root/devel-backup/_files/download.php

Revision 147, 2.2 kB (checked in by ben, 3 years ago)

File uploads / downloads now work again (resolved assumptions about path in $file->location)

  • Property svn:eol-style set to native
Line 
1 <?php
2
3 // Download script
4 // Usage: http://URL/{username}/files/{folder_id}/{file_id}/{filename}
5
6 // Run includes
7 require("../includes.php");
8
9 // Initialise functions for user details, icon management and profile management
10 run("userdetails:init");
11 run("profile:init");
12 run("files:init");
13
14 // If an ID number for the file has been specified ...
15 if (isset($_REQUEST['id'])) {
16     $id = (int) $_REQUEST['id'];
17     
18     // ... and the file exists in the database ...
19     $file = db_query("select * from files where ident = $id");
20     if (sizeof($file) > 0) {
21         
22         $file = $file[0];
23         
24         // ... and the owner of the file in the URL line hasn't been spoofed ...
25         if (run("users:name_to_id",$_REQUEST['files_name']) == $file->owner
26             || run("users:name_to_id",$_REQUEST['files_name']) == $file->files_owner) {
27
28             // ... and the current user is allowed to access it ...
29             if (run("users:access_level_check",$file->access) == true || $file->owner == $_SESSION['userid']) {
30                 
31                 // ... and the file exists on disk ...
32
33                     // Send 304s where possible, rather than spitting out the file each time
34                     $if_modified_since = preg_replace('/;.*$/', '', $_SERVER['HTTP_IF_MODIFIED_SINCE']);
35                     
36                     $tstamp = filemtime(path . $file->location);
37                     $lm = gmdate("D, d M Y H:i:s", $tstamp) . " GMT";
38                     
39                     if ($if_modified_since == $lm) {
40                         header("{$_SERVER['SERVER_PROTOCOL']} 304 Not Modified");
41                         exit;
42                     }
43
44                     // Send last-modified header to enable if-modified-since requests
45                     if ($tstamp < time()) {
46                         header("Last-Modified: " . $lm);
47                     }
48                     
49                     // Then output some appropriate headers and send the file data!
50                     $mimetype = run("files:mimetype:determine",path . $file->location);
51                     if ($mimetype == false) {
52                         $mimetype = "application/octet-stream";
53                     }
54
55                     // "Cache-Control: private" to allow a user's browser to cache the file, but not a shared proxy
56                     // Also to override PHP's default "DON'T EVER CACHE THIS EVER" header
57                     header("Cache-Control: private");
58                     
59                     header("Content-type: $mimetype");
60                     if ($mimetype == "application/octet-stream") {
61                         header('Content-Disposition: attachment');
62                     }
63                     readfile(path . $file->location);
64                 
65             }
66             
67         }
68     }
69 }
70
71 ?>
Note: See TracBrowser for help on using the browser.