// This file will reside on the server doing the downloading // This file verifies that the person came from the NolaPro site legitimately // It then outputs the requested file // Path to downloadable files; not in the web root $pathtofiles = "/var/www/download_files/"; // Secret word that matches secret word on nolapro.com site define ('DOWNLOAD_KEY', 'klj3245 098 KL:JOIuy 098HJKyh87^ 98hUH(*&0 54 63%$B%$ l3jkhkj lhtrRThpPR'); //Define the files for the productids $product[1] = "NOLAPRO-AMP.exe"; //Windows $product[2] = "nolapro.tgz"; //Linux $product[3] = "nolapro_update.exe"; //Windows $product[4] = "nolapro_update.tgz"; //Linux //Check to see the file they want to download, the user id and the date $product_id = $_GET['product_id']; $server_id = $_GET['server_id']; $id = $_GET['id']; $t = $_GET['t']; $v = $_GET['v']; //Make sure the date is within the last 2 minutes if (time() - $t > 120) { echo "This link has expired."; die(); } //Create an md5 string to make sure this is valid $md5 = md5($product_id.$server_id.$t.$id.DOWNLOAD_KEY); if ($md5 != $v) { echo "You are not authorized to access this file."; die(); } $product_index = floor($product_id/1000); // Translate from 1000, 2000, etc to 1, 2, etc //Begin downloading the file if (isset($product[$product_index])) { $downloadfile = $pathtofiles.$product[$product_index]; if (!file_exists($downloadfile)) { spitouterror(); die(); } $filesize = filesize($downloadfile); header('Content-type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.$product[$product_index].'"'); header("Content-Length: $filesize"); readfile($downloadfile, "r"); // Once this is done then send a message back to the calling server $new_t = time(); $new_v = md5($new_t.$id.DOWNLOAD_KEY); $fieldarr = array( "response" => "1", "t" => $new_t, "id" => $id, "v" => $new_v, ); $urlarray = array(); foreach ($fieldarr as $key => $value) { $urlarray[] = "$key=".urlencode($value); } $fields = implode("&", $urlarray); //Start curl session $url = "http://www.nolapro.com/download/index.php"; $ch = curl_init($url); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_POSTFIELDS, $fields); // set the fields to post curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // make sure we get the response back curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); $buffer = curl_exec($ch); curl_close($ch); } else { spitouterror(); } function spitouterror() { echo "