DaddyScripts.com

Collection of Daddy's scripts!
http://forum.daddyscripts.com/

File password feature problem

http://forum.daddyscripts.com/viewtopic.php?f=33&t=316

Page 1 of 1

File password feature problem

PostPosted: Sun Oct 23, 2011 6:07 pm
by test
I'm using DFH v1.2.2.

When I enter a file password, and then upload it, it's ok.
But when I'm trying to download the file - it takes me back to the start page (the one that you see the normal users and the members comparison table). Long story short - When I enter the correct password I'm getting back to download.php?file=blahblahblah

Funny thing is, that when I go to the admin panel, then re-enable the "file password" feature, saves the settings, and then tries to download the same file, with the same correct password - I can get to the captcha screen, but it only happens with the same browser window that I've used to edit the settings, and I think also probably because I'm still logged in as admin.

I've tried setting config.php's permission 666, and even 777, but it does not help.

Please help, thanks.

Re: File password feature problem

PostPosted: Mon Oct 24, 2011 2:36 am
by SamEA
Please post or PM me your URL in order to know exactly what goes wrong.

Re: File password feature problem

PostPosted: Tue Oct 25, 2011 1:08 pm
by test
Sent you a PM... Thanks.

Re: File password feature problem

PostPosted: Tue Oct 25, 2011 4:34 pm
by SamEA
test wrote:Sent you a PM... Thanks.


Thank you for your PM. Will do a fresh install myself and see if this error message occurs when near a PC.

Re: File password feature problem

PostPosted: Fri Nov 04, 2011 3:17 am
by SamEA
This is a bug within DFH v1.2.2.

To fix this bug, replace download.php with the following:
Code: Select all
<?php
///////////////////////////////////////////////////////////////////////////
//  Product: Daddy's File Host               
//  Version: 1.2                       
//                        
// by DaddyScripts.com                  
//                               
// original source code by Jim (j-fx.ws) and Steven (galaxyscripts.com)
//////////////////////////////////////////////////////////////////////////

require_once("./config.php");
include("./header.php");

if(in_array($language, $LANGUAGE_LIST)) {
  include('./lang/'.$language.'.php');
} else {
  include('./lang/'.$LANGUAGE_LIST[0].'.php');
}

if (is_file('./files/'.$_GET['file'] .'.dfh')){
}else{
echo "<center><b>$lang[inlink]</center></b><br />";
?> <META HTTP-EQUIV="Refresh"
      CONTENT="10; URL=index.php"> <?
include("./squareads.php");?><p><?

echo "<center><b>$lang[uwbr]</center></b><br />";
  ?></center></td></tr></table><p style="margin:3px;text-align:center"><?
include("./footer.php");
  die();
}

if (isset($_SESSION['user'])){
emailcheck();
if ($ucontent[5] == "true"){
$_SESSION['emailactcheck'] = "ok";
}
}
if (isset($_GET['del']) || $_SESSION['emailactcheck'] == "ok" || $_SESSION['user'] == "admin" || isset($_POST['pass']) || $_SESSION['randno'] == $_POST['access'] && isset($_SESSION['randno'])){
unset($_SESSION['randno']);

$rand1 =rand(0,9);
$rand2 =rand(0,9);
$rand3 =rand(0,9);
$rand4 =rand(0,9);
$rand5 =rand(0,9);
$rand6 =rand(0,9);
$secrandcode = $rand1. $rand2. $rand3. $rand4. $rand5. $rand6;

$bans=file("./secure/bans.dfh");
foreach($bans as $line)
{
  if ($line==$_SERVER['REMOTE_ADDR']){
?>
<center><table style='margin-top:20px;width:790px;height:400px;'><tr><td style='border:1px #AAAAAA solid;height:100%;background-color:#FFFFFF;padding:20px;text-align:left;' valign=top><?
    echo "$lang[younallow]";
?></center></td></tr></table><p style="margin:3px;text-align:center"><?
    include("./footer.php");
    die();
  }
}

if(isset($_GET['file'])) {
  $filecrc = $_GET['file'];
} else {
?>

<?
?>
<center><table style='margin-top:20px;width:790px;height:400px;'><tr><td style='border:1px #AAAAAA solid;height:100%;background-color:#FFFFFF;padding:20px;text-align:left;' valign=top><?
  echo "$lang[inlink] <br />";
?></center></td></tr></table><p style="margin:3px;text-align:center"><?
  include("./footer.php");
  die();
}

$foundfile=0;
if (file_exists("./files/".$filecrc.".dfh")) {
   $fh1=fopen("./files/".$filecrc.".dfh",r);
   $foundfile= explode('|', fgets($fh1));
   fclose($fh1);
}
{
  $thisline = explode('|', $line);
  if ($thisline[0]==$filecrc){
    $foundfile=$thisline;
  }
}

if(isset($_GET['del'])) {

$deleted=0;
$filecrc = $_GET['file'];
$filecrctxt = $filecrc . ".dfh";
$passcode = $_GET['del'];
if (file_exists("./files/".$filecrctxt)) {
   $fh2=fopen ("./files/".$filecrctxt,r);
   $thisline= explode('|', fgets($fh2));
   if($thisline[2] == $passcode){
$deleted=1;
fclose($fh2);
      if($thisline[10] <> ""){
      unlink("./userfiles/files/" .$thisline[10] ."/" .$filecrctxt);
      }
      unlink("./files/".$filecrctxt);
   }

}

if($deleted==1){
unlink("./storage/".$_GET['file']);
?>
<?
echo "<center><b>$lang[ufwd]</b></center><br />";
?> <META HTTP-EQUIV="Refresh"
      CONTENT="10; URL=index.php"> <?
include("./squareads.php");?><p><?

echo "<center><b>$lang[uwbr] </center></b><br />";
} else {
?><?
echo "<center><b>$lang[indlink2] </b></center><br />";
?> <META HTTP-EQUIV="Refresh"
      CONTENT="10; URL=index.php"> <?
include("./squareads.php");?><p><?

echo "<center><b>$lang[uwbr] </center></b><br />";
}
?></center></td></tr></table><p style="margin:3px;text-align:center"><?
include("./footer.php");
die();

}

if($foundfile==0) {
?> <?
  echo "<center><b>$lang[inlink]</center></b><br />";
?> <META HTTP-EQUIV="Refresh"
      CONTENT="10; URL=index.php"> <?
include("./squareads.php");?><p><?

echo "<center><b>$lang[uwbr]</center></b><br />";
  ?></center></td></tr></table><p style="margin:3px;text-align:center"><?
include("./footer.php");
  die();
}

if(isset($foundfile[7]) && $foundfile[7]!=md5("") && (!isset($_POST['pass']) || $foundfile[7] != md5($_POST['pass']))){
?> 
 <p> <?
echo "<form action=\"download.php?file=".$foundfile[0]."\" method=\"post\"><center><b>$lang[pw2] : </center></b><p><center><input type=\"password\" name=\"pass\"><p><center><input value=\"Enter\" type=\"submit\" /></form>";
?><p><center><? echo $lang[petc];?></center><?
?><p><p><?
include("./bottomads.php");
?></center></td></tr></table><p style="margin:3px;text-align:center"><?
include("./footer.php");
die();
}
?>
<center>
 <? include("./ads.php");  ?>
<?

$filesize = filesize("./storage/".$foundfile[0]);
$filesize = $filesize / 1048576;

$userip=$_SERVER['REMOTE_ADDR'];
$time=time();

///////////////////////////////////////////TIMER////////////////////////////////////
if($filesize > $nodolimit) {
if(file_exists("./downloader/".$userip.".dfh"))
{

$downloaders = fopen("./downloader/".$userip.".dfh","r+");
flock($downloaders,2);

while (!feof($downloaders)) {
  $user[] = chop(fgets($downloaders,65536));
}

fseek($downloaders,0,SEEK_SET);
ftruncate($downloaders,0);

$youcantdownload = 0;
foreach ($user as $line) {
list($savedip,$savedtime) = explode('|',$line);
 if ($savedip == $userip) {
    if ($time < $savedtime + ($downloadtimelimit*60)) {
      $youcantdownload = 1;
     $downtimer = $time - $savedtime ;
     $counter = $downloadtimelimit*60 - $downtimer;
    }
  }

  if ($time < $savedtime + ($downloadtimelimit*60)) {
    fputs($downloaders,"$savedip|$savedtime\n");
  }
}


if($youcantdownload==1) {

echo "<h1><center>Download Time Limit</center></h1>";
       ?><script type="text/javascript">

var running = false
var endTime = null
var timerID = null
var totalMinutes = <?php echo $counter;?>;

function startTimer() {
    running = true
    now = new Date()
    now = now.getTime()
    endTime = now + (1000 * totalMinutes);
    showCountDown()
}

function showCountDown() {
    var now = new Date()
    now = now.getTime()
    if (endTime - now <= 0) {
       clearTimeout(timerID)
       window.location.reload()

    } else {
        var delta = new Date(endTime - now)
        var theMin = delta.getMinutes()
        var theSec = delta.getSeconds()
        var theTime = theMin
        theTime += ((theSec < 10) ? ":0" : ":") + theSec
        document.getElementById('SessionTimeCount').innerHTML = 'Please wait ( <font color="#FF0000">' + theTime + '</font> ) Minutes for Download'
        if (running) {
            timerID = setTimeout("showCountDown()",1000)
        }
    }
}

window.onload=startTimer
</script>


<center><span id="SessionTimeCount"></span></center><br />
 <?

       include("./bottomads.php");
?><td><tr><table><?
       include("./footer.php");
      die();

}

}
}
///////////////////////////////////////////TIMER///////////////////////



$fsize = 0;
$fsizetxt = "";
  if ($filesize < 1)
  {
     $fsize = round($filesize*1024,0);
     $fsizetxt = "".$fsize." KB";
    $check1 = "KB";
  }
  else
    {
     $fsize = round($filesize,2);
     $fsizetxt = "".$fsize." MB";
$check1 = "MB";
  }

?>
<p>
<?
$quantity= $foundfile[5] * $fsizetxt;
$d=$descriptionoption;
switch ($d)
{
case false:
 $test="";
  break;
case true:
  $test= "$lang[fd6]";
  break;
default:
  echo ""; }
$f=$foundfile[6];
if ($f=="")
  $test2= "None";
else
  $test2= "$foundfile[6]";
$e=$descriptionoption;
switch ($e)
{
case false:
 $test4="";
  break;
case true:
  $test4= "$test2";
  break;
default:
  echo ""; }
$top = 1;
include ('./styles/'.$style.'/download.php');
$randcounter = rand(100,999);
?>
   <form id="form">
  <script>
function refreshh() {
window.location='<?php echo $scripturl . "download.php?file=" .$foundfile[0]; ?>';
}

function checksubmit()
{
if (document.getElementById("form").scode.value == <?php echo $secrandcode; ?> )
{
window.location='<?php echo $scripturl. "download2.php?a=" . $filecrc . "&b=" . md5($foundfile[2].$_SERVER['REMOTE_ADDR']) ?>';
window.setTimeout("refreshh()", 3000);
return false;
}
else
{
alert("ERROR:\n Securitycode was wrong!\n Please input the right Securitycode to download the File!");
window.location='<?php echo $scripturl . "download.php?file=" .$foundfile[0]; ?>';
}

}
</script>
<br>
<table cellspacing=2 cellpadding=2 border=0 height=16 width="250"><tr><td align=center background="img/captcha-a.png"><font color="#C0C0C0" size="5"><b><font face=times new roman><?php echo $secrandcode;?></td><td> Securitycode: <font size=1><strong><input type="text" name="scode" size="4" /></tr></table>
</form>
<p><div id="dl" align="center">

<?php

if($downloadtimer == 0) {
echo "<input type=\"button\" value=\"".$lang[dl_file_now]."\" onClick=window.location=\"".$scripturl. "download2.php?a=" . $filecrc . "&b=" . md5($foundfile[2].$_SERVER['REMOTE_ADDR'])."\">";
} else { ?>
<? echo $lang[nenjava];?>

<?php } ?>
</div>
<script language="Javascript">
x<?php echo $randcounter; ?>=<?php echo $downloadtimer; ?>;
function countdown()
{
 if ((0 <= 100) || (0 > 0))
 {
  x<?php echo $randcounter; ?>--;
  if(x<?php echo $randcounter; ?> == 0)
  {
document.getElementById("dl").innerHTML = '<input type="submit" value="<? echo $lang[dl_file_now];?>" onClick="checksubmit()" onClick="window.location=\'<?php echo $scripturl . "download2.php?a=" . $filecrc . "&b=" . md5($foundfile[2].$_SERVER['REMOTE_ADDR']) ?>\'">';
  }
  if(x<?php echo $randcounter; ?> > 0)
  {
 document.getElementById("dl").innerHTML = '<? echo $lang[dl_ticket];?><br><? echo $lang[dl_file_now1];?> <font color=#FF0000><b> '+x<?php echo $randcounter; ?>+'</b></font> <? echo $lang[dl_file_now2];?>...';
   setTimeout('countdown()',1000);
  }
 }
}
countdown();
</script><p>
<?php
$top = 0;
include ('./styles/'.$style.'/download.php');
include("./bottomads.php");
?>
 </td></tr></table></center>
<?php
include("./footer.php");
?>
<?
        $foo = '';

        if (!empty($_GET))
        {
                $foo .= '?';
                foreach ($_GET as $key => $val)
               {
                          $foo .= $key . '=' . $val;
               }
        }
$zufall = rand(10000000,99999999);
$ip=$_SERVER['REMOTE_ADDR'];
$host = gethostbyaddr($ip);
$datum = date("d.m.Y",time());
$uhrzeit = date("H:i",time());
$link = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["PHP_SELF"] . $foo;
$filename =  $foundfile[1];
$refferer = $_SERVER["HTTP_REFERER"];


$newfile = "./dl/".$zufall.".db";
$f=fopen($newfile, "w");
fwrite ($f,$ip."|".$host."|".$datum."|".$uhrzeit."|".$link."|".$filename."|".$refferer);
fclose($f);
chmod($newfile,0777);
}else{
$_SESSION['randno'] = md5(rand(1,100));
   $fop =  fopen('./files/' .$_GET['file'] .'.dfh', 'r');
   $foundfile = fread($fop, '999');
   fclose($fop);
   $foundfile = explode("|", $foundfile);
?>
<p align="center"><b><?php echo $lang[downloadattempt];?> <?php echo $foundfile[1];?></b></p>
<?php
include ('./styles/'.$style.'/comparison_table.php');
include('footer.php');
}
?>

Re: File password feature problem

PostPosted: Fri Nov 04, 2011 11:41 pm
by test
Great news! Thanks!
I'll check the fix soon, and apply it. :)

Thanks again!

Re: File password feature problem

PostPosted: Thu Nov 17, 2011 10:53 pm
by iheartbreakz
i have some changes on my download.php can you tell me what exact part you changed?

Re: File password feature problem

PostPosted: Mon Nov 21, 2011 12:30 pm
by SamEA
Changed
Code: Select all
if (isset($_GET['del']) || $_SESSION['emailactcheck'] == "ok" || $_SESSION['user'] == "admin" || $_SESSION['randno'] == $_POST['access'] && isset($_SESSION['randno'])){

to
Code: Select all
if (isset($_GET['del']) || $_SESSION['emailactcheck'] == "ok" || $_SESSION['user'] == "admin" || isset($_POST['pass']) || $_SESSION['randno'] == $_POST['access'] && isset($_SESSION['randno'])){


The only modification applied in that line, is that
Code: Select all
isset($_POST['pass'])
was added.