
return false;
|
|
}
|
|
|
|
// Check if already used
|
|
if ($tokenData['used']) {
|
|
return false;
|
|
}
|
|
|
|
return $tokenData;
|
|
}
|
|
|
|
function invalidateToken($pdo, $token) {
|
|
$stmt = $pdo->prepare("UPDATE download_tokens SET used = 1 WHERE token = ?");
|
|
$stmt->execute([$token]);
|
|
}
|
|
|
|
?>
|