403Webshell
Server IP : 158.247.231.215  /  Your IP : 216.73.216.254
Web Server : Apache/2.4.41 (Ubuntu)
System : Linux CTMS 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User : www-data ( 33)
PHP Version : 8.0.30
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /mnt/blockstorage/ctms/api/custom-api/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /mnt/blockstorage/ctms/api/custom-api/vr-download-execute.php
<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, OPTIONS');
header("Access-Control-Allow-Headers: X-Requested-With, Content-Type, Authorization");

if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(200);
    exit();
}

// Load WordPress and auth helper
require_once('/mnt/blockstorage/ctms/wp-load.php');
require_once('auth-helper.php');

include('../database.php');

// Verify JWT token
$user_id = verify_jwt_token();

if (!$user_id) {
    send_error_response('User not authenticated', 401);
}

if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    try {
        $request_id = isset($_GET['request_id']) ? intval($_GET['request_id']) : 0;
        $user_id = isset($_GET['user_id']) ? intval($_GET['user_id']) : 0;

        if ($request_id <= 0) {
            throw new Exception('request_id is required');
        }
        if ($user_id <= 0) {
            throw new Exception('user_id is required');
        }

        // Get request with version and content info
        $sql = "SELECT
                    r.*,
                    c.title as content_title,
                    v.version_number,
                    v.pico_apk_path,
                    v.quest_apk_path
                FROM vr_download_requests r
                INNER JOIN vr_contents c ON r.content_id = c.id
                INNER JOIN vr_content_versions v ON r.version_id = v.id
                WHERE r.id = $request_id
                  AND r.user_id = $user_id";

        $result = $conn->query($sql);

        if (!$result || $result->num_rows === 0) {
            throw new Exception('Download request not found');
        }

        $request = $result->fetch_assoc();

        // Validate download permission
        if ($request['status'] !== 'approved') {
            throw new Exception('This request has not been approved yet');
        }

        if ($request['is_downloaded'] == 1) {
            throw new Exception('This file has already been downloaded. Please submit a new request if you need to download again.');
        }

        // Get APK path based on device type
        $apk_path_field = $request['device_type'] . '_apk_path';
        $apk_relative_path = $request[$apk_path_field];

        if (empty($apk_relative_path)) {
            throw new Exception('APK file not found for this device type');
        }

        $apk_full_path = '/mnt/blockstorage/ctms/vr-content-uploads/' . $apk_relative_path;

        if (!file_exists($apk_full_path)) {
            throw new Exception('APK file does not exist on server');
        }

        // Update download status BEFORE sending file (prevent multiple downloads)
        $update_sql = "UPDATE vr_download_requests
                       SET is_downloaded = TRUE, downloaded_at = NOW()
                       WHERE id = $request_id";

        if ($conn->query($update_sql) !== TRUE) {
            throw new Exception('Failed to update download status');
        }

        $conn->close();

        // Generate filename
        $filename = sanitize_filename($request['content_title']) . '_v' . $request['version_number'] . '_' . $request['device_type'] . '.apk';

        // Send file
        header('Content-Type: application/vnd.android.package-archive');
        header('Content-Disposition: attachment; filename="' . $filename . '"');
        header('Content-Length: ' . filesize($apk_full_path));
        header('Cache-Control: no-cache, must-revalidate');
        header('Pragma: no-cache');

        // Output file
        readfile($apk_full_path);
        exit();

    } catch (Exception $e) {
        $response = array(
            'status' => 'error',
            'message' => $e->getMessage()
        );
        header('Content-Type: application/json');
        http_response_code(400);
        echo json_encode($response);
    }

    if (isset($conn)) {
        $conn->close();
    }

} else {
    $response = array(
        'status' => 'error',
        'message' => 'Only GET requests are allowed'
    );
    header('Content-Type: application/json');
    http_response_code(405);
    echo json_encode($response);
}

function sanitize_filename($filename) {
    $filename = preg_replace('/[^a-zA-Z0-9-_.]/', '-', $filename);
    $filename = preg_replace('/-+/', '-', $filename);
    return $filename;
}
?>

Youez - 2016 - github.com/yon3zu
LinuXploit