1. <?php
2. $dir="download/";
3. $filename=$_GET['file'];
4. $file_path=$dir.$filename;
5. $ctype="application/octet-stream";
6. //
7. if(!empty($file_path) && file_exists($file_path)){ //check keberadaan file
8. header("Pragma:public");
9. header("Expired:0");
10. header("Cache-Control:must-revalidate");
11. header("Content-Control:public");
12. header("Content-Description: File Transfer");
13. header("Content-Type: $ctype");
14. header("Content-Disposition:attachment; filename=\"".basename($file_path)."\"");
15. header("Content-Transfer-Encoding:binary");
16. header("Content-Length:".filesize($file_path));
17. flush();
18. readfile($file_path);
19. exit();
20. }else{
21. echo "The File does not exist.";
22. }
23. ?>
<?php
if(isset($_REQUEST["file"])){
// Get parameters
$file = urldecode($_REQUEST["file"]); // Decode URL-encoded string
/* Check if the file name includes illegal characters
like "../" using the regular expression */
if(preg_match('/^[^.][-a-z0-9_.]+[a-z]$/i', $file)){
$filepath = "images/" . $file;
// Process download
if(file_exists($filepath)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($filepath).'"');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($filepath));
flush(); // Flush system output buffer
readfile($filepath);
die();
} else {
http_response_code(404);
die();
}
} else {
die("Invalid file name!");
}
}
?>