$path = $_GET['path'];
$path = str_replace("..","",$path);
// $name = urldecode(base64_decode($_GET['name']));
$name = $_GET['name'];
$name = str_replace("..","",$name);
$file_extension = strtolower(substr(strrchr($name,"."),1));
$avail_down = false;
switch( $file_extension ) {
case "hwp": $avail_down=true; break;
case "pdf": $avail_down=true; break;
case "doc": $avail_down=true; break;
case "txt": $avail_down=true; break;
case "gif": $avail_down=true; break;
case "jpg": $avail_down=true; break;
case "jpeg": $avail_down=true; break;
default: $avail_down=false;
}
if( !$avail_down ) {
echo("");
return false;
}
$file_path = $_SERVER["DOCUMENT_ROOT"]."/snews/data/".$path;
$fileup_path = $file_path;
$file_name = $fileup_path."/".$name;
//echo($file_name);
//echo(filesize($file_name));
/*header("Content-Type: application/octet-stream");
Header("Content-Disposition: attachment;; filename=$name");
header("Content-Transfer-Encoding: binary");
Header("Content-Length: ".(string)(filesize($file_name)));
Header("Cache-Control: cache, must-revalidate");
header("Pragma: no-cache");
header("Expires: 0");*/
if (strstr($_SERVER['HTTP_USER_AGENT'], "MSIE"))
{
header("Content-Type: application/octet-stream");
header('Content-Disposition: attachment; filename="'.$name.'"');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header("Content-Transfer-Encoding: binary");
header('Pragma: public');
header("Content-Length: ".(string)(filesize($file_name)));
}
else
{
header("Content-Type: application/octet-stream");
header('Content-Disposition: attachment; filename="'.$name.'"');
header("Content-Transfer-Encoding: binary");
header('Expires: 0');
header('Pragma: no-cache');
header("Content-Length: ".(string)(filesize($file_name)));
}
/*
if(file_exists($file_name))
{
if (is_file($file_name)) {
$f = fopen($file_name, "r");
while(!feof($f)) {
//$filedata = $filedata . fread($f, 100*1024);
echo fread($f, 1000*1024);
flush();
}
//$filedata = fread($f, filesize($file_name));
fclose($f);
}
//print $filedata;
}
else
{
echo("");
}
*/
$fwok=true;
if(file_exists($file_name)){
if (is_file($file_name)) {
if($fp = fopen($file_name, "r")) {
//$buffer = fread($file_name, filesize($file_name));
if (!fpassthru($fp)) $fwork = false;
//fclose($fp);
} else $fwork = false;
}else $fwork = false;
}else $fwork = false;
if(!$fwok) echo("");
?>