function index() { $mfile = new Model_File(); if (isset($_GET["md5"])) { if (!strpos($_GET["md5"], "/")) { $data = $mfile->attachFromMD5($_GET["md5"]); $flag = false; if ($this->registry["ui"]["id"] == $data[0]["uid"]) { $flag = true; } if (!$flag) { $right = json_decode($data[0]["right"], true); foreach ($right as $key => $val) { if ($key == "frall") { if ($val > 0) { $flag = true; } } if ($key == "fg" . $this->registry["ui"]["gid"]) { if ($val > 0) { $flag = true; } } if ($key == "user" . $this->registry["ui"]["id"]) { if ($val > 0) { $flag = true; } } } } if ($flag) { $fn = $_GET["md5"]; $file = $this->registry["rootPublic"] . $this->registry["path"]["upload"] . $fn; if (file_exists($file)) { $data[0]["filename"] = str_replace(" ", "_", $data[0]["filename"]); header("Content-Type: application/octet-stream"); header("Accept-Ranges: bytes"); header("Content-Length: " . filesize($file)); header("Content-Disposition: attachment; filename=" . $data[0]["filename"]); readfile($file); } } } } if (isset($_GET["filename"])) { $filename = $_GET["filename"]; if (!strpos($filename, "/")) { $curdir = $_GET["did"]; $data = $mfile->attachFromName($filename, $curdir); $flag = false; if ($this->registry["ui"]["id"] == $data[0]["uid"]) { $flag = true; } if (!$flag) { $right = json_decode($data[0]["right"], true); foreach ($right as $key => $val) { if ($key == "frall") { if ($val > 0) { $flag = true; } } if ($key == "fg" . $this->registry["ui"]["gid"]) { if ($val > 0) { $flag = true; } } if ($key == "user" . $this->registry["ui"]["id"]) { if ($val > 0) { $flag = true; } } } } if ($flag) { $fn = $data[0]["md5"]; $file = $this->registry["rootPublic"] . $this->registry["path"]["upload"] . $fn; if (file_exists($file)) { $filename = str_replace(" ", "_", $filename); header("Content-Type: application/octet-stream"); header("Accept-Ranges: bytes"); header("Content-Length: " . filesize($file)); header("Content-Disposition: attachment; filename=" . $filename); readfile($file); } } } } exit; }