<?php
/**
 * CWC application
 *
 * @project     CWC
 * @revision    $Id: download.phtml,v 1.20 2004/12/01 15:44:12 pspencer Exp $
 * @purpose     This page forces a download.
 * @author      William A. Bronsema, C.E.T. (bronsema@dmsolutions.ca)
 * @copyright
 * <b>Copyright (c) 2001, DM Solutions Group Inc.</b>
 * Permission is hereby granted, free of charge, to any person obtaining a
 * copy of this software and associated documentation files (the "Software"),
 * to deal in the Software without restriction, including without limitation
 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
 * and/or sell copies of the Software, and to permit persons to whom the
 * Software is furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included
 * in all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 * DEALINGS IN THE SOFTWARE.
 */

/*****************************************************************************
 * $Log: download.phtml,v $
 * Revision 1.20  2004/12/01 15:44:12  pspencer
 * bug 797: cleaned up code
 *
 * Revision 1.19  2004/11/12 14:48:01  yassefa
 * Remove a test on file name that was blocking valid cases.
 *
 * Revision 1.18  2004/11/02 00:40:02  pspencer
 * bug MT 761: removed extra echo that caused download to fail.
 *
 * Revision 1.17  2004/10/28 19:29:56  pspencer
 * bug DM 3242: actually apply URL to download :( and clean up extraneous functions ...
 *
 * Revision 1.16  2004/10/28 19:00:18  pspencer
 * bug DM 3242: clean URL before downloading to prevent errors from interferring with download
 *
 * Revision 1.15  2004/10/25 17:21:06  pspencer
 * bug MT 758: fixed invalid variable reference that caused notices to appear before HTML headers, causing download to fail.
 *
 * Revision 1.14  2004/08/05 17:45:14  pspencer
 * bug DM-2951: fix problems with downloading contexts and downloads in general when configuration files have absolute URLs in them.
 *
 * Revision 1.13  2003/10/27 20:46:19  sfournier
 * Overwrite main branch with 1.1 stuff
 *
 * Revision 1.9  2003/01/24 19:40:53  daniel
 * Use readfile() instead of passthru() to return the file
 *
 * Revision 1.8  2003/01/07 18:34:39  bronsema
 * Added legend
 *
 * Revision 1.7  2003/01/03 18:51:01  bronsema
 * Moved the download file capabiltiy to the production page.
 *
 * Revision 1.6  2002/11/28 20:42:28  daniel
 * Fixed a typo and added missinf fclose() call
 *
 * Revision 1.5  2002/11/28 19:10:03  sacha
 * add comment to download.phtml
 *
 * Revision 1.4  2002/11/28 15:15:29  sacha
 * fixed download security FLAWN
 *
 * Revision 1.3  2002/11/28 04:16:05  pspencer
 * started changing for security stuff
 *
 * Revision 1.2  2002/11/26 16:39:44  sacha
 * use download.phtml in DownloadContext
 *
 * Revision 1.1  2002/11/25 19:55:59  sacha
 * added download preview.
 *
 * Revision 1.2  2002/07/05 02:22:46  bronsema
 * Removed dependancy on register_globals setting to be on.
 *
 * Revision 1.1  2002/06/26 03:23:29  bronsema
 * Initial addition
 *
 *****************************************************************************/
/*****************************************************************************
 *
 * NOTE: passing a filename in the URL is no longer supported for security
 * reasons.  You must pass sid=<sessionid> and set the following in the
 * session:
 *
 * $_SESSION['DOWNLOADFILE'] = 'path-to-file'
 * 
 * $_SESSION['DOWNLOADFILE_SAVEAS'] = 'filename' as a hint to the client
 * to name the file a certain way (doesn't always work)
 */
 

$szFileName = '';
$szSaveAs = '';
$szURL = '';

if (isset($_REQUEST['sid']))
{
    include_once( 'session.inc.php' );
    
    if (isset($_SESSION['DOWNLOADFILE']))
        $szFileName = $_SESSION['DOWNLOADFILE'];
    if (isset($_SESSION['DOWNLOADFILE_SAVEAS']))
        $szSaveAs = $_SESSION['DOWNLOADFILE_SAVEAS'];
    if (isset($_SESSION['DOWNLOAD_URL']))
        $szURL = $_SESSION['DOWNLOAD_URL'];
        
     unset($_SESSION['DOWNLOADFILE']);
     unset($_SESSION['DOWNLOADFILE_SAVEAS']);
     unset($_SESSION['DOWNLOAD_URL']);
}
//make sure file_name is set.
if ($szFileName == '')
{
    echo "invalid download request";
    exit;
}
if ( stristr($szFileName, "http") !== false )
{
  //this is a valid case if the user has set tmp_web_path to
  //somethink like : http://127.0.0.1/ms_tmp/. No error
  //should be thrown. (File name is set using 
  // $szDownloadURL = $_SESSION["gszTmpWebPath"].$szTmpDLName; 
  //in preview.php
  //echo "file name $szFileName is not valid";
  //exit;
}
else
{
    $szFileName = "http://".$_SERVER['HTTP_HOST']."/".$szFileName;
    //echo $szFileName;
}

$aURL = parse_url($szFileName);
/*
scheme - e.g. http 
host 
port 
user 
pass 
path 
query - after the question mark ? 
fragment - after the hashmark # 
*/
$szURL = $aURL['scheme']."://";
if (isset($aURL['user']) && $aURL['user'] != '')
{
    $szURL .= $aURL['user'];
    if (isset($aURL['pass']) && $aURL['pass'] != '')
    {
        $szURL .= ":".$aURL['pass'];
    }
    $szURL .= "@";
}
$szURL .= $aURL['host'];
if (isset($aURL['port']) && $aURL['port'] != '' && $aURL['port'] != '80')
{
    $szURL .= ":".$aURL['port'];
}

$aURL['path'] = iterate_str_replace( "\\\\", "\\", $aURL['path'] );
$aURL['path'] = iterate_str_replace( "\\", "/", $aURL['path'] );
$aURL['path'] = iterate_str_replace( "//", "/", $aURL['path'] );
$szURL .= $aURL['path'];

if (isset($aURL['query']) && $aURL['query'] != '')
{
    $szURL .= "?".$aURL['query'];
}
if (isset($aURL['fragment']) && $aURL['fragment'] != '')
{
    $szURL .= "#".$aURL['fragment'];
}

header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
                                             // always modified
header("Cache-Control: no-store, no-cache, must-revalidate");  // HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");                          // HTTP/1.0
header( "Content-type: application/octet-stream" );
header( "Content-Disposition: attachment; filename=$szSaveAs" );
readfile( $szURL );

function iterate_str_replace( $szPattern, $szReplacement, $szString )
{
    $szResult = $szString;
    do
    {
        $szString = $szResult;
        $szResult = str_replace ($szPattern, $szReplacement, $szString);
    }
    while ($szResult != $szString);

    return $szResult;
    
}
?>