<?php
# This file is part of the Savane project
# <http://gna.org/projects/savane/>
#
# $Id: download.php 5187 2005-12-01 16:22:29Z yeupou $
#
#  Copyright 2001-2002 (c) Laurent Julliard, CodeX Team, Xerox
#
#  Copyright 2002-2005 (c) Mathieu Roy <yeupou--gnu.org>
#
#
# The Savane project is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# The Savane project is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with the Savane project; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA


require "include/pre.php";

# check if the provided file_id is a valid numerical id
if (!$file_id || !ctype_digit($file_id))
{
  exit_missing_param();
}

$sql="SELECT description,file,filename,filesize,filetype FROM trackers_file WHERE file_id='$file_id' LIMIT 1";
$result=db_query($sql);

if ($result && db_numrows($result) > 0) 
{

  # Check if the file is not empty.
  # This should have been checked before, but it is harmless to check it
  # one more time
  if (db_result($result,0,'filesize') == 0) 
    { exit_error(_("Nothing in here - File has a null size")); } 

  # Check if the filename in database match with the one in the url.
  # We do not want to allow broken url, that may lead a user he will download
  # a file with a given name, like "myimage.png" while he may be downloading
  # something completely different like "mystupidvirus.scr".
  if (db_result($result,0,'filename') != basename($_SERVER['PHP_SELF']))
    {
      exit_error(_("The filename in the url does not match the filename registered in the database"));
    }

  
  # Download the patch with the correct filetype
  header('Content-Type: '.db_result($result,0,'filetype'));
  header('Content-Length: '.db_result($result,0,'filesize'));
  header('Content-Disposition: filename='.db_result($result,0,'filename'));
  header('Content-Description: '. db_result($result,0,'description'));
  
  print db_result($result,0,'file');
  
} 
else
{
  exit_error(_("Couldn't find attached file")." (file #$file_id)");
}

?>
