<?php
/**
 * Landing page
 *
 * This handles basically all requests. Every request not to an existing file path, should be redirected here.
 * This file checks basic configuration and includes the required page, based on the REQUEST_URI.
 *
 * @author Camil Staps
 *
 * BusinessAdmin: administrative software for small companies
 * Copyright (C) 2015 Camil Staps (ViviSoft)
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.	If not, see <http://www.gnu.org/licenses/>.
 */

require_once(__DIR__ . '/../conf.php');

$filename = $_REQUEST['name'];
$filepath = Constants::files_folder . $filename;

$key = $_REQUEST['key'];

$files = File::search($_pdo, ['`filename`=?'], [$filename]);
if (count($files) == 0 || !file_exists($filepath) || is_dir($filepath)) {
	http_response_code(404);
	header('Content-type: text/plain');
	echo "$filename could not be found";
} elseif (array_pop($files)->secret_key != $key) {
	http_response_code(403);
	header('Content-type: text/plain');
	echo "incorrect key";
} else {
	header('Content-type: ' . mime_content_type($filepath));
	header('Content-Disposition: attachment; filename="'.$filename.'"');
	readfile($filepath);
}