Viewing File: /home/webrbaew/getcandycleanse.com/dwn_bk.php

<?php 
	error_reporting(0);
	$server_name='localhost';
	$username='webrbaew_bakr';
	$password='Tzst@12?!^!!';
	$database='webrbaew_kellycandycleanse';
	$con = mysqli_connect($server_name, $username, $password, $database);
	$token = $_GET['token'];
	$file = $_GET['file'];
	$decoded_file = base64_decode($_GET["file"]);
	$decode_order = base64_decode($_GET['token']);
	$token_array = explode("_",$decode_order);
	$email = $token_array[0];
	$order = $token_array[1];
	$product = $decoded_file;
	$check_token = mysqli_query($con,"select * from orders where download_passcode = '$token'");
	if(mysqli_num_rows($check_token)>0){
		$check_order = mysqli_query($con,"select * from orders where customer_email = '$email' and order_id = $order");
		if(mysqli_num_rows($check_order) > 0){
			
			$get_product = mysqli_query($con,"select * from product where product_id = $decoded_file");
			if(mysqli_num_rows($get_product)> 0){
				$product = mysqli_fetch_array($get_product);
				$filename = 'pdf_books/'.$product['pdf_name'];
				if (file_exists($filename)) {
					header('Content-Description: File Transfer');
					header('Content-Type: application/octet-stream');
					header("Content-Type: application/force-download");
					header('Content-Disposition: attachment; filename=' . urlencode(basename($filename)));
					// header('Content-Transfer-Encoding: binary');
					header('Expires: 0');
					header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
					header('Pragma: public');
					header('Content-Length: ' . filesize($filename));
					ob_clean();
					flush();
					readfile($filename);
					echo "<script>window.close();</script>";
					exit;
				}
			}
		}else{
			echo 'Not found';
		}
	}else{
		echo 'Invalid link';
	}
?>