Location: PHPKode > projects > osTicket > osTicket-osTicket-1.7-86abb65/scp/file.php
<?php
/*********************************************************************
    file.php
    
    Simply downloads the file...on hash validation as follows;
    
    * Hash must be 64 chars long.
    * First 32 chars is the perm. file hash
    * Next 32 chars  is md5(file_id.session_id().file_hash)

    Peter Rotich <hide@address.com>
    Copyright (c)  2006-2012 osTicket
    http://www.osticket.com

    Released under the GNU General Public License WITHOUT ANY WARRANTY.
    See LICENSE.TXT for details.

    vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
require('staff.inc.php');
require_once(INCLUDE_DIR.'class.file.php');
$h=trim($_GET['h']);
//basic checks
if(!$h  || strlen($h)!=64  //32*2
        || !($file=AttachmentFile::lookup(substr($h,0,32))) //first 32 is the file hash.
        || strcasecmp(substr($h,-32),md5($file->getId().session_id().$file->getHash()))) //next 32 is file id + session hash.
    die('Unknown or invalid file. #'.Format::htmlchars($_GET['h']));

$file->download();
?>
Return current item: osTicket