-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
protect.php
91 lines (64 loc) · 2.73 KB
/
protect.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
<?php
define('WP_USE_THEMES', false);
require_once('../../../wp-load.php');
$admin_user = false;
if( current_user_can('editor') || current_user_can('administrator') ) {
$admin_user = true;
}
$wp_upload_dir = wp_upload_dir();
$basedir = $wp_upload_dir['basedir'].'/patreon_protect';
$baseurl = $wp_upload_dir['baseurl'].'/patreon_protect';
$requested_file = '';
if(isset($_GET['file'])) {
$requested_file = $_GET['file'];
}
$file = rtrim($basedir,'/').'/'.str_replace('..', '', $requested_file);
$file_url = rtrim($baseurl,'/').'/'.str_replace('..', '', $requested_file);
if (!$basedir || !is_file($file) || !class_exists('Patreon_Wordpress') ) {
status_header(404);
die('404 — File not found.');
}
$wp_attachment = attachment_url_to_postid($file_url);
if($wp_attachment == false) {
$wp_attachment = Patreon_Protect::getAttachmentIDfromThumbnailURL($file_url);
}
if($wp_attachment) {
$attachment_meta = wp_get_attachment_metadata($wp_attachment);
} else {
status_header(404);
die('404 — File not found.');
}
$patreon_level = get_post_field('patreon_level', $wp_attachment);
if(empty($patreon_level)) {
$patreon_level = get_option('patreon-protect-default-image-patreon-level', 0);
}
$user_patronage = Patreon_Wordpress::getUserPatronage();
if( (float)$patreon_level != 0 && $admin_user == false && ($user_patronage == false || $user_patronage < ($patreon_level*100)) ) {
// $protected_image_placeholder = get_option('patreon-paywall-blocked-img-url', false);
Patreon_Protect::generateBlockedImagePlaceholder($patreon_level);
exit;
}
$mimetype = Patreon_Protect::getMimeType($file);
header( 'Content-Type: ' . $mimetype );
if ( false === strpos( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS' ) )
header( 'Content-Length: ' . filesize( $file ) );
$last_modified = gmdate( 'D, d M Y H:i:s', filemtime( $file ) );
$etag = '"' . md5( $last_modified ) . '"';
header( "Last-Modified: $last_modified GMT" );
header( 'ETag: ' . $etag );
header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' );
// Support for Conditional GET
$client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false;
if( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
$_SERVER['HTTP_IF_MODIFIED_SINCE'] = false;
$client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
$client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified ) : 0;
$modified_timestamp = strtotime($last_modified);
if ( ( $client_last_modified && $client_etag )
? ( ( $client_modified_timestamp >= $modified_timestamp) && ( $client_etag == $etag ) )
: ( ( $client_modified_timestamp >= $modified_timestamp) || ( $client_etag == $etag ) )
) {
status_header( 304 );
exit;
}
readfile( $file );