www.gusucode.com > Destoon B2B仿淘宝电子商务网站 UTF8 v6.0源码程序 > destoon/api/attach.php

    <?php
/*
	[Destoon B2B System] Copyright (c) 2008-2015 www.destoon.com
	This is NOT a freeware, use is subject to license.txt
*/
$_COOKIE = array();
require '../common.inc.php';
if($DT_BOT) dhttp(403);
$url = isset($url) ? trim($url) : '';
$name = isset($name) ? trim($name) : '';
strlen($url) > 15 or dheader(DT_PATH);
$ext = file_ext($url);
$ext or dheader(DT_PATH);
$name or dheader($url);
$ext == file_ext($name) or dheader(DT_PATH);
in_array($ext, array('rar', 'zip', 'gz', 'tar', 'pdf', 'doc', 'docx', 'xls', 'xlsx', 'ppt', 'pptx')) or dheader($url);
strpos($url, DT_PATH.'file/upload/') === 0 or dheader($url);
$file = substr($url, strlen(DT_PATH.'file/upload/'));
$filename = substr($file, 0, -strlen($ext)-1);
preg_match("/^[0-9\-\/]{21,}$/", $filename) or dheader($url);
$localfile = DT_ROOT.'/file/upload/'.$file;
is_file($localfile) or dheader($url);
$title = convert(substr($name, 0, -strlen($ext)-1), 'UTF-8', DT_CHARSET);
$title = file_vname($title);
$title or dheader($url);
if(strpos($_SERVER['HTTP_USER_AGENT'], 'Chrome') !== false) $title = convert($title, DT_CHARSET, 'UTF-8');
if(strpos($_SERVER['HTTP_USER_AGENT'], 'Firefox') !== false) $title = str_replace(' ', '_', $title);
if(strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false) $title = convert($title, DT_CHARSET, 'GBK');
$title or dheader($url);
file_down($localfile, $title.'.'.$ext);
?>