<?
// called from featured_scores.php and user_scores.php with these parameters:
// $file = score_filename	(file to download)
// $scoreid = score_id		(used to update the score_downloads field)
session_start();
include("constants.php");
include("db_fns.php");	// open db connection

// increase the download count by one
$query = "UPDATE scores SET score_downloads=score_downloads+1 WHERE score_id=$scoreid";
$result = mysql_query($query) or die("Invalid query");

$file=stripslashes($file);
// stream file to user
if (strstr($HTTP_USER_AGENT, "MSIE")) 
    $attachment = "";
else 
    $attachment = " attachment;";

// for some reason Netscape wont allow the 'suggested' filename to have spaces
// so they are replaced with hyphens and underscores (for consistancy, this is done for IE also)
// colin - grimy butthole.hsc   ---->  colin-grimy_butthole.hsc
$filenm = str_replace(" - ", "-", $file);
$filenm = str_replace(" ", "_", $filenm);

header("Content-Type: application/force-download");
header("Content-Disposition:$attachment filename=".$filenm."");
header("Content-Length: ".filesize(SCOREBINPATH.$file));
header("Content-Transfer-Encoding: binary");

// Don't allow a hacker to download any file from web 
// server.  Only allow current directory downloads:
if (strpos($file,'\\') !== false 
  or strpos($file,'/') !== false
  or strpos($file,':') !== false) die('Not current directory');
if (!readfile(SCOREBINPATH.$file)) echo "Error: Could not download file.";
?>