0&&!empty($_GET['msg'])&&is_numeric($_GET['msg'])&&$_GET['msg']>0&&$User->id>0){ $FID = $_GET['id']; $MID = $_GET['msg']; $F = @$db->fetch_assoc($db->query("SELECT * FROM $DB.files WHERE id='".$FID."'")); if($F['id']==$FID){ if($Msgs->IsMyAttach($User->id,$MID,$FID)==1){ header('HTTP/1.1 200 OK'); header('Date: ' . date("D M j G:i:s T Y")); header('Last-Modified: ' . date("D M j G:i:s T Y")); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Type: $F[type]");//application/octet-stream");//$F[type]");//echo $F['type']; header("Content-Length: ".$F['size']); header("Content-Disposition: attachment; filename=\"".$F['orginal_name']."\""); header("Content-Transfer-Encoding: Binary"); readfile($F['dir'].'/'.$F['filename']); }else echo "It isn't your file!"; }else{ echo "Some error"; }; }else{ echo "Some error!"; }; ?>