37 lines
984 B
PHP
37 lines
984 B
PHP
<?php
|
|
require_once(__DIR__ . '/auth_check.php');
|
|
require_once(__DIR__ . '/../../class/db-functions.php');
|
|
|
|
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
|
|
http_response_code(400);
|
|
echo 'ID non valido.';
|
|
exit;
|
|
}
|
|
|
|
$id = (int)$_GET['id'];
|
|
$db = DBHandlerSelect::getInstance();
|
|
$pdo = $db->getConnection();
|
|
|
|
$stmt = $pdo->prepare("SELECT * FROM scad_deadline_attachments WHERE id = ?");
|
|
$stmt->execute([$id]);
|
|
$att = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if (!$att) {
|
|
http_response_code(404);
|
|
echo 'Allegato non trovato.';
|
|
exit;
|
|
}
|
|
|
|
$filePath = __DIR__ . '/../attachments/' . $att['stored_name'];
|
|
if (!file_exists($filePath)) {
|
|
http_response_code(404);
|
|
echo 'File non trovato sul server.';
|
|
exit;
|
|
}
|
|
|
|
header('Content-Type: ' . ($att['mime_type'] ?: 'application/octet-stream'));
|
|
header('Content-Disposition: attachment; filename="' . addslashes($att['original_name']) . '"');
|
|
header('Content-Length: ' . filesize($filePath));
|
|
readfile($filePath);
|
|
exit;
|