/ -> showfile.php
1 <?php
2
3 // showfile.php - Streams a file to the user
4 // showfile.php - author: Nico Stuurman <nicost@soureforge.net>
5 /***************************************************************************
6 * Afterchecking whether the user is allowed to see the file, it is send to *
7 * the user's browser *
8 * *
9 * Copyright (c) 2001 by Nico Stuurman *
10 * ------------------------------------------------------------------------ *
11 * This program is free software; you can redistribute it and/or modify it *
12 * under the terms of the GNU General Public License as published by the *
13 * Free Software Foundation; either version 2 of the License, or (at your *
14 * option) any later version. *
15 \**************************************************************************/
16
17
18 // main include thingies
19 require('include.php');
20 require('includes/db_inc.php');
21
22 $id=$HTTP_GET_VARS['id'];
23 $type=$HTTP_GET_VARS['type'];
24
25 if (!$id) {
26 echo "<html><h3>404. File not found.</h3></html>";
27 exit;
28 }
29 $r=$db->query("SELECT filename,tablesfk,ftableid,mime,size FROM files
30 WHERE id=$id");
31 if ((!$r) || $r->EOF) {
32 echo "<html><h3>404. File not found.</h3></html>";
33 exit;
34 }
35 $tableid=$r->fields('tablesfk');
36 $tableitemid=$r->fields('ftableid');
37 $mime=$r->fields('mime');
38 // we keep a list with fileids that can be seen in the USER settings
39 if (! (@in_array($id,$USER['settings']['fileids']))) {
40 $tablename=get_cell($db,'tableoftables','tablename','id',$tableid);
41 $HTTP_GET_VARS['tablename']=$tablename;
42 $tableinfo=new tableinfo($db);
43 if (!may_read($db,$tableinfo,$tableitemid,$USER))
44 echo "<html><h3>401. Forbidden.</h3></html>";
45 }
46 if ($type=='small' || $type=='big') { // this is an image
47 if ($type=='small')
48 $thumb=$system_settings['thumbnaildir']."/small/$id.jpg";
49 if ($type=="big")
50 $thumb=$system_settings['thumbnaildir']."/big/$id.jpg";
51 if (@is_readable($thumb)) {
52 header('Accept-Ranges: bytes');
53 header('Connection: close');
54 header('Content-Type: image/jpg');
55 readfile($thumb);
56 }
57 else
58 echo "<html><h3>404. File not found.</h3></html>";
59 }
60 else { // and this is a file
61 $filedir=$system_settings['filedir'];
62 $filename=$r->fields('filename');
63 $filesize=$r->fields('size');
64 // send headers
65 header('Accept-Ranges: bytes');
66 header('Connection: close');
67 header("Content-Type: $mime");
68 header("Content-Length: $filesize");
69 header("Content-Disposition-type: attachment");
70 header("Content-Disposition: attachment; filename=$filename");
71 readfile("$filedir/$id"."_".$filename);
72 }
73 ?>