<?php

chdir('..');
require_once('_includes/top.php');

if (isset($_SESSION['userINFO']['userName'])) {
	$file = pathinfo($_GET['filename']);
	parse_str(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY));
	$query = "INSERT INTO files_stats (
				`user_id`,
				`filepath`,
				`filename`,
				`file_md5`,
				`timestamp`
			  ) VALUES (
				" . $_SESSION['userINFO']['userID'] . ",
				'documents/" . $file['dirname'] . "',
				'" . $file['basename'] . "',
				'" . md5_file('documents/' . $_GET['filename']) . "',
				UNIX_TIMESTAMP()
			  )";
	mysql_query($query);
}

if (is_file('documents/' . $_GET['filename'])) {
	$filepath = 'documents/' . $_GET['filename'];
} else {
	$filepath = ltrim($_GET['filename'], '/');
}

$file = pathinfo($filepath);
header('Content-type: application/' . $file['extension']);
header('Content-Disposition: attachment;filename="' . $file['basename'] . '"');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($filepath));
	
readfile($filepath);
exit();

?>