escape($_GET['file_id']); $uid = $conn->escape(fs_current_user_id()); $res = $conn->get_var("SELECT file_name FROM $tables->files WHERE id=$id"); if ($res === false) error(500,db_error()); if ($res == null) error(404, "file_id $id not found in database"); $file_path = FILES_ROOT."/$res"; if (!file_exists($file_path)) { sendmail(ADMIN_EMAIL, "Download file not found","The file $file_path is missing (download_id = $id)"); error(404, "File not found, the site administrator have been notified. please try again later."); } $res = $conn->get_var("SELECT num_downloads FROM $tables->downloads WHERE file_id=$id and user_id=$uid"); if ($res === false) error(500,db_error()); if ($res == null) { $res = $conn->query("INSERT INTO $tables->downloads (user_id,file_id) VALUES ($uid,$id)"); if ($res === false) error(500,db_error()); } $res = $conn->get_var("SELECT num_downloads FROM $tables->downloads WHERE user_id = $uid AND file_id= $id"); if ($res === false) error(500,db_error()); if ((int)$res > MAX_DOWNLOADS_PER_FILE) { error(403, sprintf("Download limit exceeded for this file, please contact %s", fs_link("mailto:".ADMIN_EMAIL, "support"))); } header('Cache-control: private'); header('Content-Type: application/octet-stream'); header('Content-Length: '.filesize($file_path)); header('Content-Disposition: filename='.basename($file_path)); flush(); $file = fopen($file_path, "r"); while(!feof($file)) { // send the current file part to the browser print fread($file, 8192); // flush the content to the browser flush(); } fclose($file); if (connection_aborted ()) return; // not really working with fcgi (?), but I can hope. $res = $conn->query("UPDATE downloads set num_downloads = num_downloads + 1 WHERE user_id = $uid AND file_id= $id"); if ($res === false) error(500,db_error()); ?>