Someone?
include "../../mainfile.php";
include_once("./include/functions.php");
$myts =& MyTextSanitizer::getInstance(); // MyTextSanitizer object
$lid = intval($HTTP_GET_VARS['lid']);
$cid = intval($HTTP_GET_VARS['cid']);
if ( $xoopsModuleConfig['check_host'] ) {
$goodhost = 0;
$referer = parse_url(xoops_getenv('HTTP_REFERER'));
$referer_host = $referer['host'];
foreach ( $xoopsModuleConfig['referers'] as $ref ) {
if ( !empty($ref) && preg_match("/".$ref."/i", $referer_host) ) {
$goodhost = "1";
break;
}
}
if (!$goodhost) {
redirect_header(XOOPS_URL . "/modules/mydownloads/singlefile.php?cid=$cid&lid=$lid", 20, _MD_NOPERMISETOLINK);
exit();
}
}
$sql = sprintf("UPDATE %s SET hits = hits+1 WHERE lid = %u AND status > 0", $xoopsDB->prefix("mydownloads_downloads"), $lid);
$xoopsDB->queryF($sql);
$result = $xoopsDB->query("SELECT url,groupid, usersid FROM ".$xoopsDB->prefix("mydownloads_downloads")." WHERE lid=$lid AND status>0");
list($url,$groupid,$usersid) = $xoopsDB->fetchRow($result);
checkMyDownloadsAccess($groupid,$usersid, XOOPS_URL, 2, _NOPERM);
$separator="-_MYDWONLOADSPRO_-";
$download = explode($separator,$url);
if (!preg_match("/^ed2k*:///i", $url) && $download[1]=='') {
Header("Location: $url");
}
header("Content-Disposition: attachment; filename=$download[1]");
readfile($myts->oopsHtmlSpecialChars($url));
exit();