<?php
/*
This is the main script that everything else is included
in. Mostly what it does is check the user permissions
to see what they have access to.
*/
define('IN_FS', true);
require dirname(__FILE__) . '/header.php';
// Background daemon that does scheduled reminders
if ($conf['general']['reminder_daemon'] == '1') {
Flyspray::startReminderDaemon();
}
$user->save_search($do);
if (Get::val('logout')) {
$user->logout();
Flyspray::Redirect($baseurl);
}
if (Get::val('getfile')) {
// If a file was requested, deliver it
$task = $db->x->getRow("SELECT t.project_id,\n a.orig_name, a.file_name, a.file_type, t.*\n FROM {attachments} a\n INNER JOIN {tasks} t ON a.task_id = t.task_id\n WHERE attachment_id = ?", null, Get::val('getfile'));
$disk_filename = FS_ATTACHMENTS_DIR . DIRECTORY_SEPARATOR . $task['file_name'];
// Check if file exists, and user permission to access it!
if (!is_file($disk_filename) || !$user->can_view_task($task)) {
header('HTTP/1.1 410 Gone');
echo 'File does not exist.';
exit;
}
header('Pragma: public');
header("Content-type: {$task['file_type']}");
header('Content-Disposition: filename="' . $task['orig_name'] . '"');