This repository has been archived by the owner on Oct 12, 2019. It is now read-only.
forked from Obihoernchen/DirectoryLister
-
Notifications
You must be signed in to change notification settings - Fork 1
/
securekey.php
107 lines (94 loc) · 3.13 KB
/
securekey.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
<?php
// A script to generate unique download keys for the purpose of protecting downloadable goods
require ('dbconnect.php');
// Get the filename given by directory linker
$fileget = $_GET["file"];
// Prevent downloading outside of directory listing bounds
if (substr($fileget, 0, 1) == '/' || !isset($_GET['file'])) {
echo '<META HTTP-EQUIV="Refresh" Content="2; URL=index.php">';
} else {
$file = $fileget;
}
if(empty($_SERVER['REQUEST_URI'])) {
$_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'];
}
// Strip off query string so dirname() doesn't get confused
$url = preg_replace('/\?.*$/', '', $_SERVER['REQUEST_URI']);
$folderpath = 'http://'.$_SERVER['HTTP_HOST'].'/'.ltrim(dirname($url), '/');
// Add some salt
$s1 = md5('GetFilesToday134364529193sad5He%#ll##@@!oSa#ltmy12!@$@');
$s2 = rand();
$s3 = $s1.md5($s2.rand().$s1).$s1;
// Generate the unique download key
$key = $s1.$s3.uniqid(md5(rand())).$s2;
// Get the activation time
$time = date('U');
// Write the key and activation time to the database as a new row.
$registerid = mysql_query("INSERT INTO downloadkey (uniqueid,timestamp,filename) VALUES(\"$key\",\"$time\",\"$file\")") or die(mysql_error());
// Create the filename
function curPageURL() {
$pageURL = 'http';
if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
$pageURL .= "://";
if ($_SERVER["SERVER_PORT"] != "80") {
$pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
} else {
$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
}
return $pageURL;
}
?>
<DOCUTYPE html>
<head>
<title> Sick Files </title>
<script type="text/javascript">
window.setTimeout(function() {
location.href = 'index.php';
}, 10000);
</script>
</script>
</head>
<body>
<p>
<center>
<script type="text/javascript"><!--
google_ad_client = "ca-pub-1176090905311710";
/* DirectoryLister-GH */
google_ad_slot = "4739112259";
google_ad_width = 728;
google_ad_height = 90;
//-->
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
<br>
<br>
<?php
$filename = basename($file);
$filemd5 = $file . ".md5";
$ext = pathinfo($filename, PATHINFO_EXTENSION);
echo "<a href=\"$data\">$filename</a>";
echo "<br><br>";
$query = sprintf("SELECT * FROM md5sums WHERE filename= '%s'",
mysql_real_escape_string($file));
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
if (!$row) {
$md5 = md5_file($file);
$sqlread = mysql_query("INSERT INTO md5sums (filename,md5) VALUES(\"$file\",\"$md5\")") or die(mysql_error());
echo "MD5: " . $md5;
}else{
echo "MD5: " . $row['md5'];
}
echo "<br><br>";
echo "Redirecting in 10 seconds"; ?> </p>
<p>Click here if you are not redirected automatically in 10 seconds<br/>
<a href="index.php">Get More Files</a>.
</p>
<?php
// Redirect to the download
echo '<META HTTP-EQUIV="Refresh" Content="2; URL=download.php?id=' . $key . '">';
//show HTML below for 5 seconds
?>
</body>
</html>