<?php
require 'inc/conf.php';
$id = intval($_GET['id']);

if ($id > 0) {

$ch = hm_result("SELECT d_file FROM downloads WHERE d_id='$id' LIMIT 1;");

if ($ch) {
 hm_query("INSERT INTO download_log (dl_id,dl_date,dl_ip,dl_download_id,dl_file,dl_user)
 VALUES (NULL,NOW(),'".mysqlText($_SERVER['REMOTE_ADDR'])."','$id','".mysqlText($ch)."','".mysqlText($_SERVER['HTTP_USER_AGENT'])."');");
 hm_query("UPDATE downloads SET d_hits=d_hits+1 WHERE d_id='$id' LIMIT 1;");
$filename = "downs/0MXH7eoxgEF6XdyM/$ch";
 if (file_exists($filename)) {
//  header ("Location: $filename");
//  exit();
  $length = filesize($filename);
  
  if ($length > 0) {
   header('Pragma: public');
   header('Expires: 0');
//   header("Cache-Control: must-revalidate, post-check=0, pre-check=0, private");
//   header('Cache-Control: private',false);
   header('Content-Disposition: attachment; filename="'.$ch.'";');
   header('Content-Transfer-Encoding: binary');
   header('Content-Length: '.$length);
   
   $ext = strtolower(substr($filename,-3,3));
   
   switch($ext) {
    case 'mp3':
     header("Content-Type: audio/mpeg");
     break;
    case 'mpg':
    case 'mpeg':
     header("Content-Type: video/mpeg");
     break;
    case 'lha':
    case 'zip':
     header("Content-Type: application/octet-stream");
     break;
    case 'd64':
     header("Content-Type: text/plain");
     break;
    case 'doc':
     header("Content-Type: application/msword");
     break;
    case 'pdf':
     header("Content-Type: application/pdf");
     break;
    case 'zip':
     header("Content-Type: application/octet-stream");
     break;
    case 'wav':
     header("Content-Type: audio/x-wav");
     break;
    case 'doc':
     header("Content-Type: application/msword");
     break;
    case 'exe':
    case 'php':
    case 'cgi':
    case 'html':
    case 'htm':
    case 'log':
    case 'htaccess':
     mail('hackalert@howdymedia.com','[Exitof99] Hack Attempt','From: '.$_SERVER['REMOTE_ADDR'].'
File Attempted to Access: '.$filename.'
Request URI:'.$_SERVER['REQUEST_URI']);
     echo 'Hack attempt logged. An admin has been notified.';
     exit();
     break;
    default:
     mail('exit@exitof99.com','[Exitof99] Unsupported File Type','From: '.$_SERVER['REMOTE_ADDR'].'
File Attempted to Access: '.$filename.'
Request URI:'.$_SERVER['REQUEST_URI']);
     echo 'Unsupported File Type. Support was notified of this event.';
     exit();
    }
    $sent = 0;
    $handle = fopen($filename, 'r');
    while ($sent < $length) {
     echo fread($handle, 8192);
     $sent += 8192;
    }
    fclose($handle);
    exit();
  } else echo '5';
 } else echo '4';
} else echo '3';
} else echo '2';

echo ' - File not found.';
exit();