| Server IP : 192.169.170.185 / Your IP : 216.73.216.97 Web Server : Apache System : Linux p3plmcpnl495852.prod.phx3.secureserver.net 4.18.0-553.52.1.lve.el8.x86_64 #1 SMP Wed May 21 15:31:29 UTC 2025 x86_64 User : akhilnew ( 1712764) PHP Version : 5.6.40 Disable Function : NONE MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /home/akhilnew/public_html/dermatologypaper.com/ |
Upload File : |
<?php
require_once 'inc/config.php';
// Sanitize incoming data using real_escape_string to prevent SQL injection
$year = isset($_GET['year']) ? $mysqli->real_escape_string($_GET['year']) : false;
$volume = isset($_GET['volume']) ? $mysqli->real_escape_string($_GET['volume']) : false;
$issue = isset($_GET['issue']) ? $mysqli->real_escape_string($_GET['issue']) : false;
$part = isset($_GET['part']) ? $mysqli->real_escape_string($_GET['part']) : false;
$file = isset($_GET['file']) ? $mysqli->real_escape_string($_GET['file']) : false;
// Check if all required parameters are provided
if (!$year || !$volume || !$issue || !$part || !$file) {
http_response_code(400); // Bad request
echo "Invalid parameters.";
exit;
}
$stmt = $mysqli->prepare("SELECT * FROM archives WHERE year = ? AND volume = ? AND issue = ? AND part = ? AND (file = ? OR supplementaryfile = ?) AND status = 'enabled'");
$stmt->bind_param('sissss', $year, $volume, $issue, $part, $file, $file);
$stmt->execute();
$stmt->store_result();
$count_rows = $stmt->num_rows();
$stmt->close();
// Check if any row was returned
if ($count_rows == 1) {
// Data exists in the database
// Proceed to serve the file
// Define the directory where files are stored
$pdfDir = __DIR__ . "/uploads/archives/";
$filePath = realpath($pdfDir . $file);
// Ensure the file exists
if (!file_exists($filePath)) {
http_response_code(404); // Not found
echo "File not found.";
exit;
}
$stmt = $mysqli->prepare("UPDATE archives SET views = views + 1, downloads = downloads + 1 WHERE (file = ? OR supplementaryfile = ?) AND status = 'enabled'");
$stmt->bind_param('ss', $file, $file);
$stmt->execute();
$stmt->close();
$mysqli->close();
// Get file extension
$fileExtension = strtolower(pathinfo($filePath, PATHINFO_EXTENSION));
// Define MIME types for common file types
$mimeTypes = [
'pdf' => 'application/pdf',
'doc' => 'application/msword',
'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
'xls' => 'application/vnd.ms-excel',
'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
'ppt' => 'application/vnd.ms-powerpoint',
'pptx' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
'zip' => 'application/zip',
'rar' => 'application/x-rar-compressed',
'jpg' => 'image/jpeg',
'jpeg' => 'image/jpeg',
'png' => 'image/png',
'gif' => 'image/gif',
'txt' => 'text/plain',
];
// Get content type
$contentType = isset($mimeTypes[$fileExtension]) ? $mimeTypes[$fileExtension] : 'application/octet-stream';
// Prevent browser from caching
header('Expires: 0');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
// Set content type
header('Content-Type: ' . $contentType);
// PDF: inline (browser mein dikhe), Others: attachment (download ho)
if ($fileExtension === 'pdf') {
header('Content-Disposition: inline; filename="' . basename($filePath) . '"');
} else {
header('Content-Disposition: attachment; filename="' . basename($filePath) . '"');
}
header('Content-Length: ' . filesize($filePath));
// Output the file content to the browser
readfile($filePath);
exit;
} else {
// No matching data found in the database
http_response_code(404); // Not found
echo "The requested data does not exist in the archives.";
exit;
}