Merge pull request #227 from mdima/master

File Manager: Solves an authentication issue in the download function.

1 files changed, 29 insertions, 15 deletions

diff --git a/config/filemgr/rbfminc/download.tmp b/config/filemgr/rbfminc/download.tmp
index 232e90d0..ddc08148 100644
--- a/config/filemgr/rbfminc/download.tmp
+++ b/config/filemgr/rbfminc/download.tmp
@@ -1,22 +1,36 @@
 <?php
 include "config.php";
 include "session.php";
-
-if($user_login == 'ok'){
-
-	include "functions.php";
-	
-	$_GET['file_name'] = urldecode($_GET['file_name']);
-	$_GET['p'] = urldecode($_GET['p']);
+require_once('config.inc');
+require("guiconfig.inc");
+include("head.inc");
+include "functions.php";
 	
-	if($_GET['file_name'] and $_GET['p']){
-		if(file_exists($_GET['p'].$_GET['file_name'])){
-			$file = file_get_contents($_GET['p'].$_GET['file_name']);
-			$type = wp_check_filetype($_GET['file_name']);
-			header('Content-type: {$type[type]}');
-			header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"');
-			echo $file;
-		}
+$_GET['file_name'] = urldecode($_GET['file_name']);
+$_GET['p'] = urldecode($_GET['p']);
+
+if($_GET['file_name'] and $_GET['p']){
+	$filepath = $_GET['p'].$_GET['file_name'];
+	if(file_exists($filepath)){
+		$type = wp_check_filetype($_GET['file_name']);
+		header('Expires: 0');
+		header('Cache-Control: must-revalidate');
+		header('Pragma: public');			
+		header('Content-type: {$type[type]}');
+		header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"');
+		header('Content-Length: ' . filesize($filepath));
+		ob_clean();
+		flush();
+		readfile($filepath);
+		exit;
+	}
+	else
+	{
+		echo("file not found");
 	}
 }
+else
+{
+	echo("file unknown");
+}
 ?>
\ No newline at end of file