. //////////////////////////////////////////////////////////////////////////////// // modified 21/july/2011 by cassio@ime.usp.br ob_start(); session_start(); require_once("globals.php"); if(!ValidSession()) { echo "View Page"; InvalidSession("filewindow.php"); echo ""; exit; } if(!isset($_GET["oid"]) || !is_numeric($_GET["oid"]) || !isset($_GET["filename"]) || !isset($_GET["check"]) || $_GET["check"]=="") { echo "View Page"; IntrusionNotify("Bad parameters in filewindow.php"); echo ""; exit; } $cf = globalconf(); $fname = decryptData(myrawurldecode($_GET["filename"]), session_id() . $cf["key"]); $msg = ''; if(isset($_GET["msg"])) $msg = myrawurldecode($_GET["msg"]); $p = myhash($_GET["oid"] . $fname . $msg . session_id() . $cf["key"]); if($p != $_GET["check"]) { echo "View Page"; IntrusionNotify("Parameters modified in filewindow.php"); echo ""; exit; } require_once("db.php"); if ($_GET["oid"]>=0) { $c = DBConnect(); DBExec($c, "begin work"); if (($lo = DB_lo_open ($c, $_GET["oid"], "r")) === false) { echo "View Page"; DBExec($c, "rollback work"); LOGError ("Unable to download file (" . basename($fname) . ")"); MSGError ("Unable to download file (" . basename($fname) . ")"); echo ""; exit; } header ("Expires: " . gmdate("D, d M Y H:i:s") . " GMT"); header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header ("Cache-Control: no-cache, must-revalidate"); header ("Pragma: no-cache"); header ("Content-type: text/plain"); // echo "\n"; if($msg != '') { // echo "

".$_GET["msg"]."

"; echo $msg ."\n"; echo $msg ."\n"; echo $msg ."\n\n\n"; } // echo "

\n";
  if (DB_lo_read_tobrowser ($_SESSION["usertable"]["contestnumber"],$lo,$c) === false) {
        header ("Content-type: text/html");
	echo "View Page";
	DBExec($c, "rollback work");
	LOGError ("Unable to open file (" . basename($fname) . ")");
	MSGError ("Unable to open file (" . basename($fname) . ")");
	echo "";
	exit;
  }
  ob_end_flush();
//  echo "

\n"; DB_lo_close($lo); if($msg != '') { // echo "

".$_GET["msg"]."

"; echo "\n\n\n".$msg ."\n"; echo $msg ."\n"; echo $msg ."\n"; } DBExec($c, "commit work"); DBClose($c); } else { header ("Expires: " . gmdate("D, d M Y H:i:s") . " GMT"); header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header ("Cache-Control: no-cache, must-revalidate"); header ("Pragma: no-cache"); if (($str = file_get_contents($fname))===false) { header ("Content-type: text/html"); echo "View Page"; MSGError ("Unable to open file (" . basename($fname) . ")"); LOGError ("Unable to open file (" . basename($fname) . ")"); echo ""; exit; } header ("Content-type: text/plain"); echo decryptData($str, $cf["key"]); ob_end_flush(); } ?>