header('HTTP/1.1 404 Not Found'); render('page/404'); exit; } $f = $_GET['f']; if (!file_exists($f)) { header('HTTP/1.1 404 Not Found'); render('page/404'); exit; } $file = new FileModel($_GET['f']); switch ($file->mime()) { case 'video/mp4': case 'image/svg+xml': case 'image/png': case 'image/jpeg': case 'image/gif': $image = true; break; default: $image = false; break; } if (!$image || !is_readable($f)) { header('HTTP/1.1 403 Permission denied'); render('page/403', array('message' => 'Permission denied')); exit; } header('Content-Type: ' . $file->mime()); header('Content-Length: ' . $file->size()); readfile($file->path());