Файл: vsime.com/files/inc/act_download.php
Строк: 41
<?
@ob_clean();
$unique_code = "unique_code";
$get_unique_code = hsc($_GET['unique_code']);
$mdp_unique_code = hsc($_GET['mdp_unique_code']);
$q = mysqli_query($dbi, "SELECT * FROM `files`");
$id_file = 0;
while ($post = mysqli_fetch_array($q)) {
if (md5($post['id']) == my_esc(hsc($_GET['md5_id'])))$id_file = $post['id'];
}
$file = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `files` WHERE `id` = '".intval($id_file)."' AND `type` = 'file'"));
if (@$file['id']) {
if ($get_unique_code != $unique_code || $mdp_unique_code != $mdp) {
locon(" /files/?file=$file[id]");
exit();
}
$dir = dir_files_info($file['id_dir']);
$ank = profile($file['id_user']);
if (!dir_files_access($dir, NULL, 1)) {
dir_files_access($dir, access_denied());
}
$show = 0;
$file['path'] = H."system/files/files/users/user$ank[id]/dir$file[id_dir]/".$file['id'].".dat";
$get_name = file_name_html(eregi_replace('.[^.]*$', NULL, $_GET['name']));
if ($get_name)$name_load = $get_name;
else $name_load = file_name_html($file['name']);
if (!$name_load)$name_load = file_name_html($_SERVER['HTTP_HOST']);
DownloadFile($file['path'], $name_load.".".$file['ras'], ras_to_mime($file['ras']), $show);
} else {
$text = "File not founded";
header("Content-type: image/png");
$image = imagecreate(200, 18);
$background_color = imagecolorallocate ($image, 255, 255, 255);
$count_chars = 2;
$black = imagecolorallocate($image, 255, 0, 0);
ImageString($image,6,$count_chars,1,$text,$black);
imagepng($image);
imagedestroy($image);
}
exit();
?>