1 files changed, 42 insertions, 15 deletions

diff --git a/config/filemgr/rbfminc/download.tmp b/config/filemgr/rbfminc/download.tmp
index 232e90d0..badc6d19 100644
--- a/config/filemgr/rbfminc/download.tmp
+++ b/config/filemgr/rbfminc/download.tmp
@@ -1,22 +1,49 @@
 <?php
-include "config.php";
-include "session.php";
-
-if($user_login == 'ok'){
-
-	include "functions.php";
-	
-	$_GET['file_name'] = urldecode($_GET['file_name']);
-	$_GET['p'] = urldecode($_GET['p']);
-	
+include_once("auth.inc");
+include "functions.php";
+//Set the cache policy
+ob_end_clean();
+header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");	
+//Gets the parameters
+$_GET['file_name'] = urldecode($_GET['file_name']);
+$_GET['p'] = urldecode($_GET['p']);
+//Check Authentication
+$candownload = false;
+if (function_exists("session_auth"))
+	{//pfSense 2.X
+	$candownload = session_auth();}
+else
+	{//pfSense 1.2.3
+	$candownload = htpasswd_backed_basic_auth();}
+if ($candownload)
+{
 	if($_GET['file_name'] and $_GET['p']){
-		if(file_exists($_GET['p'].$_GET['file_name'])){
-			$file = file_get_contents($_GET['p'].$_GET['file_name']);
-			$type = wp_check_filetype($_GET['file_name']);
-			header('Content-type: {$type[type]}');
+		$filepath = $_GET['p'].$_GET['file_name'];
+		if(file_exists($filepath)){
+			$type = wp_check_filetype($_GET['file_name']);	
+			header('Content-type: ' . $type[$_GET['file_name']]);
 			header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"');
-			echo $file;
+			header('Content-Length: ' . filesize($filepath));
+			header('Last-Modified: '.gmdate('D, d M Y H:i:s', filemtime($filepath)).' GMT', true, 200);
+			flush();
+			readfile($filepath);
+			exit;
 		}
+		else
+		{
+			echo("File not found");
+		}
+	}
+	else
+	{
+		echo("File Unknown");
 	}
 }
+else
+{
+	echo("Session Expired");
+}
 ?>
\ No newline at end of file