<?php

if(!$_GET["file"] && !is_file("download/".$_GET["file"])){
  echo "wrong parameter, perhaps?";
  exit();
}

if(preg_match("/\.\./", $_GET["file"]) || preg_match("/:///", $_GET["file"])){
  echo "Are you trying to do something nasty?";
  exit();
}

// save log
$filename = "var/download.".date("Y-m").".log";
$fd = fopen($filename, "a");
fputs($fd, gethostbyaddr($_SERVER['REMOTE_ADDR']));
fputs($fd, " - - ");
fputs($fd, "[".date("d/M/Y:h:i:s O")."]");
fputs($fd, " \"".$_SERVER["REQUEST_METHOD"]." ".$_GET["file"]." ".$_SERVER["SERVER_PROTOCOL"]."\"");
fputs($fd, " 200 ".filesize("download/".$_GET["file"]));
fputs($fd, " \"".$_SERVER["HTTP_REFERER"]."\"");
fputs($fd, " \"".$_SERVER["HTTP_USER_AGENT"]."\"");
fputs($fd, "\n");

header("Location: download/".$_GET["file"]);
?>