root/releases/0.6/_files/download.php

Revision 296, 2.6 kB (checked in by carmartin, 3 years ago)

Includes should use full path given that we know where things are. Patch 1.

  • Property svn:eol-style set to native
Line 
1 <?php
2
3 // Download script
4 // Usage: http://URL/{username}/files/{folder_id}/{file_id}/{filename}
5
6 // Run includes
7 require_once(dirname(dirname(__FILE__))."/includes.php");
8
9 // Initialise functions for user details, icon management and profile management
10 run("userdetails:init");
11 run("profile:init");
12 run("files:init");
13
14 // If an ID number for the file has been specified ...
15 $id = optional_param('id',0,PARAM_INT);
16 if (!empty($id)) {
17     // ... and the file exists in the database ...
18     if ($file = get_record('files','ident',$id)) {
19         // ... and the owner of the file in the URL line hasn't been spoofed ...
20         $files_name = optional_param('files_name');
21         if (run("users:name_to_id",$files_name) == $file->owner
22             || run("users:name_to_id",$files_name) == $file->files_owner) {
23             
24             // ... and the current user is allowed to access it ...
25             
26             if (run("users:access_level_check",$file->access) == true || $file->owner == $_SESSION['userid']) {
27                 
28                 // ... and the file exists on disk ...
29                 
30                 // Send 304s where possible, rather than spitting out the file each time
31                 $if_modified_since = preg_replace('/;.*$/', '', $_SERVER['HTTP_IF_MODIFIED_SINCE']);
32                 
33                 $tstamp = filemtime($CFG->dataroot . $file->location);
34                 $lm = gmdate("D, d M Y H:i:s", $tstamp) . " GMT";
35                 
36                 if ($if_modified_since == $lm) {
37                     header("{$_SERVER['SERVER_PROTOCOL']} 304 Not Modified");
38                     exit;
39                 }
40                 
41                 // Send last-modified header to enable if-modified-since requests
42                 if ($tstamp < time()) {
43                     header("Last-Modified: " . $lm);
44                 }
45                 
46                 // Then output some appropriate headers and send the file data!
47                 require_once($CFG->dirroot.'/lib/filelib.php');
48                 $mimetype = mimeinfo('type',$file->location);
49                 
50                 // "Cache-Control: private" to allow a user's browser to cache the file, but not a shared proxy
51                 // Also to override PHP's default "DON'T EVER CACHE THIS EVER" header
52                 header("Cache-Control: private");
53                 
54                 header("Content-type: $mimetype");
55                 if ($mimetype == "application/octet-stream") {
56                     header('Content-Disposition: attachment');
57                 }
58                 readfile($CFG->dataroot . $file->location);
59             }
60         }
61     }
62 }
63
64 ?>
65
Note: See TracBrowser for help on using the browser.