经测试代码如下:
/**
* 控制文件下载
*
* @param
* @arrange (编程之家) jb51.cc
**/
$filename = $_GET['filename'];
// Modify this line to indicate the location of the files you want people to be able to download
// This path must not contain a trailing slash. ie. /temp/files/download
$download_path = ficheros/;
// Make sure we can't download files above the current directory location.
if(eregi(\.\.,$filename)) die(I'm sorry,you may not download that file.);
$file = str_replace(..,,$filename);
// Make sure we can't download .ht control files.
if(eregi(\.ht.+,you may not download that file.);
// Combine the download path and the filename to create the full path to the file.
$file = $download_path$file;
// Test to ensure that the file exists.
if(!file_exists($file)) die(I'm sorry,the file doesn't seem to exist.);
// Extract the type of file which will be sent to the browser as a header
$type = filetype($file);
// Get a date and timestamp
$today = date(F j,Y,g:i a);
$time = time();
// Send file headers
header(Content-type: $type);
header(Content-disposition: attachment;filename=$filename);
header(Content-transfer-encoding: binary);
header('Pragma: no-cache');
header('Expires: 0');
// Send the file contents.
set_time_limit(0);
readfile($file);
?>