$stm->execute(array(':id' => $id[1])); $res = $stm->fetch(PDO::FETCH_ASSOC); if (false === $res) { header("HTTP/1.0 404 Not Found", true, 404); die('404 Not Found: ' . $id[0] . ' ' . $id[1] . ' is not found. it may have expired, been deleted, or never existed at all.'); } if ($res['expire'] !== '-1' && time() >= (int) $res['expire']) { header("HTTP/1.0 410 Gone", true, 410); die('410 Gone: this file expired on ' . date(DateTime::ISO8601, (int) $res['expire'])); } if (is_string($res['password_hash']) && 0 < strlen($res['password_hash'])) { if (!isset($_GET['password'])) { header("HTTP/1.0 403 Forbidden", true, 403); die('this file is password protected, and no password supplied.'); } if (passwordHashV1($_GET['password']) !== $res['password_hash']) { header("HTTP/1.0 403 Forbidden", true, 403); die('wrong password'); } } $fullFilePath = hhb_combine_filepaths($files_folder, $res['local_filename']); if (!file_exists($fullFilePath)) { throw new Exception("CORRUPTED DATABASE! FILE FOR " . var_export($id, true) . ' DOES NOT EXIST!'); } header('Content-Description: File Transfer'); header('Content-Type: ' . $res['file_content_type']); header('Content-Disposition: attachment; filename="' . $res['data_name'] . '"'); //dont worry, data_name in db is already sanitized... or is supposed to be.... header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public');
function getPasswordHash() { // if (!isset($_POST['password'])) { return ''; } return passwordHashV1($_POST['password']); }