#!/usr/bin/perl

# must be called with link
# fdl.cgi?file=filename&root=file_root&ll=log_level
# filename = file name
# root = which root to work from in list below
# ll = log detail level

use CGI qw/:cgi-lib/;

$LOG = "../logs/file_dl_log.txt";

$query = new CGI;
$file = $query->param ("file") || 0;
$root = $query->param('root') || "files";
$log_level = $query->param('ll') || 2;

$file =~ s/\.\.//g; # remove any .. attempts
$file =~ s/^\///;   # remove leading /
$file =~ s,(^.*/),,; # rextract the final file name
$path = $1; # the path is what's left

%roots = ( 'img' => '../images/',
           'arc' => '../file/archive/'
);


# log the file access
open (LOGFILE, ">>$LOG") || die "Could not open logfile";
printf LOGFILE substr(scalar localtime,4,20)."\t%s\t%s\t%s\t%s\t%s\n",$file, $root, $path, $ENV{'REMOTE_ADDR'},$ENV{'REMOTE_HOST'};
close (LOGFILE);

# check to be sure link is from local server
if (($ENV{'HTTP_REFERER'} =~ /$ENV{'SERVER_NAME'}/) ) {
    print "Content-Disposition: attachment; filename=$file\n";
    print "Content-type: application/octet-stream\n\n";
    $target = $roots{$root}."$path$file";
    if (open(DLFILE,"$target")) {
        while(<DLFILE> ) { print; }
        close(DLFILE);
    }
} else {
    print "File not Found";
    print "</body></html>";
}