2 /************************************************************************/
4 /************************************************************************/
5 /* Copyright (c) 2010 */
6 /* Inclusive Design Institute */
8 /* This program is free software. You can redistribute it and/or */
9 /* modify it under the terms of the GNU General Public License */
10 /* as published by the Free Software Foundation. */
11 /************************************************************************/
13 define('TR_INCLUDE_PATH', 'include/');
15 header("Content-Encoding: none");
16 if (isset($_GET['test'])) {
17 header('HTTP/1.1 200 OK', TRUE);
18 header('Trans-Get: OK');
23 require(TR_INCLUDE_PATH . 'vitals.inc.php');
24 require(TR_INCLUDE_PATH . 'lib/mime.inc.php');
26 $force_download = false;
29 if (defined('TR_FORCE_GET_FILE') && TR_FORCE_GET_FILE) {
30 if ((version_compare(phpversion(), '5.2.0', '<') > 0) && !empty($_SERVER['ORIG_PATH_INFO'])){
31 //http://www.atutor.ca/atutor/mantis/view.php?id=3436
32 $current_file = $_SERVER['ORIG_PATH_INFO'];
33 } else if (!empty($_SERVER['PATH_INFO'])) {
34 $current_file = $_SERVER['PATH_INFO'];
35 } else if (!empty($_SERVER['REQUEST_URI'])) {
36 $current_file = $_SERVER['REQUEST_URI'];
37 } else if (!empty($_SERVER['PHP_SELF'])) {
38 if (!empty($_SERVER['QUERY_STRING'])) {
39 $current_file = $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'];
41 $current_file = $_SERVER['PHP_SELF'];
43 } else if (!empty($_SERVER['SCRIPT_NAME'])) {
44 if (!empty($_SERVER['QUERY_STRING'])) {
45 $current_file = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];
47 $current_file = $_SERVER['SCRIPT_NAME'];
49 } else if (!empty($_SERVER['URL'])) {
50 if (!empty($_SERVER['QUERY_STRING'])) {
51 $current_file = $_SERVER['URL'] . '?' . $_SERVER['QUERY_STRING'];
53 $current_file = $_SERVER['URL'];
56 if (($pos = strpos($current_file, '/get.php')) !== FALSE) {
57 $current_file = substr($current_file, $pos + strlen('/get.php'));
59 if (substr($current_file, 0, 2) == '/@') {
60 $force_download = true;
61 $current_file = substr($current_file, 2);
64 $current_file = $_GET['f'];
66 if (substr($current_file, 0, 2) == '/@') {
67 $force_download = true;
68 $current_file = substr($current_file, 2);
72 $file_name = pathinfo($current_file);
73 $file_name = $file_name['basename'];
75 if (substr($file_name, 0, 4) == 'b64:') {
76 $base64_file_name = substr($file_name, 4);
77 $file_name = base64_decode($base64_file_name);
78 $current_file = '/'.$file_name;
82 $file = TR_CONTENT_DIR . $_SESSION['course_id'] . $current_file;
84 //send header mime type
85 $pathinfo = pathinfo($file);
86 $ext = $pathinfo['extension'];
88 $ext = 'application/octet-stream';
90 $ext = $mime[$ext][0];
93 //check that this file is within the content directory & exists
95 // NOTE!! for some reason realpath() is not returning FALSE when the file doesn't exist!
96 $real = realpath($file);
98 if (file_exists($real) && (substr($real, 0, strlen(TR_CONTENT_DIR)) == TR_CONTENT_DIR)) {
99 if ($force_download) {
100 header('Content-Type: application/force-download');
101 header('Content-transfer-encoding: binary');
102 header('Content-Disposition: attachment; filename="'.$pathinfo['basename'].'"');
104 header('Content-Disposition: filename="'.$pathinfo['basename'].'"');
108 * although we can check if mod_xsendfile is installed in apache2
109 * we can't actually check if it's enabled. also, we can't check if
110 * it's enabled and installed in lighty, so instead we send the
111 * header anyway, if it works then the line after it will not
112 * execute. if it doesn't work, then the line after it will replace
113 * it so that the full server path is not exposed.
115 * x-sendfile is supported in apache2 and lighttpd 1.5+ (previously
116 * named x-send-file in lighttpd 1.4)
118 header('x-Sendfile: '.$real);
119 header('x-Sendfile: ', TRUE); // if we get here then it didn't work
121 header('Content-Type: '.$ext);
122 header('Content-length: '.filesize($real));
127 header('HTTP/1.1 404 Not Found', TRUE);