Файл: forum/down.php
Строк: 158
<?
include('../sys/func.php');
//if($_COOKIE['login'] == !NULL && $_COOKIE['pass'] == !NULL){
# блокируем опасные зоны
$files = htmlspecialchars($_GET['files']);
$files = str_replace('../','',$files);
$files = str_replace('./','',$files);
$filename = '../obmen/forum/'.$files.'';
# не разрешаем скачивать важные файлы
if($files == '.htaccess' || $files == 'index.php' || $files == 'htaccess'){echo'Ошибка! Файл не найден!';} else {
# проверяем наличие файла
if (file_exists($filename)) {
$it = '../obmen/forum/'.$files.'';
/*function regist($str){
$strold=array("Q", "W", "E", "R", "T", "Y", "U", "I", "O", "P", "S", "D", "F", "G", "H", "J", "K", "L", "Z", "X", "C", "V", "B", "N", "M"); # что заменять
$strnew=array("q", "w", "e", "r", "t", "y", "u", "i", "o", "p", "s", "d", "f", "g", "h", "j", "k", "l", "z", "x", "c", "v", "b", "n", "m"); # на что заменять
$str=str_replace($strold, $strnew, $str);
return $str;
}*/
$type = explode('.',$name);
$type = $type[count($type)-1];
$type = regist($type);
$headers = array('jar'=>'application/java-archive',
'wmlc'=>'application/vnd.wap.wmlc',
'wmlsc'=>'application/vnd.wap.wmlscriptc',
'slc'=>'application/vnd.wap.slc',
'sic'=>'application/vnd.wap.sic',
'thm'=>'application/vnd.eri.thm',
'nth'=>'application/vnd.nok-s40theme',
'rng'=>'application/vnd.Nokie.ringing-tone',
'nqd'=>'application/vnd.nokia.gamedata',
'ngd'=>'application/x-nokiagamedata',
'seq'=>'application/vnd.alcatel.SEQ',
'utz'=>'application/vnd.uiq.thm',
'mpn'=>'application/vnd.mophun.application',
'mpc'=>'application/vnd.mophun.certificate',
'tpl'=>'application/vnd.sonyericsson.mms-template',
'sdt'=>'application/vnd.siemens-mp.theme',
'scs'=>'application/vnd.siemens-mp.skin',
'ldb'=>'application/vnd.siemens-mp.t9db',
'cab'=>'application/vnd.ms-cab-compressed',
'sis'=>'application/vnd.symbian.install',
'sisx'=>'application/octet-stream',
'app'=>'application/vnd.symbian.install',
'z'=>'application/x-compress',
'7z'=>'application/x-7z-compressed',
'rar'=>'application/x-rar-compressed',
'zip'=>'application/x-zip',
'gz'=>'application/x-gzip',
'tgz'=>'application/x-gzip',
'tar'=>'application/x-tar',
'bz'=>'application/x-bzip',
'bz2'=>'application/x-bzip',
'hid'=>'application/x-tar',
'chm'=>'application/chm',
'pmd'=>'application/x-pmd',
'smil'=>'application/smil',
'smi'=>'application/smil',
'mmf'=>'application/vnd.smaf',
'smaf'=>'application/vnd',
'mms'=>'application/vnd.wap.mms-message',
'dm'=>'application/vnd.oma.drm.message',
'dvi'=>'application/x-dvi',
'doc'=>'application/msword',
'pdf'=>'application/pdf',
'ps'=>'application/postscript',
'eps'=>'application/postscript',
'tex'=>'application/x-tex',
'com'=>'application/octet-stream',
'exe'=>'application/octet-stream',
'bat'=>'application/octet-stream',
'au'=>'audio/basic',
'snd'=>'audio/basic',
'imy'=>'audio/imelody',
'srt'=>'audio/mid',
'midi'=>'audio/mid',
'mid'=>'audio/mid',
'col'=>'audio/mid',
'mp3'=>'audio/mpeg',
'aac'=>'audio/aac',
'amr'=>'audio/amr',
'awb'=>'audio/amr-wb',
'rmf'=>'audio/rmf',
'qcp'=>'audio/vnd.qcelp',
'aiff'=>'audio/aiff',
'wav'=>'audio/x-wav',
'wma'=>'audio/x-ms-wma',
'wbmp'=>'image/vnd.wap.wbmp',
'bmx'=>'image/bmp',
'png'=>'image/png',
'jpg'=>'image/jpeg',
'jpe'=>'image/jpeg',
'jpeg'=>'image/jpeg',
'gif'=>'image/gif',
'bmp'=>'image/bmp',
'mbm'=>'image/x-epoc-mbm',
'n3a'=>'image/vnd.nok-3dscreensaver',
'mbm'=>'image/x-epoc-mbm',
'n3a'=>'image/vnd.nok-3dscreensaver',
'nok'=>'image/vnd.nok-oplogo-colornokia-op-logo',
'art'=>'image/x-jg',
'tiff'=>'image/tiff',
'3gp'=>'video/3gpp',
'mp4'=>'video/mp4',
'mpeg'=>'video/mpeg',
'mpg'=>'video/mpeg',
'mpe'=>'video/mpeg',
'mov'=>'video/quicktime',
'qt'=>'video/quicktime',
'avi'=>'video/x-msvideo',
'wmv'=>'video/x-ms-wmv',
'asf'=>'video/x-ms-asf',
'ivf'=>'video/x-ivf',
'wrl'=>'x-world/x-vrml',
'apk'=>'application/vnd.symbian.install',
'ipa'=>'application/vnd.iphone.package-archive');
header('HTTP/1.1 200 Ok');
header('Accept-Ranges: bytes');
header('Content-Length: ' . filesize($it));
header('Connection: close');
if(!empty($headers[$type])){
header('Content-type: '.$headers[$type]);} else {
header('Content-type: application/octet-stream');}
header('Content-Disposition: attachment; filename="'.$files.'";');
echo file_get_contents($it);
exit;
} else {echo'<div class="menu">Ошибка! Файл не найден!</div>';}
}
//} else {echo'<div class="menu">Доступ разрешен только зарегистированым!</div>';}
?>