404 File not found!"); } //Gather relevent info about file $len = filesize($file); $filename = basename($file); $file_extension = strtolower(substr(strrchr($filename,"."),1)); //This will set the Content-Type to the appropriate setting for the file switch( $file_extension ) { case "pdf": $ctype = "application/pdf"; break; case "exe": $ctype = "application/octet-stream"; break; case "zip": $ctype = "application/zip"; break; case "doc": $ctype = "application/msword"; break; case "rtf": $ctype = "application/rtf"; break; case "xls": $ctype = "application/vnd.ms-excel"; break; case "ppt": case "pps": $ctype = "application/vnd.ms-powerpoint"; break; case "gif": $ctype = "image/gif"; break; case "png": $ctype = "image/png"; break; case "jpeg": case "jpg": $ctype = "image/jpg"; break; case "bmp": $ctype = "image/bmp"; break; case "tif": case "tiff": $ctype = "image/tiff"; break; case "mp3": $ctype = "audio/mpeg"; break; case "wav": $ctype = "audio/x-wav"; break; case "mpeg": case "mpg": case "mpe": $ctype = "video/mpeg"; break; case "mov": $ctype = "video/quicktime"; break; case "avi": $ctype = "video/x-msvideo"; break; case "txt": $ctype = "text/plain"; break; case "swf": $ctype = "application/x-shockwave-flash"; break; //The following are for extensions that shouldn't be downloaded (sensitive stuff, like php files) case "php": case "htm": case "html": die("Cannot be used for ". $file_extension ." files!"); break; default: $ctype = "application/force-download"; } //Begin writing headers header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: public"); header("Content-Description: File Transfer"); //Use the switch-generated Content-Type header("Content-Type: $ctype"); //Force the download header('Content-Disposition: attachment; filename="'.$filename.'";' ); header("Content-Transfer-Encoding: binary"); header("Content-Length: ".$len); @readfile($file); exit; } // end function // Get file data $file = @$_GET["file"]; $file = preg_replace('|^/uploads|', '', $file); $file = str_replace('..', '', $file); $filename = BASEDIR . '/uploads' . $file; if (file_exists($filename)){ dl_file($filename); } else { header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: public"); header("Content-Description: File Transfer"); header("Content-Type: application/force-download"); header("Content-Type: application/octet-stream"); header("Content-Type: application/download"); header('Content-Disposition: attachment; filename="File not found"'); echo "File not found"; } ?>