403Webshell
Server IP : 43.141.49.107  /  Your IP : 113.219.202.44
Web Server : Apache
System : Linux VM-8-5-opencloudos 6.6.34-9.oc9.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Jun 19 19:35:45 CST 2024 x86_64
User : www ( 1000)
PHP Version : 8.1.27
Disable Function : passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /www/wwwroot/www.ucppt.com/wp-content/plugins/wpcom-member-pro/includes/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /www/wwwroot/www.ucppt.com/wp-content/plugins/wpcom-member-pro/includes/premium-download.php
<?php
namespace WPCOM\Member;
use WPCOM\Themer\Session;

defined('ABSPATH') || exit;

class Premium_Download {
    function __construct() {
        add_action('init', array($this, 'init'));
        add_action('wp_ajax_wpcom_get_premium_download', array($this, 'premium_download'));
        add_action('wp_ajax_nopriv_wpcom_get_premium_download', array($this, 'premium_download'));
        add_action('wp_ajax_wpcom_get_hidden_download', array($this, 'hidden_download'));
        add_action('wp_ajax_nopriv_wpcom_get_hidden_download', array($this, 'hidden_download'));
        add_action('set_comment_cookies', array( $this, 'set_comment_cookies'));

        add_action( 'load-post.php', array( $this, 'post_script') );
        add_action( 'load-post-new.php', array( $this, 'post_script') );

        add_action('wp_ajax_wpcom_get_premium_download_data', array($this, 'premium_download_data'));
        add_action('wp_ajax_nopriv_wpcom_get_premium_download_data', array($this, 'premium_download_data'));

        // 统计下载次数
        add_action('wp_ajax_wpcom_download_count', array($this, 'download_count'));
        add_action('wp_ajax_nopriv_wpcom_download_count', array($this, 'download_count'));

        add_action('wpcom_order_item_detail_premium-download', array($this, 'show_in_order'));
        add_filter('wpcom_order_item_url', array($this, 'order_item_url'), 10, 2);

        add_action('wp_ajax_wpcom_download_file', array($this, 'download_file'));
        add_action('wp_ajax_nopriv_wpcom_download_file', array($this, 'download_file'));

        add_filter('the_content', array($this, 'add_download_box'));

        if(defined('WWA_VERSION')){
            add_action('rest_api_init', array($this, 'for_rest_api') );
        }
    }

    public function init() {
        register_block_type('wpcom/premium-download', array(
            'render_callback' => function ($attr, $content) {
                global $wpcom_member, $wpmx_options;
                if(!isset($attr['title']) || trim($attr['title']) === ''){
                    $attr['title'] = get_the_title();
                }
                $attr['btn'] = isset($attr['btn']) && trim($attr['btn']) !== '' ? $attr['btn'] : (isset($wpmx_options['download_btn_text']) && trim($wpmx_options['download_btn_text']) !== '' ? $wpmx_options['download_btn_text'] : '立即下载');
                $attr['vip_btn'] = isset($wpmx_options['download_vip_btn_text']) && trim($wpmx_options['download_vip_btn_text']) !== '' ? $wpmx_options['download_vip_btn_text'] : '会员下载';
                $attr = apply_filters('wpcom_premium_download_attr', $attr);
                $output = $wpcom_member->load_template('premium-download', $attr);
                return '<div class="wp-block-wpcom-premium-download">' . $output . '</div>';
            }
        ));
        register_block_type('wpcom/hidden-download', array(
            'render_callback' => function ($attr, $content) {
                global $wpcom_member;
                if(!isset($attr['title']) || trim($attr['title']) === ''){
                    $attr['title'] = get_the_title();
                }
                $attr = apply_filters('wpcom_hidden_download_attr', $attr);
                $output = $wpcom_member->load_template('hidden-download', $attr);
                return '<div class="wp-block-wpcom-hidden-download">' . $output . '</div>';
            }
        ));
    }

    function post_script(){
        add_action('admin_print_footer_scripts', array($this, 'post_script_handle'), 20);
    }

    function post_script_handle(){ ?>
        <script>
            jQuery(function ($){
                const $body = $(document.body);
                $body.off('ready.dl_args', '#wpcom-metas, #wpcom-plugin-metas').on('ready.dl_args', '#wpcom-metas, #wpcom-plugin-metas', function (){
                    let $label = $('[for="wpcom_dl_args"]').closest('.form-group');
                    $('#wpcom_dl_args_tpl').trigger('change', ['']);
                    if($label.length && $label.find('.repeat-wrap').length){
                        setTimeout(function(){$('#wpcom_dl_args_tpl').trigger('change', ['0']);}, 0);
                    }
                    $body.off('delRepeat.dl_args', '.wpcom-panel-repeat').on('delRepeat.dl_args', '.wpcom-panel-repeat', function (){
                        $label = $('[for="wpcom_dl_args"]').closest('.form-group');
                        if($label.find('.repeat-wrap').length === 0){
                            $('#wpcom_dl_args_tpl').trigger('change', ['']);
                        }
                    });

                    $body.off('change.dl_args', '[name="_wpcom_dl_args_tpl"]').on('change.dl_args', '[name="_wpcom_dl_args_tpl"]', function (){
                        let val = $(this).val();
                        $label = $('[for="wpcom_dl_args"]').closest('.form-group');
                        if(val && val !== '0'){
                            if(window._themer_options && window._themer_options['wpmx_options'] && window._themer_options['wpmx_options']['dl_tpl_id']){
                                let index  = window._themer_options['wpmx_options']['dl_tpl_id'].indexOf(val);
                                $label.find('.wpcom-panel-repeat').trigger('repeat', [{
                                    dl_args_l: window._themer_options['wpmx_options']['dl_tpl_key'][index],
                                    dl_args_v: window._themer_options['wpmx_options']['dl_tpl_val'][index]
                                }]);
                            }
                        }
                    })
                });
            });
        </script>
    <?php }

    public function set_comment_cookies($comment){
        if($comment->comment_author_email){
            $comment_cookie_lifetime = time() + (int)apply_filters( 'comment_cookie_lifetime', 30000000 );
            $secure = ( 'https' === parse_url( home_url(), PHP_URL_SCHEME ) );
            setcookie( 'wpcom_comment_author_email_' . COOKIEHASH, $comment->comment_author_email, $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure );
        }
    }

    public function add_download_box($content){
        global $post;
        if ( (is_singular() && in_the_loop() && is_main_query()) || $this->is_rest_content() ) {
            $block = $this->generate_download_block($post);
            if($block) $content .= render_block($block);
        }
        return $content;
    }

    private function is_rest_content(){
        if(function_exists('WWA_is_rest') && WWA_is_rest()){
            $current_url = wp_parse_url( add_query_arg( array( ) ) );
            if($current_url['path'] && preg_match('/\/posts\/\d+$/i', $current_url['path'])){
                return true;
            }
            if(isset($current_url['query']) && $current_url['query']){
                $str = urldecode($current_url['query']);
                return preg_match('/\/posts\/\d+/i', $str);
            }
        }
    }

    public function premium_download() {
        $post_id = isset($_POST['post_id']) ? sanitize_text_field($_POST['post_id']) : 0;
        $res = $this->get_premium_download($post_id);
        wp_send_json($res);
    }

    public function hidden_download(){
        $post_id = isset($_POST['post_id']) ? sanitize_text_field($_POST['post_id']) : 0;
        $password = isset($_POST['password']) ? (string)$_POST['password'] : '';
        $id = $password && isset($_POST['id']) ? $_POST['id'] : '';
        $res = $this->get_hidden_download($post_id, $password, $id);
        wp_send_json($res);
    }

    function get_premium_download($post_id){
        global $post;
        $res = [];
        if($post_id && $post = get_post($post_id)){
            if(isset($post->ID)){
                $blocks = $this->get_premium_download_blocks($post);
                if($blocks && is_array($blocks)){
                    foreach ($blocks as $block){
                        if(isset($block['attrs']) && (isset($block['attrs']['price']) || isset($block['attrs']['vip_price']) || (isset($block['attrs']['vip']) && $block['attrs']['vip']) ) && isset($block['attrs']['id']) && $block['attrs']['id']){
                            $content_id = $post->ID . '::' . $block['attrs']['id'];
                            $order_id = Order::is_admin_free($post->ID);
                            if(!$order_id){
                                $vip_price = isset($block['attrs']['vip_price']) ? $block['attrs']['vip_price'] : array();
                                $price = isset($block['attrs']['vip']) && $block['attrs']['vip'] ? 0 : $block['attrs']['price'];
                                $order_id = VIP::is_vip_free($price, $vip_price, 'download') && VIP::is_vip_visable('premium-download/'.$content_id);
                            }
                            if(!$order_id) $order_id = Order::is_item_paid('premium-download', $content_id);
                            if($order_id && isset($block['attrs']['files']) && $block['attrs']['files']){
                                $res[$block['attrs']['id']] = $this->get_download_url($block['attrs']['files'], $content_id, 'premium');
                            }
                        }
                    }
                }
            }
        }
        return apply_filters('wpcom_get_premium_download', $res, $post_id);
    }

    function get_hidden_download($post_id, $password='', $id=''){
        global $post, $current_user;
        $res = array();
        if($post_id && $post = get_post($post_id)){
            if(isset($post->ID)){
                $blocks = $this->get_premium_download_blocks($post, 'hidden');
                if($blocks && is_array($blocks)){
                    foreach ($blocks as $block){
                        $show = 0;
                        if(isset($block['attrs']) && isset($block['attrs']['type']) && isset($block['attrs']['id']) && $block['attrs']['id']){
                            switch ($block['attrs']['type']){
                                case '0': // 回复
                                    $show = $this->is_comment();
                                    break;
                                case '1': // 登录
                                    $show = $current_user && isset($current_user->ID) && $current_user->ID;
                                    break;
                                case '2': // 用户组
                                    $show = $this->is_group($block);
                                    break;
                                case '3': // 口令
                                    $the_password = isset($block['attrs']['password']) ? $block['attrs']['password'] : '';
                                    $the_password = apply_filters('wpcom_unlock_password', $the_password, $post->ID, $block['attrs']);
                                    if($password && $id && $the_password === $password && $block['attrs']['id'] === $id){
                                        Session::set($post->ID . '_' . $block['attrs']['id'], 1);
                                        $show = 1;
                                    }else if(isset($block['attrs']['id']) && Session::get($post->ID . '_' . $block['attrs']['id']) == 1){
                                        $show = 1;
                                    }
                                    break;
                                case '-1': // 无需权限
                                    $show = 1;
                                    break;
                            }
                            if(isset($show) && $show && $block['attrs']['files']) {
                                $res[$block['attrs']['id']] = $this->get_download_url($block['attrs']['files'], $post->ID . '::' . $block['attrs']['id'], 'hidden');
                            }
                        }
                    }
                }
            }
        }
        return apply_filters('wpcom_get_hidden_download', $res, $post_id, $password, $id);
    }

    function is_comment(){
        global $post, $current_user;
        $show = 0;
        if($current_user && isset($current_user->ID) && $current_user->ID){
            $c_args = array(
                'post_id' => $post->ID,
                'user_id' => $current_user->ID,
                'count'   => true
            );
            if($post && $post->post_type === 'qa_post') $c_args['type'] = 'answer';
            $show = get_comments( $c_args );
        }else if(isset($_COOKIE['wpcom_comment_author_email_' . COOKIEHASH])){
            $email = urldecode($_COOKIE['wpcom_comment_author_email_' . COOKIEHASH]);
            if($email){
                $c_args = array(
                    'post_id' => $post->ID,
                    'author_email' => $email,
                    'count'   => true
                );
                if($post && $post->post_type === 'qa_post') $c_args['type'] = 'answer';
                $show = get_comments( $c_args );
            }
        }
        if($show) return true;
        return false;
    }

    function is_group($block){
        global $current_user;
        if($current_user && isset($current_user->ID) && $current_user->ID && isset($block['attrs']['user_group']) && is_array($block['attrs']['user_group'])){
            $group = wpcom_get_user_group($current_user->ID);
            if($group && in_array($group->term_id, $block['attrs']['user_group']) ){
                return true;
            }
        }
        return false;
    }

    function get_premium_download_blocks($post, $type = 'premium'){
        $blocks = parse_blocks($post->post_content);
        $res = $this->loop_blocks($blocks, $type);
        if((empty($blocks) || empty($res)) && class_exists(\WPCOM\Modules\Module::class)){
            $template = get_post_meta($post->ID, '_wp_page_template', true);
            if($template === 'page-home.php'){
                $blocks = WPCOM_MP_get_gutenberg_blocks($post->ID);
                if($blocks && !empty($blocks)) $res = $this->loop_blocks($blocks, $type);
            }
        }
        $block = $this->generate_download_block($post);
        if($block) $res[] = $block;
        return $res;
    }

    public static function generate_download_block($post){
        $view_type = get_post_meta($post->ID, 'wpcom_view_type', true);
        if($view_type === '2'){
            $pay_type = get_post_meta($post->ID, 'wpcom_pay_type', true);
            $type = get_post_meta($post->ID, 'wpcom_unlock_type', true);
            $title = get_post_meta($post->ID, 'wpcom_dl_title', true);
            $image = get_post_meta($post->ID, 'wpcom_dl_image', true);
            $btn = $type === '3' ? get_post_meta($post->ID, 'wpcom_dl_btn', true) : '';
            $files_url = get_post_meta($post->ID, 'wpcom_dl_file_url', true);
            $files_title = get_post_meta($post->ID, 'wpcom_dl_file_title', true);
            $files_code = get_post_meta($post->ID, 'wpcom_dl_file_code', true);
            $files = array();
            if(!empty($files_url)){
                foreach($files_url as $i => $url){
                    $files[] = array(
                        'url' => $url,
                        'title' => isset($files_title[$i]) ? $files_title[$i] : '',
                        'code' => isset($files_code[$i]) ? $files_code[$i] : '',
                    );
                }
            }
            $dl_args_l = get_post_meta($post->ID, 'wpcom_dl_args_l', true);
            $dl_args_v = get_post_meta($post->ID, 'wpcom_dl_args_v', true);
            $dl_args = array();
            if(!empty($dl_args_l)){
                foreach($dl_args_l as $x => $l){
                    $dl_args[] = array(
                        'label' => $l,
                        'value' => isset($dl_args_v[$x]) ? $dl_args_v[$x] : ''
                    );
                }
            }
            if($type === '3' || $type === '5'){
                $blockName = 'premium-download';
                $vip_types = VIP::get_vip_types();
                $vip_price = array();
                if(!empty($vip_types)){
                    foreach($vip_types as $_type){
                        $id = $_type['id'];
                        $vip_price[$id.'_price'] = get_post_meta($post->ID, 'wpcom_'.$id.'_price', true);
                    }
                }
                $attrs = array(
                    'id' => 'post-'.$blockName.'-'.$post->ID,
                    'title' => $title,
                    'image' => $image ? wp_get_attachment_url($image) : '',
                    'pay_type' => $pay_type == 1 ? 1 : 0,
                    'price' => $type === '3' ? get_post_meta($post->ID, 'wpcom_unlock_price', true) : 0,
                    'vip_price' => $vip_price,
                    'files' => $files,
                    'args' => $dl_args,
                    'btn' => $btn ?: '',
                    'sales_base' => (int)get_post_meta($post->ID, 'wpcom_unlock_sales_base', true)
                );
                if($type === '5') $attrs['vip'] = true;
            }else{
                $blockName = 'hidden-download';
                $type = $type === '4' ? '3' : $type;
                $btn = '';
                switch($type){
                    case '0':
                        $btn = '回复后下载';
                        break;
                    case '1':
                        $btn = '登录后下载';
                        break;
                }
                $user_group = get_post_meta($post->ID, 'wpcom_unlock_groups', true);
                $attrs = array(
                    'id' => 'post-'.$blockName.'-'.$post->ID,
                    'title' => $title,
                    'image' => $image ? wp_get_attachment_url($image) : '',
                    'files' => $files,
                    'args' => $dl_args,
                    'user_group' => $user_group,
                    'type' => $type,
                );
                if($type === '3') $attrs['password'] = get_post_meta($post->ID, 'wpcom_unlock_password', true);
            }

            return array(
                'blockName' => 'wpcom/' . $blockName,
                'attrs' => $attrs,
                'innerBlocks' => array(),
                'innerHTML' => '',
                'innerContent' => array()
            );
        }
    }

    function download_count(){
        $post_id = isset($_POST['post_id']) ? sanitize_text_field($_POST['post_id']) : '';
        $id = isset($_POST['id']) ? sanitize_text_field($_POST['id']) : '';
        if($post_id && $id && $post = get_post($post_id)){
            $count = get_post_meta($post->ID, 'download_count', true);
            $count = $count && json_decode($count, true) ? json_decode($count, true) : array();
            $count[$id] = isset($count[$id]) && $count[$id] ? (int)$count[$id] + 1 : 1;
            update_post_meta($post->ID, 'download_count', wp_json_encode($count));
            $res = array(
                'count' => $count[$id],
            );
            wp_send_json($res);
        }
    }

    public static function get_download_url($str, $content_id = '', $type = 'premium', $encrypt = true){
        if(is_array($str) && isset($str[0]) && isset($str[0]['url'])) return $str;
        $res = [];
        $urls = explode(PHP_EOL, $str);
        if($urls){
            foreach($urls as $i => $url){
                if($url && $_url = explode('||', $url)){
                    $this_url = [];
                    if(count($_url) >= 3){
                        $this_url = [
                            'title' => trim($_url[0]),
                            'url' => trim($_url[1]),
                            'code' => trim($_url[2])
                        ];
                    }else if(count($_url) === 1){
                        $this_url = [
                            'url' => is_numeric(trim($_url[0])) ? wp_get_attachment_url(trim($_url[0])) : trim($_url[0]),
                        ];
                    }else{
                        if(is_numeric(trim($_url[0])) || preg_match('/^(http:\/\/|https:\/\/|ftp:\/\/|\/\/)/i', trim($_url[0]))){
                            $this_url = [
                                'url' => is_numeric(trim($_url[0])) ? wp_get_attachment_url(trim($_url[0])) : trim($_url[0]),
                                'code' => trim($_url[1])
                            ];
                        }else{
                            $this_url = [
                                'title' => trim($_url[0]),
                                'url' => is_numeric(trim($_url[1])) ? wp_get_attachment_url(trim($_url[1])) : trim($_url[1])
                            ];
                        }
                    }

                    if($encrypt && !empty($this_url)) {
                        // 加密链接地址
                        if(isset($this_url['url']) && $this_url['url']){
                            $this_url['url'] = self::encrypt_url($this_url['url'], $url, $content_id, $i, $type);
                        }
                    }

                    $res[] = $this_url;
                }
            }
        }
        return $res;
    }

    public static function encrypt_url($url, $url_str, $content_id, $file_index, $type = 'premium') {
        if($url && $url_str && $content_id){
            $parts = explode('::', $content_id);
            $post_id = isset($parts[0]) ? intval($parts[0]) : 0;
            $block_id = isset($parts[1]) ? $parts[1] : '';
            $user_id = get_current_user_id();
            $timestamp = time();

            $payload = [
                'p' => $post_id,
                'b' => $block_id,
                'i' => $file_index,
                't' => $timestamp,
                'u' => $user_id,
                'type' => $type
            ];
            $payload_json = json_encode($payload);
            $secret_key = defined('AUTH_KEY') ? AUTH_KEY : 'default-key';
            $sign = hash_hmac('sha256', $payload_json, $secret_key);
            $token = base64_encode($payload_json) . '.' . $sign;

            $url = admin_url('admin-ajax.php?token=' . urlencode($token) . '&action=wpcom_download_file');
        }

        return apply_filters('wpcom_encrypt_url', $url, $url_str, $content_id, $file_index, $type);
    }

    public static function get_arg_value($value, $attr){
        global $post;
        if(preg_match('%PRICE%', $value)) {
            $_price = 0;
            // VIP专属则获取最低等级会员价格
            if(isset($attr['vip']) && $attr['vip'] && !empty($attr['vip_price'])){
                $prices = VIP::get_vip_price(0, $attr['vip_price'], 'download');
                if(!empty($prices) && is_array($prices)){
                    $first = array_shift($prices);
                    $_price = $first['price'];
                }
            }else{
                $_price = isset($attr['price']) && $attr['price'] ? $attr['price'] : 0;
            }
            $pay_type = self::get_pay_type($attr);
            if($pay_type == 1){
                $replace = '<span class="premium-download-price">' . wpmx_icon('points', false) . number_format($_price, 0, '.', '') . '<span class="price-unit">积分</span></span>';
            }else{
                $replace = '<span class="premium-download-price">¥' . number_format($_price, 2, '.', '') . '</span>';
            }
            $value = str_replace('%PRICE%', $replace, $value);
        }
        if(preg_match('%SALES%', $value)) {
            $sales = Order::get_item_sales('premium-download', $post->ID.'::'.$attr['id']);
            if(isset($attr['sales_base']) && $attr['sales_base']) $sales += (int)$attr['sales_base'];
            $sales = apply_filters('wpcom_premium_content_sales', $sales, $attr, $post);
            $sales = $sales ?: 0;
            $value = str_replace('%SALES%', '<span class="premium-download-sales">'.wpmx_icon('huo', 0).$sales.'</span>', $value);
        }
        if(preg_match('%DL_COUNT%', $value) && isset($attr['id']) && $attr['id']) {
            $count = get_post_meta($post->ID, 'download_count', true);
            $count = $count && json_decode($count, true) ? json_decode($count, true) : array();
            $_count = isset($count[$attr['id']]) && $count[$attr['id']] ? (int)$count[$attr['id']] : 0;
            $value = str_replace('%DL_COUNT%', '<span class="download-times">' . $_count . '</span>', $value);
        }
        if(preg_match('%PUBLISH_TIME%', $value)) {
            $value = str_replace('%PUBLISH_TIME%', date_i18n(get_option('date_format'), strtotime($post->post_date)), $value);
        }
        if(preg_match('%MODIFIED_TIME%', $value)) {
            $value = str_replace('%MODIFIED_TIME%', date_i18n(get_option('date_format'), strtotime($post->post_modified)), $value);
        }
        if(preg_match('/^\[(.+)\]\((.+)\)$/', $value, $m)) {
            $value = preg_replace('/^\[(.+)\]\((.+)\)$/', '<a href="${2}" target="_blank" rel="nofollow">${1}</a>', $value);
        }
        return apply_filters('wpcom_get_download_arg_value', $value, $attr, $post);
    }

    public static function get_pay_type($attr){
        $pay_type = 0;
        if(isset($attr['pay_type']) && $attr['pay_type'] == '1'){
            $options = $GLOBALS['wpmx_options'];
            if(isset($options['points_on']) && $options['points_on'] == '1'){
                $pay_type = 1;
            }
        }
        return apply_filters('wpcom_get_pay_type', $pay_type, $attr);
    }

    public function order_item_url($url, $item){
        if($item && isset($item->type) && $item->type === 'premium-download' && $item->type_id && $ids = explode('::', $item->type_id)){
            $post_id = $ids[0];
            $block_id = $ids[1];
            if ($post_id && $post = get_post($post_id)) {
                $url = get_permalink($post->ID);
                if($block_id) $url .= '#' . $block_id;
            }
        }
        return $url;
    }

    public function show_in_order($item) {
        if ($item->type_id && $ids = explode('::', $item->type_id)) {
            $post_id = $ids[0];
            $block_id = $ids[1];
            if ($post_id && $post = get_post($post_id)) { ?>
                <ul class="member-account-order">
                    <li class="member-account-order-item">
                        <div class="member-account-order-label">关联文章:</div>
                        <div class="member-account-order-value"><?php echo get_the_title($post->ID); ?></div>
                    </li>
                    <li class="member-account-order-item">
                        <div class="member-account-order-label">付费资源:</div>
                        <div class="member-account-order-value"><?php echo $item->title;?></div>
                    </li>
                    <li class="member-account-order-item">
                        <div class="member-account-order-label">内容链接:</div>
                        <div class="member-account-order-value">
                            <a class="wpcom-btn btn-primary btn-xs" href="<?php echo esc_url(get_permalink($post->ID)); ?>#<?php echo $block_id;?>" target="_blank">点击查看</a>
                        </div>
                    </li>
                </ul>
            <?php }
        }
    }

    public function premium_download_data($return = false) {
        $res = ['result' => 0];
        if (WPCOM_MP_can_setup_order()) {
            $post_id = isset($_POST['post_id']) ? sanitize_text_field($_POST['post_id']) : '';
            $id = isset($_POST['id']) ? sanitize_text_field($_POST['id']) : '';
            if ($post_id && $id) {
                $block = $this->get_block($post_id, $id);
                if ($block && isset($block['attrs'])) {
                    $post = get_post($post_id);
                    $user_id = get_current_user_id();
                    $_price = isset($block['attrs']['price']) && $block['attrs']['price'] ? $block['attrs']['price'] : 0;
                    $points = isset($block['attrs']['pay_type']) && $block['attrs']['pay_type'] == 1;
                    // VIP专属默认价格为0
                    $_price = isset($block['attrs']['vip']) && $block['attrs']['vip'] ? 0 : $_price;
                    $_vip_price = isset($block['attrs']['vip_price']) && $block['attrs']['vip_price'] ? $block['attrs']['vip_price'] : array();
                    $price = VIP::get_vip_price_by_user($user_id, $_price, $_vip_price, 'download');
                    $items = [
                        [
                            'title' => isset($block['attrs']['title']) && $block['attrs']['title'] ? $block['attrs']['title'] : '文章【' . $post->post_title . '】的付费资源',
                            'price' => number_format($price, 2, '.', ''),
                            'url' => get_permalink($post_id),
                            'number' => 1,
                            'type' => 'premium-download',
                            'type_id' => $post_id . '::' . $id
                        ]
                    ];
                    $res['total'] = number_format($price, 2, '.', '');
                    $res['items'] = $items;
                    if($points) $res['points'] = $points ? 1 : 0;
                    $res = Order::setup_order_data($res);
                    if($price == 0 && $vip = VIP::get_user_vip($user_id)){ // VIP资源提示解锁
                        $res['result'] = -9;
                        $res['type'] = 'premium-download';
                        $res['type_text'] = '资源';
                        $res['vip'] = [
                            'id' => $vip['id'],
                            'icon' => $vip['icon'],
                            'title' => $vip['title'],
                            'upgrade' => VIP::vip_can_upgrade($vip)
                        ];
                        $res['unlock_times'] = VIP::get_vip_unlock_times($user_id);
                    }
                } else {
                    $res['result'] = -3;
                }
            } else {
                $res['result'] = -2;
            }
        } else { // 未登录
            $res['result'] = -1;
        }
        if($return) return $res;
        wp_send_json($res);
    }

    private function get_block($post_id, $id) {
        $post = get_post($post_id);
        $blocks = parse_blocks($post->post_content);
        if(preg_match('/^post-premium-download-'.$post_id.'$/i', $id)){
            return $this->generate_download_block($post);
        }
        $block = WPCOM_MP_loop_find_block($blocks, $id, 'wpcom/premium-download');
        // 检查是否来自自定义页
        if(!$block && class_exists(\WPCOM\Modules\Module::class)){
            $template = get_post_meta($post->ID, '_wp_page_template', true);
            if($template === 'page-home.php'){
                $block = WPCOM_MP_get_module_block($id, 'wpcom/premium-download', $post_id);
            }
        }
        return $block;
    }

    function loop_blocks($blocks, $type = 'premium'){
        $res = [];
        if($blocks){
            foreach ($blocks as $block){
                if($block['blockName'] === 'wpcom/'.$type.'-download'){
                    $res[] = $block;
                }else if(isset($block['innerBlocks']) && $block['innerBlocks']){
                    $childs = $this->loop_blocks($block['innerBlocks'], $type);
                    if($childs) $res = array_merge($res, $childs);
                }
            }
        }
        return $res;
    }

    public function for_rest_api(){
        register_rest_route('wpcom/v1', '/premium-download', array(
            array(
                'methods'             => \WP_REST_Server::READABLE,
                'callback'            => array($this, 'rest_get_download'),
                'args'                => $this->rest_get_read_params(),
                'permission_callback' => array( $this, 'rest_permission_check' )
            ),
            array(
                'methods'             => \WP_REST_Server::CREATABLE,
                'callback'            => array($this, 'rest_create_order'),
                'args'                => $this->rest_init_order_params(),
                'permission_callback' => array( $this, 'rest_permission_check' )
            )
        ));
        register_rest_route('wpcom/v1', '/hidden-download', array(
            array(
                'methods'             => \WP_REST_Server::READABLE,
                'callback'            => array($this, 'rest_get_hidden_download'),
                'args'                => $this->rest_get_read_params(),
                'permission_callback' => array( $this, 'no_check' )
            )
        ));
    }

    function rest_get_read_params(){
        return array(
            'post_id' => array(
                'required'          => true,
                'default'           => 0,
                'type'              => 'integer',
                'validate_callback' => 'rest_validate_request_arg',
            ),
            'password' => array(
                'required'          => false,
                'default'           => '',
                'type'              => 'string'
            ),
            'id' => array(
                'required'          => false,
                'default'           => '',
                'type'              => 'string'
            )
        );
    }

    function rest_init_order_params(){
        return array(
            'post_id' => array(
                'required'          => true,
                'default'           => 0,
                'type'              => 'integer',
                'validate_callback' => 'rest_validate_request_arg',
            ),
            'block_id' => array(
                'required'          => true,
                'default'           => '',
                'type'              => 'string',
                'validate_callback' => 'rest_validate_request_arg',
            )
        );
    }

    function rest_get_download($request){
        $res = $this->get_premium_download($request['post_id']);
        return rest_ensure_response( $res );
    }

    function rest_get_hidden_download($request){
        $res = $this->get_hidden_download($request['post_id'], $request['password'], $request['id']);
        return rest_ensure_response( $res );
    }

    function rest_create_order($request){
        $_POST = $_POST ?: array();
        $_POST['post_id'] = $request['post_id'];
        $_POST['id'] = $request['block_id'];
        $data = $this->premium_download_data(true);
        $data['nonce'] = wp_create_nonce('wpcom_payment_form');
        return rest_ensure_response( $data );
    }

    function rest_permission_check(){
        if ( get_current_user_id() ) {
            return true;
        } else {
            return new \WP_Error( 'rest_user_cannot_view', '请登录后操作!', array( 'status' => 200 ) );
        }
    }

    function no_check(){
        return true;
    }

    public function download_file() {
        $token = isset($_GET['token']) ? $_GET['token'] : '';
        if (!$token || strpos($token, '.') === false) wp_die('参数错误');
        list($payload_b64, $sign) = explode('.', $token, 2);
        $payload_json = base64_decode($payload_b64);
        $secret_key = defined('AUTH_KEY') ? AUTH_KEY : 'default-key';
        $expected_sign = hash_hmac('sha256', $payload_json, $secret_key);
        if (!hash_equals($expected_sign, $sign)) wp_die('签名无效');

        $data = json_decode($payload_json, true);
        if (!$data || !isset($data['p'], $data['b'], $data['i'])) wp_die('无效token');

        // 校验时间戳
        if (time() - $data['t'] > 3600) wp_die('链接已过期');

        // 校验用户ID(如需)
        if ($data['u'] != get_current_user_id()) wp_die('无权限');

        // 查找真实下载地址
        $post = get_post($data['p']);
        if (!$post) wp_die('文章不存在');
        $blocks = $this->get_premium_download_blocks($post, $data['type']);
        $block = null;
        foreach ($blocks as $b) {
            if (isset($b['attrs']['id']) && $b['attrs']['id'] == $data['b']) {
                $block = $b;
                break;
            }
        }
        if (!$block) wp_die('区块不存在');
        $files = $this->get_download_url($block['attrs']['files'],'', '', false);
        if (!isset($files[$data['i']]['url'])) wp_die('文件不存在');
        $real_url = $files[$data['i']]['url'];
        // 跳转
        wp_redirect($real_url);
        exit;
    }
}

new Premium_Download();

Youez - 2016 - github.com/yon3zu
LinuXploit