_files/download.php

   1 <?php
   2
   3 // Download script
   4 // Usage: http://URL/{username}/files/{folder_id}/{file_id}/{filename}
   5
   6 // Run includes
   7 require("../includes.php");
   8
   9 // Initialise functions for user details, icon management and profile management
  10 run("userdetails:init");
  11 run("profile:init");
  12 run("files:init");
  13
  14 // If an ID number for the file has been specified ...
  15 if (isset($_REQUEST['id'])) {
  16         $id = (int) $_REQUEST['id'];
  17
  18         // ... and the file exists in the database ...
  19         $file = db_query("select * from files where ident = $id");
  20         if (sizeof($file) > 0) {
  21
  22                 $file = $file[0];
  23
  24                 // ... and the owner of the file in the URL line hasn't been spoofed ...
  25                 if (run("users:name_to_id",$_REQUEST['files_name']) == $file->owner
  26                         || run("users:name_to_id",$_REQUEST['files_name']) == $file->files_owner) {
  27
  28                         // ... and the current user is allowed to access it ...
  29                         if (run("users:access_level_check",$file->access) == true || $file->owner == $_SESSION['userid']) {
  30
  31                                 // ... and the file exists on disk ...
  32
  33                                         // Send 304s where possible, rather than spitting out the file each time
  34                                         $if_modified_since = preg_replace('/;.*$/', '', $_SERVER['HTTP_IF_MODIFIED_SINCE']);
  35
  36                                         $tstamp = filemtime(path . $file->location);
  37                                         $lm = gmdate("D, d M Y H:i:s", $tstamp) . " GMT";
  38
  39                                         if ($if_modified_since == $lm) {
  40                                                 header("{$_SERVER['SERVER_PROTOCOL']} 304 Not Modified");
  41                                                 exit;
  42                                         }
  43
  44                                         // Send last-modified header to enable if-modified-since requests
  45                                         if ($tstamp < time()) {
  46                                                 header("Last-Modified: " . $lm);
  47                                         }
  48
  49                                         // Then output some appropriate headers and send the file data!
  50                                         $mimetype = run("files:mimetype:determine",path . $file->location);
  51                                         if ($mimetype == false) {
  52                                                 $mimetype = "application/octet-stream";
  53                                         }
  54
  55                                         // "Cache-Control: private" to allow a user's browser to cache the file, but not a shared proxy
  56                                         // Also to override PHP's default "DON'T EVER CACHE THIS EVER" header
  57                                         header("Cache-Control: private");
  58
  59                                         header("Content-type: $mimetype");
  60                                         if ($mimetype == "application/octet-stream") {
  61                                                 header('Content-Disposition: attachment');
  62                                         }
  63                                         readfile(path . $file->location);
  64
  65                         }
  66
  67                 }
  68         }
  69 }
  70
  71 ?>