_files/download.php

   1 <?php
   2
   3 // Download script
   4 // Usage: http://URL/{username}/files/{folder_id}/{file_id}/{filename}
   5
   6 // Run includes
   7 require_once(dirname(dirname(__FILE__))."/includes.php");
   8
   9 // Initialise functions for user details, icon management and profile management
  10 run("userdetails:init");
  11 run("profile:init");
  12 run("files:init");
  13
  14 // If an ID number for the file has been specified ...
  15 $id = optional_param('id',0,PARAM_INT);
  16 if (!empty($id)) {
  17     // ... and the file exists in the database ...
  18     if ($file = get_record('files','ident',$id)) {
  19         // ... and the owner of the file in the URL line hasn't been spoofed ...
  20         $files_name = optional_param('files_name');
  21         if (run("users:name_to_id",$files_name) == $file->owner
  22             || run("users:name_to_id",$files_name) == $file->files_owner) {
  23
  24             // ... and the current user is allowed to access it ...
  25
  26             if (run("users:access_level_check",$file->access) == true || $file->owner == $_SESSION['userid']) {
  27
  28                 // ... and the file exists on disk ...
  29
  30                 // Send 304s where possible, rather than spitting out the file each time
  31                 $if_modified_since = preg_replace('/;.*$/', '', $_SERVER['HTTP_IF_MODIFIED_SINCE']);
  32
  33                 $tstamp = filemtime($CFG->dataroot . $file->location);
  34                 $lm = gmdate("D, d M Y H:i:s", $tstamp) . " GMT";
  35
  36                 if ($if_modified_since == $lm) {
  37                     header("{$_SERVER['SERVER_PROTOCOL']} 304 Not Modified");
  38                     exit;
  39                 }
  40
  41                 // Send last-modified header to enable if-modified-since requests
  42                 if ($tstamp < time()) {
  43                     header("Last-Modified: " . $lm);
  44                 }
  45
  46                 // Then output some appropriate headers and send the file data!
  47                 require_once($CFG->dirroot.'/lib/filelib.php');
  48                 $mimetype = mimeinfo('type',$file->location);
  49
  50                 // "Cache-Control: private" to allow a user's browser to cache the file, but not a shared proxy
  51                 // Also to override PHP's default "DON'T EVER CACHE THIS EVER" header
  52                 header("Cache-Control: private");
  53
  54                 header("Content-type: $mimetype");
  55                 if ($mimetype == "application/octet-stream") {
  56                     header('Content-Disposition: attachment');
  57                 }
  58                 readfile($CFG->dataroot . $file->location);
  59             }
  60         }
  61     }
  62 }
  63
  64 ?>