2 /************************************************************************/
4 /************************************************************************/
5 /* Copyright (c) 2002-2008 by Greg Gay, Joel Kronenberg & Heidi Hazelton*/
6 /* Adaptive Technology Resource Centre / University of Toronto */
9 /* This program is free software. You can redistribute it and/or */
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /************************************************************************/
13 // $Id: get.php 6974 2007-06-15 18:44:37Z joel $
14 define('AT_INCLUDE_PATH', 'include/');
16 header("Content-Encoding: none");
17 if (isset($_GET['test'])) {
18 header('HTTP/1.1 200 OK', TRUE);
19 header('ATutor-Get: OK');
24 require(AT_INCLUDE_PATH . 'vitals.inc.php');
25 require(AT_INCLUDE_PATH . 'lib/mime.inc.php');
27 $force_download = false;
30 if (defined('AT_FORCE_GET_FILE') && AT_FORCE_GET_FILE) {
31 if (!empty($_SERVER['PATH_INFO'])) {
32 $current_file = $_SERVER['PATH_INFO'];
33 } else if (!empty($_SERVER['REQUEST_URI'])) {
34 $current_file = $_SERVER['REQUEST_URI'];
35 } else if (!empty($_SERVER['PHP_SELF'])) {
36 if (!empty($_SERVER['QUERY_STRING'])) {
37 $current_file = $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'];
39 $current_file = $_SERVER['PHP_SELF'];
41 } else if (!empty($_SERVER['SCRIPT_NAME'])) {
42 if (!empty($_SERVER['QUERY_STRING'])) {
43 $current_file = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];
45 $current_file = $_SERVER['SCRIPT_NAME'];
47 } else if (!empty($_SERVER['URL'])) {
48 if (!empty($_SERVER['QUERY_STRING'])) {
49 $current_file = $_SERVER['URL'] . '?' . $_SERVER['QUERY_STRING'];
51 $current_file = $_SERVER['URL'];
54 if ($pos = strpos($current_file, '/get.php/') !== FALSE) {
55 $current_file = substr($current_file, $pos + strlen('/get.php/'));
58 if (substr($current_file, 0, 2) == '/@') {
59 $force_download = true;
60 $current_file = substr($current_file, 2);
63 $current_file = $_GET['f'];
65 if (substr($current_file, 0, 2) == '/@') {
66 $force_download = true;
67 $current_file = substr($current_file, 2);
71 $file_name = pathinfo($current_file);
72 $file_name = $file_name['basename'];
74 if (substr($file_name, 0, 4) == 'b64:') {
75 $base64_file_name = substr($file_name, 4);
76 $file_name = base64_decode($base64_file_name);
77 $current_file = '/'.$file_name;
80 if (is_numeric(substr($current_file, 1, 1)) == true) {
81 $course_num = substr($current_file, 1, 1);
82 $current_file = substr($current_file, 2);
83 $file = AT_CONTENT_DIR . $course_num . $current_file;
85 $file = AT_CONTENT_DIR . $_SESSION['course_id'] . $current_file;
88 //send header mime type
89 $pathinfo = pathinfo($file);
90 $ext = $pathinfo['extension'];
92 $ext = 'application/octet-stream';
94 $ext = $mime[$ext][0];
97 //check that this file is within the content directory & exists
99 // NOTE!! for some reason realpath() is not returning FALSE when the file doesn't exist!
100 $real = realpath($file);
102 if (file_exists($real) && (substr($real, 0, strlen(AT_CONTENT_DIR)) == AT_CONTENT_DIR)) {
103 if ($force_download) {
104 header('Content-Type: application/force-download');
105 header('Content-transfer-encoding: binary');
106 header('Content-Disposition: attachment; filename="'.$pathinfo['basename'].'"');
108 header('Content-Disposition: filename="'.$pathinfo['basename'].'"');
112 * although we can check if mod_xsendfile is installed in apache2
113 * we can't actually check if it's enabled. also, we can't check if
114 * it's enabled and installed in lighty, so instead we send the
115 * header anyway, if it works then the line after it will not
116 * execute. if it doesn't work, then the line after it will replace
117 * it so that the full server path is not exposed.
119 * x-sendfile is supported in apache2 and lighttpd 1.5+ (previously
120 * named x-send-file in lighttpd 1.4)
122 header('x-Sendfile: '.$real);
123 header('x-Sendfile: ', TRUE); // if we get here then it didn't work
125 header('Content-Type: '.$ext);
130 header('HTTP/1.1 404 Not Found', TRUE);