<?php
include_once("auth.inc");
include "functions.php";
//Set the cache policy
ob_end_clean();
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");	
//Gets the parameters
$_GET['file_name'] = urldecode($_GET['file_name']);
$_GET['p'] = urldecode($_GET['p']);
//Check Authentication
$candownload = false;
if (function_exists("session_auth"))
	{//pfSense 2.X
	$candownload = session_auth();}
else
	{//pfSense 1.2.3
	$candownload = htpasswd_backed_basic_auth();}
if ($candownload)
{
	if($_GET['file_name'] and $_GET['p']){
		$filepath = $_GET['p'].$_GET['file_name'];
		if(file_exists($filepath)){
			$type = wp_check_filetype($_GET['file_name']);	
			header('Content-type: ' . $type[$_GET['file_name']]);
			header('Content-Disposition: attachment; filename="'.$_GET['file_name'].'"');
			header('Content-Length: ' . filesize($filepath));
			header('Last-Modified: '.gmdate('D, d M Y H:i:s', filemtime($filepath)).' GMT', true, 200);
			flush();
			readfile($filepath);
			exit;
		}
		else
		{
			echo("File not found");
		}
	}
	else
	{
		echo("File Unknown");
	}
}
else
{
	echo("Session Expired");
}
?>