Location: PHPKode > projects > ZompLog > upload/force_download.php
<?php

include_once("../admin/includes/security_class.php");
$sec_force_download = new sec_patch();
$filename = $sec_force_download->sec_force_download_link();

$_GET['file'] = str_replace('/', '', $_GET['file']);
$_GET['file'] = str_replace('\'', '', $_GET['file']);
$_GET['file'] = str_replace(':', '', $_GET['file']);

if($_GET['file'] == 'force_download.php'){
echo "Action not allowed, sorry.";
exit;
}
elseif($_GET['file'] == 'thumbnail.php'){
echo "Action not allowed, sorry.";
exit;
}
elseif($_GET['file'] == 'index.html'){
echo "Action not allowed, sorry.";
exit;
}

// check if the file is in this directory
$thispath = getcwd();
if(file_exists($thispath.'/'.$_GET['file'])){


// required for IE, otherwise Content-disposition is ignored
if(ini_get('zlib.output_compression'))
  ini_set('zlib.output_compression', 'Off');

// addition by Jorg Weske
$file_extension = strtolower(substr(strrchr($filename,"."),1));

if( $filename == "" ) 
{
  echo "<html><title>eLouai's Download Script</title><body>ERROR: download file NOT SPECIFIED. USE force-download.php?file=filepath</body></html>";
  exit;
} elseif ( ! file_exists( $filename ) ) 
{
  echo "<html><title>eLouai's Download Script</title><body>ERROR: File not found. USE force-download.php?file=filepath</body></html>";
  exit;
};

$ctype = $_GET['type'];

header("Pragma: public"); // required
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false); // required for certain browsers 
header("Content-Type: $ctype");
// change, added quotes to allow spaces in filenames, by Rajkumar Singh
header("Content-Disposition: attachment; filename=\"".basename($filename)."\";" );
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($filename));
readfile("$filename");

exit();
}
else
{
echo "Sorry, this file does not exist in the current directory.";
}
?>
Return current item: ZompLog