Viewing file:  getfile.php (1.87 KB) -rw-r--r--
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
@ini_set("display_errors","1");
@ini_set("display_startup_errors","1");
require_once("include/dbcommon.php");
$shortTableName = postvalue("table");
$table = GetTableByShort( $shortTableName );
if( !$table )
exit(0);
$pageName = postvalue("pagename");
$strFilename = postvalue("filename");
$ext = substr( $strFilename, strlen($strFilename) - 4 );
$ctype = getContentTypeByExtension($ext);
$field = postvalue("field");
if( !Security::userHasFieldPermissions( $table, $field, PAGE_LIST, $pageName, false ) )
return;
$pSet = new ProjectSettings( $table, PAGE_LIST, $pageName );
/*$gQuery = $pSet->getSQLQuery();
if( !$gQuery->HasGroupBy() )
{
// Do not select any fields except current (file) field.
// If query has 'group by' clause then other fields are used in it and we may not simply cut 'em off.
// Just don't do anything in that case.
$gQuery->RemoveAllFieldsExcept( $pSet->getFieldIndex($field) );
}*/
$_connection = $cman->byTable( $table );
$keys = array();
foreach( $pSet->getTableKeys() as $ind => $k ) {
$keys[ $k ] = postvalue("key".($ind + 1));
}
/*$where = KeyWhere($keys, $table);
if( $pSet->getAdvancedSecurityType() == ADVSECURITY_VIEW_OWN )
{
$where = whereAdd( $where, SecuritySQL("Search", $table ) );
}
$sql = $gQuery->gSQLWhere( $where );
$qResult = $_connection->query( $sql );*/
$dc = new DsCommand();
$dc->filter = Security::SelectCondition( "S", $pSet );
$dc->keys = $keys;
$qResult = getDataSource( $table, $pSet, $_connection )->getSingle( $dc );
if( !$qResult || !( $data = $qResult->fetchAssoc() ) )
return;
$value = $_connection->stripSlashesBinary( $data[$field ] );
header("Content-Type: ".$ctype);
header("Content-Disposition: attachment;Filename=\"".$strFilename."\"");
header("Cache-Control: private");
SendContentLength( strlen_bin($value) );
echoBinary( $value );
return;
?>
|